From 23c65bd29319abe90d1ba0bfa21ef2bb5d4e6844 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Jun 08 2018 19:20:11 +0000
Subject: Updating the translations for the 1.16.2 release


---

diff --git a/po/bg.po b/po/bg.po
index ae331a3..e914cf8 100644
--- a/po/bg.po
+++ b/po/bg.po
@@ -8,8 +8,8 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2018-03-09 12:31+0100\n"
-"PO-Revision-Date: 2014-12-14 11:44-0500\n"
+"POT-Creation-Date: 2018-06-08 21:01+0200\n"
+"PO-Revision-Date: 2014-12-14 11:44+0000\n"
 "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
 "Language-Team: Bulgarian (http://www.transifex.com/projects/p/sssd/language/"
 "bg/)\n"
@@ -18,7 +18,7 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
-"X-Generator: Zanata 3.9.6\n"
+"X-Generator: Zanata 4.4.5\n"
 
 #: src/config/SSSDConfig/__init__.py.in:43
 #: src/config/SSSDConfig/__init__.py.in:44
@@ -415,9 +415,8 @@ msgid "SELinux provider"
 msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:158
-#, fuzzy
 msgid "Session management provider"
-msgstr "Доставчик на смяна на парола"
+msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:161
 msgid "Whether the domain is usable by the OS or by applications"
@@ -547,9 +546,8 @@ msgid "How long can cached credentials be used for cached authentication"
 msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:198
-#, fuzzy
 msgid "Whether to automatically create private groups for users"
-msgstr "Дали автоматично да се обновява клиентския DNS запис във FreeIPA"
+msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:201
 msgid "IPA domain"
@@ -1469,6 +1467,14 @@ msgstr ""
 msgid "PAM stack to use"
 msgstr ""
 
+#: src/config/SSSDConfig/__init__.py.in:479
+msgid "Path of passwd file sources."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:480
+msgid "Path of group file sources."
+msgstr ""
+
 #: src/monitor/monitor.c:2449
 msgid "Become a daemon (default)"
 msgstr "Продължава като демон (по подразбиране)"
@@ -1497,23 +1503,23 @@ msgstr ""
 msgid "SSSD is already running\n"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:3216 src/providers/ldap/ldap_child.c:617
+#: src/providers/krb5/krb5_child.c:3216 src/providers/ldap/ldap_child.c:605
 msgid "Debug level"
 msgstr "Ниво на debug"
 
-#: src/providers/krb5/krb5_child.c:3218 src/providers/ldap/ldap_child.c:619
+#: src/providers/krb5/krb5_child.c:3218 src/providers/ldap/ldap_child.c:607
 msgid "Add debug timestamps"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:3220 src/providers/ldap/ldap_child.c:621
+#: src/providers/krb5/krb5_child.c:3220 src/providers/ldap/ldap_child.c:609
 msgid "Show timestamps with microseconds"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:3222 src/providers/ldap/ldap_child.c:623
+#: src/providers/krb5/krb5_child.c:3222 src/providers/ldap/ldap_child.c:611
 msgid "An open file descriptor for the debug logs"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:3225 src/providers/ldap/ldap_child.c:625
+#: src/providers/krb5/krb5_child.c:3225 src/providers/ldap/ldap_child.c:613
 msgid "Send the debug output to stderr directly."
 msgstr ""
 
@@ -1659,9 +1665,8 @@ msgid "Password: "
 msgstr "Парола:"
 
 #: src/sss_client/pam_sss.c:2201 src/sss_client/pam_sss.c:2204
-#, fuzzy
 msgid "First Factor (Current Password): "
-msgstr "Текуща парола:"
+msgstr ""
 
 #: src/sss_client/pam_sss.c:2208
 msgid "Current Password: "
@@ -2554,9 +2559,8 @@ msgid "Unable to archive log files\n"
 msgstr ""
 
 #: src/tools/sssctl/sssctl_logs.c:317
-#, fuzzy
 msgid "Specify debug level you want to set"
-msgstr "Нивото на debug записи при работа"
+msgstr ""
 
 #: src/tools/sssctl/sssctl_sifp.c:28
 msgid ""
diff --git a/po/ca.po b/po/ca.po
index d19bf0a..49db1d4 100644
--- a/po/ca.po
+++ b/po/ca.po
@@ -14,8 +14,8 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2018-03-09 12:31+0100\n"
-"PO-Revision-Date: 2017-10-15 03:02-0400\n"
+"POT-Creation-Date: 2018-06-08 21:01+0200\n"
+"PO-Revision-Date: 2017-10-15 03:02+0000\n"
 "Last-Translator: Robert Antoni Buj Gelonch <rbuj@fedoraproject.org>\n"
 "Language-Team: Catalan (http://www.transifex.com/projects/p/sssd/language/"
 "ca/)\n"
@@ -24,7 +24,7 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
-"X-Generator: Zanata 3.9.6\n"
+"X-Generator: Zanata 4.4.5\n"
 
 #: src/config/SSSDConfig/__init__.py.in:43
 #: src/config/SSSDConfig/__init__.py.in:44
@@ -360,11 +360,8 @@ msgid "The maximum number of secrets that can be stored"
 msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:132
-#, fuzzy
 msgid "The maximum number of secrets that can be stored per UID"
 msgstr ""
-"El nombre de descriptors de fitxers que poden estar oberts per aquest "
-"contestador"
 
 #: src/config/SSSDConfig/__init__.py.in:133
 msgid "The maximum payload size of a secret in kilobytes"
@@ -463,9 +460,8 @@ msgid "SELinux provider"
 msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:158
-#, fuzzy
 msgid "Session management provider"
-msgstr "Proveïdor de canvi de contrasenya"
+msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:161
 msgid "Whether the domain is usable by the OS or by applications"
@@ -606,9 +602,8 @@ msgid "How long can cached credentials be used for cached authentication"
 msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:198
-#, fuzzy
 msgid "Whether to automatically create private groups for users"
-msgstr "Si s'actualitza automàticament l'entrada DNS del client"
+msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:201
 msgid "IPA domain"
@@ -707,26 +702,20 @@ msgid "Objectclass for group override objects"
 msgstr "Objectclass per als objectes de substitució de grup"
 
 #: src/config/SSSDConfig/__init__.py.in:223
-#, fuzzy
 msgid "Search base for Desktop Profile related objects"
-msgstr "Base de cerca per als objectes relacionats amb HBAC"
+msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:224
-#, fuzzy
 msgid ""
 "The amount of time in seconds between lookups of the Desktop Profile rules "
 "against the IPA server"
 msgstr ""
-"Quantitat de temps en segons entre recerques de les assignacions SELinux "
-"contra el servidor IPA"
 
 #: src/config/SSSDConfig/__init__.py.in:225
-#, fuzzy
 msgid ""
 "The amount of time in minutes between lookups of Desktop Profiles rules "
 "against the IPA server when the last request did not find any rule"
 msgstr ""
-"Quantitat de temps entre recerques de les regles HBAC contra el servidor IPA"
 
 #: src/config/SSSDConfig/__init__.py.in:228
 msgid "Active Directory domain"
@@ -913,10 +902,8 @@ msgid "Enables enterprise principals"
 msgstr "Habilita els principals empresarials"
 
 #: src/config/SSSDConfig/__init__.py.in:272
-#, fuzzy
 msgid "A mapping from user names to Kerberos principal names"
 msgstr ""
-"Una assignació des dels noms dels usuaris als noms del principal de kerberos"
 
 #: src/config/SSSDConfig/__init__.py.in:275
 #: src/config/SSSDConfig/__init__.py.in:276
@@ -1206,9 +1193,8 @@ msgid "Attribute listing authorized server hosts"
 msgstr "L'atribut que llista els amfitrions dels servidors autoritzats"
 
 #: src/config/SSSDConfig/__init__.py.in:353
-#, fuzzy
 msgid "Attribute listing authorized server rhosts"
-msgstr "L'atribut que llista els amfitrions dels servidors autoritzats"
+msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:354
 msgid "krbLastPwdChange attribute"
@@ -1310,9 +1296,8 @@ msgid "The LDAP group external member attribute"
 msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:384
-#, fuzzy
 msgid "Maximum nesting level SSSD will follow"
-msgstr "Nivell màxim d'encadenament que seguirà l'SSSd"
+msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:386
 msgid "Base DN for netgroup lookups"
@@ -1600,6 +1585,14 @@ msgstr ""
 msgid "PAM stack to use"
 msgstr "Pila PAM a utilitzar"
 
+#: src/config/SSSDConfig/__init__.py.in:479
+msgid "Path of passwd file sources."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:480
+msgid "Path of group file sources."
+msgstr ""
+
 #: src/monitor/monitor.c:2449
 msgid "Become a daemon (default)"
 msgstr "Esdevé un dimoni (per defecte)"
@@ -1628,23 +1621,23 @@ msgstr "Imprimeix el número de versió i surt"
 msgid "SSSD is already running\n"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:3216 src/providers/ldap/ldap_child.c:617
+#: src/providers/krb5/krb5_child.c:3216 src/providers/ldap/ldap_child.c:605
 msgid "Debug level"
 msgstr "Nivell de depuració"
 
-#: src/providers/krb5/krb5_child.c:3218 src/providers/ldap/ldap_child.c:619
+#: src/providers/krb5/krb5_child.c:3218 src/providers/ldap/ldap_child.c:607
 msgid "Add debug timestamps"
 msgstr "Afegeix les marques temporals de depuració"
 
-#: src/providers/krb5/krb5_child.c:3220 src/providers/ldap/ldap_child.c:621
+#: src/providers/krb5/krb5_child.c:3220 src/providers/ldap/ldap_child.c:609
 msgid "Show timestamps with microseconds"
 msgstr "Mostra les marques temporals amb microsegons"
 
-#: src/providers/krb5/krb5_child.c:3222 src/providers/ldap/ldap_child.c:623
+#: src/providers/krb5/krb5_child.c:3222 src/providers/ldap/ldap_child.c:611
 msgid "An open file descriptor for the debug logs"
 msgstr "Un descriptor de fitxer obert pels registres de depuració"
 
-#: src/providers/krb5/krb5_child.c:3225 src/providers/ldap/ldap_child.c:625
+#: src/providers/krb5/krb5_child.c:3225 src/providers/ldap/ldap_child.c:613
 msgid "Send the debug output to stderr directly."
 msgstr "Envia directament la sortida de depuració al stderr."
 
@@ -1794,9 +1787,8 @@ msgid "Password: "
 msgstr "Contrasenya: "
 
 #: src/sss_client/pam_sss.c:2201 src/sss_client/pam_sss.c:2204
-#, fuzzy
 msgid "First Factor (Current Password): "
-msgstr "Contrasenya actual: "
+msgstr ""
 
 #: src/sss_client/pam_sss.c:2208
 msgid "Current Password: "
@@ -2727,9 +2719,8 @@ msgid "Unable to archive log files\n"
 msgstr ""
 
 #: src/tools/sssctl/sssctl_logs.c:317
-#, fuzzy
 msgid "Specify debug level you want to set"
-msgstr "Especifica el nivell de depuració que vulgueu establir\n"
+msgstr ""
 
 #: src/tools/sssctl/sssctl_sifp.c:28
 msgid ""
@@ -2969,6 +2960,3 @@ msgstr ""
 #: src/util/util.h:87
 msgid "Informs that the responder has been dbus-activated"
 msgstr ""
-
-#~ msgid "Only one argument expected\n"
-#~ msgstr "Tan sols s'esperava un argument\n"
diff --git a/po/cs.po b/po/cs.po
index 350a5d0..cfc2f74 100644
--- a/po/cs.po
+++ b/po/cs.po
@@ -3,15 +3,15 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2017-07-25 11:53+0200\n"
+"POT-Creation-Date: 2018-03-09 12:31+0100\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"PO-Revision-Date: 2017-09-11 08:51-0400\n"
+"PO-Revision-Date: 2017-09-11 08:51+0000\n"
 "Last-Translator: Zdenek <chmelarz@gmail.com>\n"
 "Language-Team: Czech\n"
 "Language: cs\n"
-"X-Generator: Zanata 3.9.6\n"
+"X-Generator: Zanata 4.4.5\n"
 "Plural-Forms: nplurals=3; plural=(n==1) ? 0 : (n>=2 && n<=4) ? 1 : 2\n"
 
 #: src/config/SSSDConfig/__init__.py.in:43
@@ -72,12 +72,12 @@ msgid "Timeout for messages sent over the SBUS"
 msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:60
-#: src/config/SSSDConfig/__init__.py.in:194
+#: src/config/SSSDConfig/__init__.py.in:197
 msgid "Regex to parse username and domain"
 msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:61
-#: src/config/SSSDConfig/__init__.py.in:193
+#: src/config/SSSDConfig/__init__.py.in:196
 msgid "Printf-compatible format for displaying fully-qualified names"
 msgstr ""
 
@@ -124,7 +124,7 @@ msgid "Entry cache background update timeout length (seconds)"
 msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:74
-#: src/config/SSSDConfig/__init__.py.in:112
+#: src/config/SSSDConfig/__init__.py.in:113
 msgid "Negative cache timeout length (seconds)"
 msgstr ""
 
@@ -207,7 +207,7 @@ msgid "What kind of messages are displayed to the user during authentication"
 msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:95
-msgid "Filter PAM responses send the pam_sss"
+msgid "Filter PAM responses sent to the pam_sss"
 msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:96
@@ -239,7 +239,7 @@ msgid "Allow certificate based/Smartcard authentication."
 msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:103
-msgid "Path to certificate databse with PKCS#11 modules."
+msgid "Path to certificate database with PKCS#11 modules."
 msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:104
@@ -258,1366 +258,1412 @@ msgstr ""
 msgid "If true, SSSD will switch back to lower-wins ordering logic"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:115
-msgid "Whether to hash host names and addresses in the known_hosts file"
+#: src/config/SSSDConfig/__init__.py.in:110
+msgid ""
+"Maximum number of rules that can be refreshed at once. If this is exceeded, "
+"full refresh is performed."
 msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:116
+msgid "Whether to hash host names and addresses in the known_hosts file"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:117
 msgid ""
 "How many seconds to keep a host in the known_hosts file after its host keys "
 "were requested"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:117
+#: src/config/SSSDConfig/__init__.py.in:118
 msgid "Path to storage of trusted CA certificates"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:120
+#: src/config/SSSDConfig/__init__.py.in:121
 msgid "List of UIDs or user names allowed to access the PAC responder"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:121
+#: src/config/SSSDConfig/__init__.py.in:122
 msgid "How long the PAC data is considered valid"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:124
+#: src/config/SSSDConfig/__init__.py.in:125
 msgid "List of UIDs or user names allowed to access the InfoPipe responder"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:125
+#: src/config/SSSDConfig/__init__.py.in:126
 msgid "List of user attributes the InfoPipe is allowed to publish"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:128
+#: src/config/SSSDConfig/__init__.py.in:129
 msgid "The provider where the secrets will be stored in"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:129
+#: src/config/SSSDConfig/__init__.py.in:130
 msgid "The maximum allowed number of nested containers"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:130
+#: src/config/SSSDConfig/__init__.py.in:131
 msgid "The maximum number of secrets that can be stored"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:131
-msgid "The maximum payload size of a secret in kilobytes"
+#: src/config/SSSDConfig/__init__.py.in:132
+msgid "The maximum number of secrets that can be stored per UID"
 msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:133
+msgid "The maximum payload size of a secret in kilobytes"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:135
 msgid "The URL Custodia server is listening on"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:134
+#: src/config/SSSDConfig/__init__.py.in:136
 msgid "The method to use when authenticating to a Custodia server"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:135
+#: src/config/SSSDConfig/__init__.py.in:137
 msgid ""
 "The name of the headers that will be added into a HTTP request with the "
 "value defined in auth_header_value"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:136
+#: src/config/SSSDConfig/__init__.py.in:138
 msgid "The value sssd-secrets would use for auth_header_name"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:137
+#: src/config/SSSDConfig/__init__.py.in:139
 msgid ""
 "The list of the headers to forward to the Custodia server together with the "
 "request"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:138
+#: src/config/SSSDConfig/__init__.py.in:140
 msgid ""
 "The username to use when authenticating to a Custodia server using "
 "basic_auth"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:139
+#: src/config/SSSDConfig/__init__.py.in:141
 msgid ""
 "The password to use when authenticating to a Custodia server using "
 "basic_auth"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:140
+#: src/config/SSSDConfig/__init__.py.in:142
 msgid ""
 "If true peer's certificate is verified if proxy_url uses https protocol"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:141
+#: src/config/SSSDConfig/__init__.py.in:143
 msgid ""
-"If false peer's certificate may contain different hostname then proxy_url "
+"If false peer's certificate may contain different hostname than proxy_url "
 "when https protocol is used"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:142
+#: src/config/SSSDConfig/__init__.py.in:144
 msgid "Path to directory where certificate authority certificates are stored"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:143
+#: src/config/SSSDConfig/__init__.py.in:145
 msgid "Path to file containing server's CA certificate"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:144
+#: src/config/SSSDConfig/__init__.py.in:146
 msgid "Path to file containing client's certificate"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:145
+#: src/config/SSSDConfig/__init__.py.in:147
 msgid "Path to file containing client's private key"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:148
+#: src/config/SSSDConfig/__init__.py.in:150
 msgid "Identity provider"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:149
+#: src/config/SSSDConfig/__init__.py.in:151
 msgid "Authentication provider"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:150
+#: src/config/SSSDConfig/__init__.py.in:152
 msgid "Access control provider"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:151
+#: src/config/SSSDConfig/__init__.py.in:153
 msgid "Password change provider"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:152
+#: src/config/SSSDConfig/__init__.py.in:154
 msgid "SUDO provider"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:153
+#: src/config/SSSDConfig/__init__.py.in:155
 msgid "Autofs provider"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:154
+#: src/config/SSSDConfig/__init__.py.in:156
 msgid "Host identity provider"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:155
+#: src/config/SSSDConfig/__init__.py.in:157
 msgid "SELinux provider"
 msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:158
+msgid "Session management provider"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:161
 msgid "Whether the domain is usable by the OS or by applications"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:159
+#: src/config/SSSDConfig/__init__.py.in:162
 msgid "Minimum user ID"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:160
+#: src/config/SSSDConfig/__init__.py.in:163
 msgid "Maximum user ID"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:161
+#: src/config/SSSDConfig/__init__.py.in:164
 msgid "Enable enumerating all users/groups"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:162
+#: src/config/SSSDConfig/__init__.py.in:165
 msgid "Cache credentials for offline login"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:163
+#: src/config/SSSDConfig/__init__.py.in:166
 msgid "Store password hashes"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:164
+#: src/config/SSSDConfig/__init__.py.in:167
 msgid "Display users/groups in fully-qualified form"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:165
+#: src/config/SSSDConfig/__init__.py.in:168
 msgid "Don't include group members in group lookups"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:166
-#: src/config/SSSDConfig/__init__.py.in:173
-#: src/config/SSSDConfig/__init__.py.in:174
-#: src/config/SSSDConfig/__init__.py.in:175
+#: src/config/SSSDConfig/__init__.py.in:169
 #: src/config/SSSDConfig/__init__.py.in:176
 #: src/config/SSSDConfig/__init__.py.in:177
 #: src/config/SSSDConfig/__init__.py.in:178
+#: src/config/SSSDConfig/__init__.py.in:179
+#: src/config/SSSDConfig/__init__.py.in:180
+#: src/config/SSSDConfig/__init__.py.in:181
 msgid "Entry cache timeout length (seconds)"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:167
+#: src/config/SSSDConfig/__init__.py.in:170
 msgid ""
 "Restrict or prefer a specific address family when performing DNS lookups"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:168
+#: src/config/SSSDConfig/__init__.py.in:171
 msgid "How long to keep cached entries after last successful login (days)"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:169
+#: src/config/SSSDConfig/__init__.py.in:172
 msgid "How long to wait for replies from DNS when resolving servers (seconds)"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:170
+#: src/config/SSSDConfig/__init__.py.in:173
 msgid "The domain part of service discovery DNS query"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:171
+#: src/config/SSSDConfig/__init__.py.in:174
 msgid "Override GID value from the identity provider with this value"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:172
+#: src/config/SSSDConfig/__init__.py.in:175
 msgid "Treat usernames as case sensitive"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:179
+#: src/config/SSSDConfig/__init__.py.in:182
 msgid "How often should expired entries be refreshed in background"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:180
+#: src/config/SSSDConfig/__init__.py.in:183
 msgid "Whether to automatically update the client's DNS entry"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:181
-#: src/config/SSSDConfig/__init__.py.in:202
+#: src/config/SSSDConfig/__init__.py.in:184
+#: src/config/SSSDConfig/__init__.py.in:206
 msgid "The TTL to apply to the client's DNS entry after updating it"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:182
-#: src/config/SSSDConfig/__init__.py.in:203
+#: src/config/SSSDConfig/__init__.py.in:185
+#: src/config/SSSDConfig/__init__.py.in:207
 msgid "The interface whose IP should be used for dynamic DNS updates"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:183
+#: src/config/SSSDConfig/__init__.py.in:186
 msgid "How often to periodically update the client's DNS entry"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:184
+#: src/config/SSSDConfig/__init__.py.in:187
 msgid "Whether the provider should explicitly update the PTR record as well"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:185
+#: src/config/SSSDConfig/__init__.py.in:188
 msgid "Whether the nsupdate utility should default to using TCP"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:186
+#: src/config/SSSDConfig/__init__.py.in:189
 msgid "What kind of authentication should be used to perform the DNS update"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:187
+#: src/config/SSSDConfig/__init__.py.in:190
 msgid "Override the DNS server used to perform the DNS update"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:188
+#: src/config/SSSDConfig/__init__.py.in:191
 msgid "Control enumeration of trusted domains"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:189
+#: src/config/SSSDConfig/__init__.py.in:192
 msgid "How often should subdomains list be refreshed"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:190
+#: src/config/SSSDConfig/__init__.py.in:193
 msgid "List of options that should be inherited into a subdomain"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:191
+#: src/config/SSSDConfig/__init__.py.in:194
 msgid "Default subdomain homedir value"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:192
+#: src/config/SSSDConfig/__init__.py.in:195
 msgid "How long can cached credentials be used for cached authentication"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:197
+#: src/config/SSSDConfig/__init__.py.in:198
+msgid "Whether to automatically create private groups for users"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:201
 msgid "IPA domain"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:198
+#: src/config/SSSDConfig/__init__.py.in:202
 msgid "IPA server address"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:199
+#: src/config/SSSDConfig/__init__.py.in:203
 msgid "Address of backup IPA server"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:200
+#: src/config/SSSDConfig/__init__.py.in:204
 msgid "IPA client hostname"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:201
+#: src/config/SSSDConfig/__init__.py.in:205
 msgid "Whether to automatically update the client's DNS entry in FreeIPA"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:204
+#: src/config/SSSDConfig/__init__.py.in:208
 msgid "Search base for HBAC related objects"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:205
+#: src/config/SSSDConfig/__init__.py.in:209
 msgid ""
 "The amount of time between lookups of the HBAC rules against the IPA server"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:206
+#: src/config/SSSDConfig/__init__.py.in:210
 msgid ""
 "The amount of time in seconds between lookups of the SELinux maps against "
 "the IPA server"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:207
+#: src/config/SSSDConfig/__init__.py.in:211
 msgid "If set to false, host argument given by PAM will be ignored"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:208
+#: src/config/SSSDConfig/__init__.py.in:212
 msgid "The automounter location this IPA client is using"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:209
+#: src/config/SSSDConfig/__init__.py.in:213
 msgid "Search base for object containing info about IPA domain"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:210
+#: src/config/SSSDConfig/__init__.py.in:214
 msgid "Search base for objects containing info about ID ranges"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:211
-#: src/config/SSSDConfig/__init__.py.in:226
+#: src/config/SSSDConfig/__init__.py.in:215
+#: src/config/SSSDConfig/__init__.py.in:233
 msgid "Enable DNS sites - location based service discovery"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:212
+#: src/config/SSSDConfig/__init__.py.in:216
 msgid "Search base for view containers"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:213
+#: src/config/SSSDConfig/__init__.py.in:217
 msgid "Objectclass for view containers"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:214
+#: src/config/SSSDConfig/__init__.py.in:218
 msgid "Attribute with the name of the view"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:215
+#: src/config/SSSDConfig/__init__.py.in:219
 msgid "Objectclass for override objects"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:216
+#: src/config/SSSDConfig/__init__.py.in:220
 msgid "Attribute with the reference to the original object"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:217
+#: src/config/SSSDConfig/__init__.py.in:221
 msgid "Objectclass for user override objects"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:218
+#: src/config/SSSDConfig/__init__.py.in:222
 msgid "Objectclass for group override objects"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:221
+#: src/config/SSSDConfig/__init__.py.in:223
+msgid "Search base for Desktop Profile related objects"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:224
+msgid ""
+"The amount of time in seconds between lookups of the Desktop Profile rules "
+"against the IPA server"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:225
+msgid ""
+"The amount of time in minutes between lookups of Desktop Profiles rules "
+"against the IPA server when the last request did not find any rule"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:228
 msgid "Active Directory domain"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:222
+#: src/config/SSSDConfig/__init__.py.in:229
 msgid "Enabled Active Directory domains"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:223
+#: src/config/SSSDConfig/__init__.py.in:230
 msgid "Active Directory server address"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:224
+#: src/config/SSSDConfig/__init__.py.in:231
 msgid "Active Directory backup server address"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:225
+#: src/config/SSSDConfig/__init__.py.in:232
 msgid "Active Directory client hostname"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:227
-#: src/config/SSSDConfig/__init__.py.in:412
+#: src/config/SSSDConfig/__init__.py.in:234
+#: src/config/SSSDConfig/__init__.py.in:420
 msgid "LDAP filter to determine access privileges"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:228
+#: src/config/SSSDConfig/__init__.py.in:235
 msgid "Whether to use the Global Catalog for lookups"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:229
+#: src/config/SSSDConfig/__init__.py.in:236
 msgid "Operation mode for GPO-based access control"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:230
+#: src/config/SSSDConfig/__init__.py.in:237
 msgid ""
 "The amount of time between lookups of the GPO policy files against the AD "
 "server"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:231
+#: src/config/SSSDConfig/__init__.py.in:238
 msgid ""
 "PAM service names that map to the GPO (Deny)InteractiveLogonRight policy "
 "settings"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:232
+#: src/config/SSSDConfig/__init__.py.in:239
 msgid ""
 "PAM service names that map to the GPO (Deny)RemoteInteractiveLogonRight "
 "policy settings"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:233
+#: src/config/SSSDConfig/__init__.py.in:240
 msgid ""
 "PAM service names that map to the GPO (Deny)NetworkLogonRight policy "
 "settings"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:234
+#: src/config/SSSDConfig/__init__.py.in:241
 msgid ""
 "PAM service names that map to the GPO (Deny)BatchLogonRight policy settings"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:235
+#: src/config/SSSDConfig/__init__.py.in:242
 msgid ""
 "PAM service names that map to the GPO (Deny)ServiceLogonRight policy "
 "settings"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:236
+#: src/config/SSSDConfig/__init__.py.in:243
 msgid "PAM service names for which GPO-based access is always granted"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:237
+#: src/config/SSSDConfig/__init__.py.in:244
 msgid "PAM service names for which GPO-based access is always denied"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:238
+#: src/config/SSSDConfig/__init__.py.in:245
 msgid ""
 "Default logon right (or permit/deny) to use for unmapped PAM service names"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:239
+#: src/config/SSSDConfig/__init__.py.in:246
 msgid "a particular site to be used by the client"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:240
+#: src/config/SSSDConfig/__init__.py.in:247
 msgid ""
 "Maximum age in days before the machine account password should be renewed"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:241
-msgid "Option for tuing the machine account renewal task"
+#: src/config/SSSDConfig/__init__.py.in:248
+msgid "Option for tuning the machine account renewal task"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:244
-#: src/config/SSSDConfig/__init__.py.in:245
+#: src/config/SSSDConfig/__init__.py.in:251
+#: src/config/SSSDConfig/__init__.py.in:252
 msgid "Kerberos server address"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:246
+#: src/config/SSSDConfig/__init__.py.in:253
 msgid "Kerberos backup server address"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:247
+#: src/config/SSSDConfig/__init__.py.in:254
 msgid "Kerberos realm"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:248
+#: src/config/SSSDConfig/__init__.py.in:255
 msgid "Authentication timeout"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:249
+#: src/config/SSSDConfig/__init__.py.in:256
 msgid "Whether to create kdcinfo files"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:250
+#: src/config/SSSDConfig/__init__.py.in:257
 msgid "Where to drop krb5 config snippets"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:253
+#: src/config/SSSDConfig/__init__.py.in:260
 msgid "Directory to store credential caches"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:254
+#: src/config/SSSDConfig/__init__.py.in:261
 msgid "Location of the user's credential cache"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:255
+#: src/config/SSSDConfig/__init__.py.in:262
 msgid "Location of the keytab to validate credentials"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:256
+#: src/config/SSSDConfig/__init__.py.in:263
 msgid "Enable credential validation"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:257
+#: src/config/SSSDConfig/__init__.py.in:264
 msgid "Store password if offline for later online authentication"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:258
+#: src/config/SSSDConfig/__init__.py.in:265
 msgid "Renewable lifetime of the TGT"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:259
+#: src/config/SSSDConfig/__init__.py.in:266
 msgid "Lifetime of the TGT"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:260
+#: src/config/SSSDConfig/__init__.py.in:267
 msgid "Time between two checks for renewal"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:261
+#: src/config/SSSDConfig/__init__.py.in:268
 msgid "Enables FAST"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:262
+#: src/config/SSSDConfig/__init__.py.in:269
 msgid "Selects the principal to use for FAST"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:263
+#: src/config/SSSDConfig/__init__.py.in:270
 msgid "Enables principal canonicalization"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:264
+#: src/config/SSSDConfig/__init__.py.in:271
 msgid "Enables enterprise principals"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:265
-msgid "A mapping from user names to kerberos principal names"
+#: src/config/SSSDConfig/__init__.py.in:272
+msgid "A mapping from user names to Kerberos principal names"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:268
-#: src/config/SSSDConfig/__init__.py.in:269
+#: src/config/SSSDConfig/__init__.py.in:275
+#: src/config/SSSDConfig/__init__.py.in:276
 msgid "Server where the change password service is running if not on the KDC"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:272
+#: src/config/SSSDConfig/__init__.py.in:279
 msgid "ldap_uri, The URI of the LDAP server"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:273
+#: src/config/SSSDConfig/__init__.py.in:280
 msgid "ldap_backup_uri, The URI of the LDAP server"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:274
+#: src/config/SSSDConfig/__init__.py.in:281
 msgid "The default base DN"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:275
+#: src/config/SSSDConfig/__init__.py.in:282
 msgid "The Schema Type in use on the LDAP server, rfc2307"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:276
+#: src/config/SSSDConfig/__init__.py.in:283
 msgid "The default bind DN"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:277
+#: src/config/SSSDConfig/__init__.py.in:284
 msgid "The type of the authentication token of the default bind DN"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:278
+#: src/config/SSSDConfig/__init__.py.in:285
 msgid "The authentication token of the default bind DN"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:279
+#: src/config/SSSDConfig/__init__.py.in:286
 msgid "Length of time to attempt connection"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:280
+#: src/config/SSSDConfig/__init__.py.in:287
 msgid "Length of time to attempt synchronous LDAP operations"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:281
+#: src/config/SSSDConfig/__init__.py.in:288
 msgid "Length of time between attempts to reconnect while offline"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:282
+#: src/config/SSSDConfig/__init__.py.in:289
 msgid "Use only the upper case for realm names"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:283
+#: src/config/SSSDConfig/__init__.py.in:290
 msgid "File that contains CA certificates"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:284
+#: src/config/SSSDConfig/__init__.py.in:291
 msgid "Path to CA certificate directory"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:285
+#: src/config/SSSDConfig/__init__.py.in:292
 msgid "File that contains the client certificate"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:286
+#: src/config/SSSDConfig/__init__.py.in:293
 msgid "File that contains the client key"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:287
+#: src/config/SSSDConfig/__init__.py.in:294
 msgid "List of possible ciphers suites"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:288
+#: src/config/SSSDConfig/__init__.py.in:295
 msgid "Require TLS certificate verification"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:289
+#: src/config/SSSDConfig/__init__.py.in:296
 msgid "Specify the sasl mechanism to use"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:290
+#: src/config/SSSDConfig/__init__.py.in:297
 msgid "Specify the sasl authorization id to use"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:291
+#: src/config/SSSDConfig/__init__.py.in:298
 msgid "Specify the sasl authorization realm to use"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:292
+#: src/config/SSSDConfig/__init__.py.in:299
 msgid "Specify the minimal SSF for LDAP sasl authorization"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:293
+#: src/config/SSSDConfig/__init__.py.in:300
 msgid "Kerberos service keytab"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:294
+#: src/config/SSSDConfig/__init__.py.in:301
 msgid "Use Kerberos auth for LDAP connection"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:295
+#: src/config/SSSDConfig/__init__.py.in:302
 msgid "Follow LDAP referrals"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:296
+#: src/config/SSSDConfig/__init__.py.in:303
 msgid "Lifetime of TGT for LDAP connection"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:297
+#: src/config/SSSDConfig/__init__.py.in:304
 msgid "How to dereference aliases"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:298
+#: src/config/SSSDConfig/__init__.py.in:305
 msgid "Service name for DNS service lookups"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:299
+#: src/config/SSSDConfig/__init__.py.in:306
 msgid "The number of records to retrieve in a single LDAP query"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:300
+#: src/config/SSSDConfig/__init__.py.in:307
 msgid "The number of members that must be missing to trigger a full deref"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:301
+#: src/config/SSSDConfig/__init__.py.in:308
 msgid ""
 "Whether the LDAP library should perform a reverse lookup to canonicalize the "
 "host name during a SASL bind"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:303
+#: src/config/SSSDConfig/__init__.py.in:310
 msgid "entryUSN attribute"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:304
+#: src/config/SSSDConfig/__init__.py.in:311
 msgid "lastUSN attribute"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:306
+#: src/config/SSSDConfig/__init__.py.in:313
 msgid ""
 "How long to retain a connection to the LDAP server before disconnecting"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:308
+#: src/config/SSSDConfig/__init__.py.in:315
 msgid "Disable the LDAP paging control"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:309
+#: src/config/SSSDConfig/__init__.py.in:316
 msgid "Disable Active Directory range retrieval"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:312
+#: src/config/SSSDConfig/__init__.py.in:319
 msgid "Length of time to wait for a search request"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:313
+#: src/config/SSSDConfig/__init__.py.in:320
 msgid "Length of time to wait for a enumeration request"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:314
+#: src/config/SSSDConfig/__init__.py.in:321
 msgid "Length of time between enumeration updates"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:315
+#: src/config/SSSDConfig/__init__.py.in:322
 msgid "Length of time between cache cleanups"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:316
+#: src/config/SSSDConfig/__init__.py.in:323
 msgid "Require TLS for ID lookups"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:317
+#: src/config/SSSDConfig/__init__.py.in:324
 msgid "Use ID-mapping of objectSID instead of pre-set IDs"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:318
+#: src/config/SSSDConfig/__init__.py.in:325
 msgid "Base DN for user lookups"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:319
+#: src/config/SSSDConfig/__init__.py.in:326
 msgid "Scope of user lookups"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:320
+#: src/config/SSSDConfig/__init__.py.in:327
 msgid "Filter for user lookups"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:321
+#: src/config/SSSDConfig/__init__.py.in:328
 msgid "Objectclass for users"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:322
+#: src/config/SSSDConfig/__init__.py.in:329
 msgid "Username attribute"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:324
+#: src/config/SSSDConfig/__init__.py.in:331
 msgid "UID attribute"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:325
+#: src/config/SSSDConfig/__init__.py.in:332
 msgid "Primary GID attribute"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:326
+#: src/config/SSSDConfig/__init__.py.in:333
 msgid "GECOS attribute"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:327
+#: src/config/SSSDConfig/__init__.py.in:334
 msgid "Home directory attribute"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:328
+#: src/config/SSSDConfig/__init__.py.in:335
 msgid "Shell attribute"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:329
+#: src/config/SSSDConfig/__init__.py.in:336
 msgid "UUID attribute"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:330
-#: src/config/SSSDConfig/__init__.py.in:371
+#: src/config/SSSDConfig/__init__.py.in:337
+#: src/config/SSSDConfig/__init__.py.in:379
 msgid "objectSID attribute"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:331
+#: src/config/SSSDConfig/__init__.py.in:338
 msgid "Active Directory primary group attribute for ID-mapping"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:332
+#: src/config/SSSDConfig/__init__.py.in:339
 msgid "User principal attribute (for Kerberos)"
 msgstr ""
 
 # auto translated by TM merge from project: Cockpit, version: rhel-7.4, DocId: cockpit
-#: src/config/SSSDConfig/__init__.py.in:333
+#: src/config/SSSDConfig/__init__.py.in:340
 msgid "Full Name"
 msgstr "Celé jméno"
 
-#: src/config/SSSDConfig/__init__.py.in:334
+#: src/config/SSSDConfig/__init__.py.in:341
 msgid "memberOf attribute"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:335
+#: src/config/SSSDConfig/__init__.py.in:342
 msgid "Modification time attribute"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:337
+#: src/config/SSSDConfig/__init__.py.in:344
 msgid "shadowLastChange attribute"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:338
+#: src/config/SSSDConfig/__init__.py.in:345
 msgid "shadowMin attribute"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:339
+#: src/config/SSSDConfig/__init__.py.in:346
 msgid "shadowMax attribute"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:340
+#: src/config/SSSDConfig/__init__.py.in:347
 msgid "shadowWarning attribute"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:341
+#: src/config/SSSDConfig/__init__.py.in:348
 msgid "shadowInactive attribute"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:342
+#: src/config/SSSDConfig/__init__.py.in:349
 msgid "shadowExpire attribute"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:343
+#: src/config/SSSDConfig/__init__.py.in:350
 msgid "shadowFlag attribute"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:344
+#: src/config/SSSDConfig/__init__.py.in:351
 msgid "Attribute listing authorized PAM services"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:345
+#: src/config/SSSDConfig/__init__.py.in:352
 msgid "Attribute listing authorized server hosts"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:346
+#: src/config/SSSDConfig/__init__.py.in:353
+msgid "Attribute listing authorized server rhosts"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:354
 msgid "krbLastPwdChange attribute"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:347
+#: src/config/SSSDConfig/__init__.py.in:355
 msgid "krbPasswordExpiration attribute"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:348
+#: src/config/SSSDConfig/__init__.py.in:356
 msgid "Attribute indicating that server side password policies are active"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:349
+#: src/config/SSSDConfig/__init__.py.in:357
 msgid "accountExpires attribute of AD"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:350
+#: src/config/SSSDConfig/__init__.py.in:358
 msgid "userAccountControl attribute of AD"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:351
+#: src/config/SSSDConfig/__init__.py.in:359
 msgid "nsAccountLock attribute"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:352
+#: src/config/SSSDConfig/__init__.py.in:360
 msgid "loginDisabled attribute of NDS"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:353
+#: src/config/SSSDConfig/__init__.py.in:361
 msgid "loginExpirationTime attribute of NDS"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:354
+#: src/config/SSSDConfig/__init__.py.in:362
 msgid "loginAllowedTimeMap attribute of NDS"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:355
+#: src/config/SSSDConfig/__init__.py.in:363
 msgid "SSH public key attribute"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:356
+#: src/config/SSSDConfig/__init__.py.in:364
 msgid "attribute listing allowed authentication types for a user"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:357
+#: src/config/SSSDConfig/__init__.py.in:365
 msgid "attribute containing the X509 certificate of the user"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:358
+#: src/config/SSSDConfig/__init__.py.in:366
 msgid "attribute containing the email address of the user"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:360
+#: src/config/SSSDConfig/__init__.py.in:368
 msgid "A list of extra attributes to download along with the user entry"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:362
+#: src/config/SSSDConfig/__init__.py.in:370
 msgid "Base DN for group lookups"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:365
+#: src/config/SSSDConfig/__init__.py.in:373
 msgid "Objectclass for groups"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:366
+#: src/config/SSSDConfig/__init__.py.in:374
 msgid "Group name"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:367
+#: src/config/SSSDConfig/__init__.py.in:375
 msgid "Group password"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:368
+#: src/config/SSSDConfig/__init__.py.in:376
 msgid "GID attribute"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:369
+#: src/config/SSSDConfig/__init__.py.in:377
 msgid "Group member attribute"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:370
+#: src/config/SSSDConfig/__init__.py.in:378
 msgid "Group UUID attribute"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:372
+#: src/config/SSSDConfig/__init__.py.in:380
 msgid "Modification time attribute for groups"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:373
+#: src/config/SSSDConfig/__init__.py.in:381
 msgid "Type of the group and other flags"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:374
+#: src/config/SSSDConfig/__init__.py.in:382
 msgid "The LDAP group external member attribute"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:376
-msgid "Maximum nesting level SSSd will follow"
+#: src/config/SSSDConfig/__init__.py.in:384
+msgid "Maximum nesting level SSSD will follow"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:378
+#: src/config/SSSDConfig/__init__.py.in:386
 msgid "Base DN for netgroup lookups"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:379
+#: src/config/SSSDConfig/__init__.py.in:387
 msgid "Objectclass for netgroups"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:380
+#: src/config/SSSDConfig/__init__.py.in:388
 msgid "Netgroup name"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:381
+#: src/config/SSSDConfig/__init__.py.in:389
 msgid "Netgroups members attribute"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:382
+#: src/config/SSSDConfig/__init__.py.in:390
 msgid "Netgroup triple attribute"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:383
+#: src/config/SSSDConfig/__init__.py.in:391
 msgid "Modification time attribute for netgroups"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:385
+#: src/config/SSSDConfig/__init__.py.in:393
 msgid "Base DN for service lookups"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:386
+#: src/config/SSSDConfig/__init__.py.in:394
 msgid "Objectclass for services"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:387
+#: src/config/SSSDConfig/__init__.py.in:395
 msgid "Service name attribute"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:388
+#: src/config/SSSDConfig/__init__.py.in:396
 msgid "Service port attribute"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:389
+#: src/config/SSSDConfig/__init__.py.in:397
 msgid "Service protocol attribute"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:392
+#: src/config/SSSDConfig/__init__.py.in:400
 msgid "Lower bound for ID-mapping"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:393
+#: src/config/SSSDConfig/__init__.py.in:401
 msgid "Upper bound for ID-mapping"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:394
+#: src/config/SSSDConfig/__init__.py.in:402
 msgid "Number of IDs for each slice when ID-mapping"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:395
+#: src/config/SSSDConfig/__init__.py.in:403
 msgid "Use autorid-compatible algorithm for ID-mapping"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:396
+#: src/config/SSSDConfig/__init__.py.in:404
 msgid "Name of the default domain for ID-mapping"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:397
+#: src/config/SSSDConfig/__init__.py.in:405
 msgid "SID of the default domain for ID-mapping"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:398
+#: src/config/SSSDConfig/__init__.py.in:406
 msgid "Number of secondary slices"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:400
+#: src/config/SSSDConfig/__init__.py.in:408
 msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for group lookups"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:401
+#: src/config/SSSDConfig/__init__.py.in:409
 msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookups"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:402
+#: src/config/SSSDConfig/__init__.py.in:410
 msgid "Whether to use Token-Groups"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:403
+#: src/config/SSSDConfig/__init__.py.in:411
 msgid "Set lower boundary for allowed IDs from the LDAP server"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:404
+#: src/config/SSSDConfig/__init__.py.in:412
 msgid "Set upper boundary for allowed IDs from the LDAP server"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:405
+#: src/config/SSSDConfig/__init__.py.in:413
 msgid "DN for ppolicy queries"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:406
+#: src/config/SSSDConfig/__init__.py.in:414
 msgid "How many maximum entries to fetch during a wildcard request"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:409
+#: src/config/SSSDConfig/__init__.py.in:417
 msgid "Policy to evaluate the password expiration"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:413
+#: src/config/SSSDConfig/__init__.py.in:421
 msgid "Which attributes shall be used to evaluate if an account is expired"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:414
+#: src/config/SSSDConfig/__init__.py.in:422
 msgid "Which rules should be used to evaluate access control"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:417
+#: src/config/SSSDConfig/__init__.py.in:425
 msgid "URI of an LDAP server where password changes are allowed"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:418
+#: src/config/SSSDConfig/__init__.py.in:426
 msgid "URI of a backup LDAP server where password changes are allowed"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:419
+#: src/config/SSSDConfig/__init__.py.in:427
 msgid "DNS service name for LDAP password change server"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:420
+#: src/config/SSSDConfig/__init__.py.in:428
 msgid ""
 "Whether to update the ldap_user_shadow_last_change attribute after a "
 "password change"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:423
+#: src/config/SSSDConfig/__init__.py.in:431
 msgid "Base DN for sudo rules lookups"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:424
+#: src/config/SSSDConfig/__init__.py.in:432
 msgid "Automatic full refresh period"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:425
+#: src/config/SSSDConfig/__init__.py.in:433
 msgid "Automatic smart refresh period"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:426
+#: src/config/SSSDConfig/__init__.py.in:434
 msgid "Whether to filter rules by hostname, IP addresses and network"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:427
+#: src/config/SSSDConfig/__init__.py.in:435
 msgid ""
 "Hostnames and/or fully qualified domain names of this machine to filter sudo "
 "rules"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:428
+#: src/config/SSSDConfig/__init__.py.in:436
 msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:429
+#: src/config/SSSDConfig/__init__.py.in:437
 msgid "Whether to include rules that contains netgroup in host attribute"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:430
+#: src/config/SSSDConfig/__init__.py.in:438
 msgid ""
 "Whether to include rules that contains regular expression in host attribute"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:431
+#: src/config/SSSDConfig/__init__.py.in:439
 msgid "Object class for sudo rules"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:432
+#: src/config/SSSDConfig/__init__.py.in:440
 msgid "Sudo rule name"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:433
+#: src/config/SSSDConfig/__init__.py.in:441
 msgid "Sudo rule command attribute"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:434
+#: src/config/SSSDConfig/__init__.py.in:442
 msgid "Sudo rule host attribute"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:435
+#: src/config/SSSDConfig/__init__.py.in:443
 msgid "Sudo rule user attribute"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:436
+#: src/config/SSSDConfig/__init__.py.in:444
 msgid "Sudo rule option attribute"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:437
+#: src/config/SSSDConfig/__init__.py.in:445
 msgid "Sudo rule runas attribute"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:438
+#: src/config/SSSDConfig/__init__.py.in:446
 msgid "Sudo rule runasuser attribute"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:439
+#: src/config/SSSDConfig/__init__.py.in:447
 msgid "Sudo rule runasgroup attribute"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:440
+#: src/config/SSSDConfig/__init__.py.in:448
 msgid "Sudo rule notbefore attribute"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:441
+#: src/config/SSSDConfig/__init__.py.in:449
 msgid "Sudo rule notafter attribute"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:442
+#: src/config/SSSDConfig/__init__.py.in:450
 msgid "Sudo rule order attribute"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:445
+#: src/config/SSSDConfig/__init__.py.in:453
 msgid "Object class for automounter maps"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:446
+#: src/config/SSSDConfig/__init__.py.in:454
 msgid "Automounter map name attribute"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:447
+#: src/config/SSSDConfig/__init__.py.in:455
 msgid "Object class for automounter map entries"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:448
+#: src/config/SSSDConfig/__init__.py.in:456
 msgid "Automounter map entry key attribute"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:449
+#: src/config/SSSDConfig/__init__.py.in:457
 msgid "Automounter map entry value attribute"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:450
+#: src/config/SSSDConfig/__init__.py.in:458
 msgid "Base DN for automounter map lookups"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:453
+#: src/config/SSSDConfig/__init__.py.in:461
 msgid "Comma separated list of allowed users"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:454
+#: src/config/SSSDConfig/__init__.py.in:462
 msgid "Comma separated list of prohibited users"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:457
+#: src/config/SSSDConfig/__init__.py.in:465
 msgid "Default shell, /bin/bash"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:458
+#: src/config/SSSDConfig/__init__.py.in:466
 msgid "Base for home directories"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:461
+#: src/config/SSSDConfig/__init__.py.in:469
 msgid "The number of preforked proxy children."
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:464
+#: src/config/SSSDConfig/__init__.py.in:472
 msgid "The name of the NSS library to use"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:465
+#: src/config/SSSDConfig/__init__.py.in:473
 msgid "Whether to look up canonical group name from cache if possible"
 msgstr ""
 
-#: src/config/SSSDConfig/__init__.py.in:468
+#: src/config/SSSDConfig/__init__.py.in:476
 msgid "PAM stack to use"
 msgstr ""
 
-#: src/monitor/monitor.c:2469
+#: src/monitor/monitor.c:2449
 msgid "Become a daemon (default)"
 msgstr ""
 
-#: src/monitor/monitor.c:2471
+#: src/monitor/monitor.c:2451
 msgid "Run interactive (not a daemon)"
 msgstr ""
 
-#: src/monitor/monitor.c:2474
+#: src/monitor/monitor.c:2454
 msgid "Disable netlink interface"
 msgstr ""
 
-#: src/monitor/monitor.c:2476 src/tools/sss_debuglevel.c:72
+#: src/monitor/monitor.c:2456 src/tools/sssctl/sssctl_logs.c:311
 msgid "Specify a non-default config file"
 msgstr ""
 
-#: src/monitor/monitor.c:2478
+#: src/monitor/monitor.c:2458
 msgid "Refresh the configuration database, then exit"
 msgstr ""
 
-#: src/monitor/monitor.c:2481
+#: src/monitor/monitor.c:2461
 msgid "Print version number and exit"
 msgstr ""
 
-#: src/monitor/monitor.c:2645
+#: src/monitor/monitor.c:2627
 msgid "SSSD is already running\n"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:3032 src/providers/ldap/ldap_child.c:624
+#: src/providers/krb5/krb5_child.c:3216 src/providers/ldap/ldap_child.c:617
 msgid "Debug level"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:3034 src/providers/ldap/ldap_child.c:626
+#: src/providers/krb5/krb5_child.c:3218 src/providers/ldap/ldap_child.c:619
 msgid "Add debug timestamps"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:3036 src/providers/ldap/ldap_child.c:628
+#: src/providers/krb5/krb5_child.c:3220 src/providers/ldap/ldap_child.c:621
 msgid "Show timestamps with microseconds"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:3038 src/providers/ldap/ldap_child.c:630
+#: src/providers/krb5/krb5_child.c:3222 src/providers/ldap/ldap_child.c:623
 msgid "An open file descriptor for the debug logs"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:3041 src/providers/ldap/ldap_child.c:632
+#: src/providers/krb5/krb5_child.c:3225 src/providers/ldap/ldap_child.c:625
 msgid "Send the debug output to stderr directly."
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:3043
+#: src/providers/krb5/krb5_child.c:3228
 msgid "The user to create FAST ccache as"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:3045
+#: src/providers/krb5/krb5_child.c:3230
 msgid "The group to create FAST ccache as"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:3047
+#: src/providers/krb5/krb5_child.c:3232
 msgid "Kerberos realm to use"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:3049
+#: src/providers/krb5/krb5_child.c:3234
 msgid "Requested lifetime of the ticket"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:3051
+#: src/providers/krb5/krb5_child.c:3236
 msgid "Requested renewable lifetime of the ticket"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:3053
+#: src/providers/krb5/krb5_child.c:3238
 msgid "FAST options ('never', 'try', 'demand')"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:3056
+#: src/providers/krb5/krb5_child.c:3241
 msgid "Specifies the server principal to use for FAST"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:3058
+#: src/providers/krb5/krb5_child.c:3243
 msgid "Requests canonicalization of the principal name"
 msgstr ""
 
-#: src/providers/data_provider_be.c:507
+#: src/providers/krb5/krb5_child.c:3245
+msgid "Use custom version of krb5_get_init_creds_password"
+msgstr ""
+
+#: src/providers/data_provider_be.c:555
 msgid "Domain of the information provider (mandatory)"
 msgstr ""
 
-#: src/sss_client/common.c:1015
+#: src/sss_client/common.c:1066
 msgid "Privileged socket has wrong ownership or permissions."
 msgstr ""
 
-#: src/sss_client/common.c:1018
+#: src/sss_client/common.c:1069
 msgid "Public socket has wrong ownership or permissions."
 msgstr ""
 
-#: src/sss_client/common.c:1021
+#: src/sss_client/common.c:1072
 msgid "Unexpected format of the server credential message."
 msgstr ""
 
-#: src/sss_client/common.c:1024
+#: src/sss_client/common.c:1075
 msgid "SSSD is not run by root."
 msgstr ""
 
-#: src/sss_client/common.c:1029
+#: src/sss_client/common.c:1080
 msgid "An error occurred, but no description can be found."
 msgstr ""
 
-#: src/sss_client/common.c:1035
+#: src/sss_client/common.c:1086
 msgid "Unexpected error while looking for an error description"
 msgstr ""
 
-#: src/sss_client/pam_sss.c:68
+#: src/sss_client/pam_sss.c:76
 msgid "Permission denied. "
 msgstr ""
 
-#: src/sss_client/pam_sss.c:69 src/sss_client/pam_sss.c:746
-#: src/sss_client/pam_sss.c:757
+#: src/sss_client/pam_sss.c:77 src/sss_client/pam_sss.c:782
+#: src/sss_client/pam_sss.c:793
 msgid "Server message: "
 msgstr ""
 
 # auto translated by TM merge from project: FreeIPA, version: ipa-4-5, DocId: po/ipa
-#: src/sss_client/pam_sss.c:264
+#: src/sss_client/pam_sss.c:300
 msgid "Passwords do not match"
 msgstr "Hesla nejsou stejná."
 
-#: src/sss_client/pam_sss.c:452
+#: src/sss_client/pam_sss.c:488
 msgid "Password reset by root is not supported."
 msgstr ""
 
-#: src/sss_client/pam_sss.c:493
+#: src/sss_client/pam_sss.c:529
 msgid "Authenticated with cached credentials"
 msgstr ""
 
-#: src/sss_client/pam_sss.c:494
+#: src/sss_client/pam_sss.c:530
 msgid ", your cached password will expire at: "
 msgstr ""
 
-#: src/sss_client/pam_sss.c:524
+#: src/sss_client/pam_sss.c:560
 #, c-format
 msgid "Your password has expired. You have %1$d grace login(s) remaining."
 msgstr ""
 
-#: src/sss_client/pam_sss.c:570
+#: src/sss_client/pam_sss.c:606
 #, c-format
 msgid "Your password will expire in %1$d %2$s."
 msgstr ""
 
-#: src/sss_client/pam_sss.c:619
+#: src/sss_client/pam_sss.c:655
 msgid "Authentication is denied until: "
 msgstr ""
 
-#: src/sss_client/pam_sss.c:640
+#: src/sss_client/pam_sss.c:676
 msgid "System is offline, password change not possible"
 msgstr ""
 
-#: src/sss_client/pam_sss.c:655
+#: src/sss_client/pam_sss.c:691
 msgid ""
 "After changing the OTP password, you need to log out and back in order to "
 "acquire a ticket"
 msgstr ""
 
-#: src/sss_client/pam_sss.c:743 src/sss_client/pam_sss.c:756
+#: src/sss_client/pam_sss.c:779 src/sss_client/pam_sss.c:792
 msgid "Password change failed. "
 msgstr ""
 
-#: src/sss_client/pam_sss.c:1670
+#: src/sss_client/pam_sss.c:1926
 msgid "New Password: "
 msgstr ""
 
-#: src/sss_client/pam_sss.c:1671
+#: src/sss_client/pam_sss.c:1927
 msgid "Reenter new Password: "
 msgstr ""
 
-#: src/sss_client/pam_sss.c:1783 src/sss_client/pam_sss.c:1786
+#: src/sss_client/pam_sss.c:2039 src/sss_client/pam_sss.c:2042
 msgid "First Factor: "
 msgstr ""
 
-#: src/sss_client/pam_sss.c:1784
+#: src/sss_client/pam_sss.c:2040 src/sss_client/pam_sss.c:2202
 msgid "Second Factor (optional): "
 msgstr ""
 
-#: src/sss_client/pam_sss.c:1787
+#: src/sss_client/pam_sss.c:2043 src/sss_client/pam_sss.c:2205
 msgid "Second Factor: "
 msgstr ""
 
 # auto translated by TM merge from project: anaconda, version: f25, DocId: main
-#: src/sss_client/pam_sss.c:1792
+#: src/sss_client/pam_sss.c:2058
 msgid "Password: "
 msgstr "Heslo: "
 
-#: src/sss_client/pam_sss.c:1832
+#: src/sss_client/pam_sss.c:2201 src/sss_client/pam_sss.c:2204
+msgid "First Factor (Current Password): "
+msgstr ""
+
+#: src/sss_client/pam_sss.c:2208
 msgid "Current Password: "
 msgstr ""
 
-#: src/sss_client/pam_sss.c:2098
+#: src/sss_client/pam_sss.c:2536
 msgid "Password expired. Change your password now."
 msgstr ""
 
@@ -1626,7 +1672,7 @@ msgstr ""
 #: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:44
 #: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:668
 #: src/tools/sss_userdel.c:134 src/tools/sss_usermod.c:47
-#: src/tools/sss_cache.c:670 src/tools/sss_debuglevel.c:70
+#: src/tools/sss_cache.c:670
 msgid "The debug level to run with"
 msgstr ""
 
@@ -2167,24 +2213,12 @@ msgstr ""
 msgid "Could not open available domains\n"
 msgstr ""
 
-#: src/tools/sss_debuglevel.c:41
-msgid "\n"
-msgstr ""
-
-#: src/tools/sss_debuglevel.c:97
-msgid "Specify debug level you want to set\n"
-msgstr ""
-
-#: src/tools/sss_debuglevel.c:103
-msgid "Only one argument expected\n"
-msgstr ""
-
-#: src/tools/tools_util.c:204
+#: src/tools/tools_util.c:202
 #, c-format
 msgid "Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set)\n"
 msgstr ""
 
-#: src/tools/tools_util.c:311
+#: src/tools/tools_util.c:309
 msgid "Out of memory\n"
 msgstr ""
 
@@ -2264,38 +2298,38 @@ msgstr ""
 msgid "Cached in InfoPipe"
 msgstr ""
 
-#: src/tools/sssctl/sssctl_cache.c:511
+#: src/tools/sssctl/sssctl_cache.c:512
 #, c-format
 msgid "Error: Unable to get object [%d]: %s\n"
 msgstr ""
 
-#: src/tools/sssctl/sssctl_cache.c:527
+#: src/tools/sssctl/sssctl_cache.c:528
 #, c-format
 msgid "%s: Unable to read value [%d]: %s\n"
 msgstr ""
 
-#: src/tools/sssctl/sssctl_cache.c:555
+#: src/tools/sssctl/sssctl_cache.c:556
 msgid "Specify name."
 msgstr ""
 
-#: src/tools/sssctl/sssctl_cache.c:565
+#: src/tools/sssctl/sssctl_cache.c:566
 #, c-format
 msgid "Unable to parse name %s.\n"
 msgstr ""
 
-#: src/tools/sssctl/sssctl_cache.c:591 src/tools/sssctl/sssctl_cache.c:638
+#: src/tools/sssctl/sssctl_cache.c:592 src/tools/sssctl/sssctl_cache.c:639
 msgid "Search by SID"
 msgstr ""
 
-#: src/tools/sssctl/sssctl_cache.c:592
+#: src/tools/sssctl/sssctl_cache.c:593
 msgid "Search by user ID"
 msgstr ""
 
-#: src/tools/sssctl/sssctl_cache.c:601
+#: src/tools/sssctl/sssctl_cache.c:602
 msgid "Initgroups expiration time"
 msgstr ""
 
-#: src/tools/sssctl/sssctl_cache.c:639
+#: src/tools/sssctl/sssctl_cache.c:640
 msgid "Search by group ID"
 msgstr ""
 
@@ -2333,7 +2367,7 @@ msgid "Unable to create backup directory [%d]: %s"
 msgstr ""
 
 #: src/tools/sssctl/sssctl_data.c:95
-msgid "SSSD backup of local data already exist, override?"
+msgid "SSSD backup of local data already exists, override?"
 msgstr ""
 
 #: src/tools/sssctl/sssctl_data.c:111
@@ -2473,45 +2507,53 @@ msgstr ""
 msgid "Unable to get server list\n"
 msgstr ""
 
-#: src/tools/sssctl/sssctl_logs.c:48
+#: src/tools/sssctl/sssctl_logs.c:47
+msgid "\n"
+msgstr ""
+
+#: src/tools/sssctl/sssctl_logs.c:237
 msgid "Delete log files instead of truncating"
 msgstr ""
 
-#: src/tools/sssctl/sssctl_logs.c:59
+#: src/tools/sssctl/sssctl_logs.c:248
 #, c-format
 msgid "Deleting log files...\n"
 msgstr ""
 
-#: src/tools/sssctl/sssctl_logs.c:62
+#: src/tools/sssctl/sssctl_logs.c:251
 #, c-format
 msgid "Unable to remove log files\n"
 msgstr ""
 
-#: src/tools/sssctl/sssctl_logs.c:68
+#: src/tools/sssctl/sssctl_logs.c:257
 #, c-format
 msgid "Truncating log files...\n"
 msgstr ""
 
-#: src/tools/sssctl/sssctl_logs.c:71
+#: src/tools/sssctl/sssctl_logs.c:260
 #, c-format
 msgid "Unable to truncate log files\n"
 msgstr ""
 
-#: src/tools/sssctl/sssctl_logs.c:97
+#: src/tools/sssctl/sssctl_logs.c:286
 #, c-format
 msgid "Out of memory!"
 msgstr ""
 
-#: src/tools/sssctl/sssctl_logs.c:100
+#: src/tools/sssctl/sssctl_logs.c:289
 #, c-format
 msgid "Archiving log files into %s...\n"
 msgstr ""
 
-#: src/tools/sssctl/sssctl_logs.c:103
+#: src/tools/sssctl/sssctl_logs.c:292
 #, c-format
 msgid "Unable to archive log files\n"
 msgstr ""
 
+#: src/tools/sssctl/sssctl_logs.c:317
+msgid "Specify debug level you want to set"
+msgstr ""
+
 #: src/tools/sssctl/sssctl_sifp.c:28
 msgid ""
 "Check that SSSD is running and the InfoPipe responder is enabled. Make sure "
@@ -2621,7 +2663,7 @@ msgstr ""
 
 #: src/tools/sssctl/sssctl_user_checks.c:237
 #, c-format
-msgid "InforPipe User lookup with [%s] failed.\n"
+msgid "InfoPipe User lookup with [%s] failed.\n"
 msgstr ""
 
 #: src/tools/sssctl/sssctl_user_checks.c:244
@@ -2721,18 +2763,18 @@ msgstr ""
 msgid " - no env -\n"
 msgstr ""
 
-#: src/util/util.h:74
+#: src/util/util.h:75
 msgid "The user ID to run the server as"
 msgstr ""
 
-#: src/util/util.h:76
+#: src/util/util.h:77
 msgid "The group ID to run the server as"
 msgstr ""
 
-#: src/util/util.h:84
+#: src/util/util.h:85
 msgid "Informs that the responder has been socket-activated"
 msgstr ""
 
-#: src/util/util.h:86
+#: src/util/util.h:87
 msgid "Informs that the responder has been dbus-activated"
 msgstr ""
diff --git a/po/de.po b/po/de.po
index 2878c38..6394d4f 100644
--- a/po/de.po
+++ b/po/de.po
@@ -10,8 +10,8 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2018-03-09 12:31+0100\n"
-"PO-Revision-Date: 2014-12-14 11:45-0500\n"
+"POT-Creation-Date: 2018-06-08 21:01+0200\n"
+"PO-Revision-Date: 2014-12-14 11:45+0000\n"
 "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
 "Language-Team: German (http://www.transifex.com/projects/p/sssd/language/"
 "de/)\n"
@@ -20,7 +20,7 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
-"X-Generator: Zanata 3.9.6\n"
+"X-Generator: Zanata 4.4.5\n"
 
 #: src/config/SSSDConfig/__init__.py.in:43
 #: src/config/SSSDConfig/__init__.py.in:44
@@ -350,11 +350,8 @@ msgid "The maximum number of secrets that can be stored"
 msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:132
-#, fuzzy
 msgid "The maximum number of secrets that can be stored per UID"
 msgstr ""
-"Die Anzahl der Dateideskriptoren, die durch diesen Responder geöffnet werden "
-"dürfen"
 
 #: src/config/SSSDConfig/__init__.py.in:133
 msgid "The maximum payload size of a secret in kilobytes"
@@ -453,9 +450,8 @@ msgid "SELinux provider"
 msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:158
-#, fuzzy
 msgid "Session management provider"
-msgstr "Passwortänderungs-Anbieter"
+msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:161
 msgid "Whether the domain is usable by the OS or by applications"
@@ -598,9 +594,8 @@ msgid "How long can cached credentials be used for cached authentication"
 msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:198
-#, fuzzy
 msgid "Whether to automatically create private groups for users"
-msgstr "Automatische Aktualisierung des DNS-Eintrags des Clients"
+msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:201
 msgid "IPA domain"
@@ -694,25 +689,20 @@ msgid "Objectclass for group override objects"
 msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:223
-#, fuzzy
 msgid "Search base for Desktop Profile related objects"
-msgstr "Suchbasis für HBAC-bezogene Objekte"
+msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:224
-#, fuzzy
 msgid ""
 "The amount of time in seconds between lookups of the Desktop Profile rules "
 "against the IPA server"
 msgstr ""
-"Die Zeitspanne in Sekunden zwischen Suchanfragen der SELinux-Zuweisung an "
-"den IPA-Server"
 
 #: src/config/SSSDConfig/__init__.py.in:225
-#, fuzzy
 msgid ""
 "The amount of time in minutes between lookups of Desktop Profiles rules "
 "against the IPA server when the last request did not find any rule"
-msgstr "Die Zeitspanne zwischen Suchanfragen der HBAC-Regeln an den IPA-Server"
+msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:228
 msgid "Active Directory domain"
@@ -1168,9 +1158,8 @@ msgid "Attribute listing authorized server hosts"
 msgstr "Attribut, welches die autorisierten Server-Hosts auflistet"
 
 #: src/config/SSSDConfig/__init__.py.in:353
-#, fuzzy
 msgid "Attribute listing authorized server rhosts"
-msgstr "Attribut, welches die autorisierten Server-Hosts auflistet"
+msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:354
 msgid "krbLastPwdChange attribute"
@@ -1272,9 +1261,8 @@ msgid "The LDAP group external member attribute"
 msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:384
-#, fuzzy
 msgid "Maximum nesting level SSSD will follow"
-msgstr "Maximale Ebene der Verschachtelung, der SSSd folgt"
+msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:386
 msgid "Base DN for netgroup lookups"
@@ -1561,6 +1549,14 @@ msgstr ""
 msgid "PAM stack to use"
 msgstr "Zu verwendender PAM-Stapel"
 
+#: src/config/SSSDConfig/__init__.py.in:479
+msgid "Path of passwd file sources."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:480
+msgid "Path of group file sources."
+msgstr ""
+
 #: src/monitor/monitor.c:2449
 msgid "Become a daemon (default)"
 msgstr "Zum Hintergrunddienst werden (Vorgabe)"
@@ -1589,23 +1585,23 @@ msgstr "Versionsnummer ausgeben und das Programm beenden"
 msgid "SSSD is already running\n"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:3216 src/providers/ldap/ldap_child.c:617
+#: src/providers/krb5/krb5_child.c:3216 src/providers/ldap/ldap_child.c:605
 msgid "Debug level"
 msgstr "Fehlerdiagnosestufe"
 
-#: src/providers/krb5/krb5_child.c:3218 src/providers/ldap/ldap_child.c:619
+#: src/providers/krb5/krb5_child.c:3218 src/providers/ldap/ldap_child.c:607
 msgid "Add debug timestamps"
 msgstr "Debug-Zeitstempel hinzufügen"
 
-#: src/providers/krb5/krb5_child.c:3220 src/providers/ldap/ldap_child.c:621
+#: src/providers/krb5/krb5_child.c:3220 src/providers/ldap/ldap_child.c:609
 msgid "Show timestamps with microseconds"
 msgstr "Zeitstempel mit Mikrosekunden anzeigen"
 
-#: src/providers/krb5/krb5_child.c:3222 src/providers/ldap/ldap_child.c:623
+#: src/providers/krb5/krb5_child.c:3222 src/providers/ldap/ldap_child.c:611
 msgid "An open file descriptor for the debug logs"
 msgstr "Offener Dateideskriptor für die Debug-Protokolle"
 
-#: src/providers/krb5/krb5_child.c:3225 src/providers/ldap/ldap_child.c:625
+#: src/providers/krb5/krb5_child.c:3225 src/providers/ldap/ldap_child.c:613
 msgid "Send the debug output to stderr directly."
 msgstr ""
 
@@ -1755,9 +1751,8 @@ msgid "Password: "
 msgstr "Passwort: "
 
 #: src/sss_client/pam_sss.c:2201 src/sss_client/pam_sss.c:2204
-#, fuzzy
 msgid "First Factor (Current Password): "
-msgstr "Aktuelles Passwort: "
+msgstr ""
 
 #: src/sss_client/pam_sss.c:2208
 msgid "Current Password: "
@@ -2691,9 +2686,8 @@ msgid "Unable to archive log files\n"
 msgstr ""
 
 #: src/tools/sssctl/sssctl_logs.c:317
-#, fuzzy
 msgid "Specify debug level you want to set"
-msgstr "Zu setzende Debug-Stufe angeben\n"
+msgstr ""
 
 #: src/tools/sssctl/sssctl_sifp.c:28
 msgid ""
@@ -2933,6 +2927,3 @@ msgstr ""
 #: src/util/util.h:87
 msgid "Informs that the responder has been dbus-activated"
 msgstr ""
-
-#~ msgid "Only one argument expected\n"
-#~ msgstr "Nur ein Argument wurde erwartet\n"
diff --git a/po/es.po b/po/es.po
index effdb80..80502b0 100644
--- a/po/es.po
+++ b/po/es.po
@@ -12,13 +12,14 @@
 # sgallagh <sgallagh@redhat.com>, 2011
 # sgallagh <sgallagh@redhat.com>, 2011
 # vareli <ehespinosa@ya.com>, 2013
+# Emilio Herrera <ehespinosa57@gmail.com>, 2018. #zanata
 msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2018-03-09 12:31+0100\n"
-"PO-Revision-Date: 2014-12-14 11:45-0500\n"
-"Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
+"POT-Creation-Date: 2018-06-08 21:01+0200\n"
+"PO-Revision-Date: 2018-06-01 03:11+0000\n"
+"Last-Translator: Emilio Herrera <ehespinosa57@gmail.com>\n"
 "Language-Team: Spanish (http://www.transifex.com/projects/p/sssd/language/"
 "es/)\n"
 "Language: es\n"
@@ -26,7 +27,7 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
-"X-Generator: Zanata 3.9.6\n"
+"X-Generator: Zanata 4.4.5\n"
 
 #: src/config/SSSDConfig/__init__.py.in:43
 #: src/config/SSSDConfig/__init__.py.in:44
@@ -48,7 +49,7 @@ msgstr "Escribir los mensajes de depuración a archivos log"
 
 #: src/config/SSSDConfig/__init__.py.in:48
 msgid "Watchdog timeout before restarting service"
-msgstr ""
+msgstr "Tiempo de espera del perro guardián antes de reiniciar el servicio"
 
 #: src/config/SSSDConfig/__init__.py.in:49
 msgid "Command to start service"
@@ -62,18 +63,22 @@ msgstr ""
 #: src/config/SSSDConfig/__init__.py.in:51
 msgid "The number of file descriptors that may be opened by this responder"
 msgstr ""
+"El número de descriptores de archivos que pueden ser abiertos por este "
+"contestador"
 
 #: src/config/SSSDConfig/__init__.py.in:52
 msgid "Idle time before automatic disconnection of a client"
-msgstr ""
+msgstr "Tiempo de inactividad antes de la desconexión automática de un cliente"
 
 #: src/config/SSSDConfig/__init__.py.in:53
 msgid "Idle time before automatic shutdown of the responder"
-msgstr ""
+msgstr "Tiempo de inactividad antes del apagado automático de un contestador"
 
 #: src/config/SSSDConfig/__init__.py.in:54
 msgid "Always query all the caches before querying the Data Providers"
 msgstr ""
+"Preguntar siempre a todos los caches antes de preguntar a los Proveedores de "
+"Datos"
 
 #: src/config/SSSDConfig/__init__.py.in:57
 msgid "SSSD Services to start"
@@ -110,31 +115,33 @@ msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:63
 msgid "Domain to add to names without a domain component."
-msgstr ""
+msgstr "Dominio para añadir a los nombres sin componente de dominio"
 
 #: src/config/SSSDConfig/__init__.py.in:64
 msgid "The user to drop privileges to"
-msgstr ""
+msgstr "El usuario a quitar privilegios"
 
 #: src/config/SSSDConfig/__init__.py.in:65
 msgid "Tune certificate verification"
-msgstr ""
+msgstr "Ajustar la verificación del cetificado"
 
 #: src/config/SSSDConfig/__init__.py.in:66
 msgid "All spaces in group or user names will be replaced with this character"
 msgstr ""
+"Todos los espacios en los nombres de usuario o grupo serán reemplazados por "
+"este caracter"
 
 #: src/config/SSSDConfig/__init__.py.in:67
 msgid "Tune sssd to honor or ignore netlink state changes"
-msgstr ""
+msgstr "Ajustar sssd para aceptar o ignorar los cambios de estados de netlink"
 
 #: src/config/SSSDConfig/__init__.py.in:68
 msgid "Enable or disable the implicit files domain"
-msgstr ""
+msgstr "Habilitar o deshabilitar el dominio implícito de archivos"
 
 #: src/config/SSSDConfig/__init__.py.in:69
 msgid "A specific order of the domains to be looked up"
-msgstr ""
+msgstr "Un orden especifico de los dominios a buscar"
 
 #: src/config/SSSDConfig/__init__.py.in:72
 msgid "Enumeration cache timeout length (seconds)"
@@ -153,6 +160,7 @@ msgstr "Tiempo máximo negativo del cache (segundos)"
 #: src/config/SSSDConfig/__init__.py.in:75
 msgid "Files negative cache timeout length (seconds)"
 msgstr ""
+"Longitud de tiempo de espera para el cache negativo de archivos (segundos)"
 
 #: src/config/SSSDConfig/__init__.py.in:76
 msgid "Users that SSSD should explicitly ignore"
@@ -180,10 +188,13 @@ msgstr ""
 msgid ""
 "Substitute empty homedir value from the identity provider with this value"
 msgstr ""
+"Sustituir el valor vacío de homedir de la identidad del proveedor con este "
+"valor"
 
 #: src/config/SSSDConfig/__init__.py.in:82
 msgid "Override shell value from the identity provider with this value"
 msgstr ""
+"Sustituir el valor de shell de la identidad del proveedor por este valor"
 
 #: src/config/SSSDConfig/__init__.py.in:83
 msgid "The list of shells users are allowed to log in with"
@@ -205,15 +216,17 @@ msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:86
 msgid "Shell to use if the provider does not list one"
-msgstr ""
+msgstr "Shell a usar si el proveedor no lista uno"
 
 #: src/config/SSSDConfig/__init__.py.in:87
 msgid "How long will be in-memory cache records valid"
-msgstr ""
+msgstr "Cuanto serán validos en la memoria los cache los registros"
 
 #: src/config/SSSDConfig/__init__.py.in:88
 msgid "List of user attributes the NSS responder is allowed to publish"
 msgstr ""
+"Lista de los atributos de usuario que el contestador NSS tiene permitido "
+"publicar"
 
 #: src/config/SSSDConfig/__init__.py.in:91
 msgid "How long to allow cached logins between online logins (days)"
@@ -239,7 +252,7 @@ msgstr "Que clase de mensajes se muestran al usuario durante la autenticación"
 
 #: src/config/SSSDConfig/__init__.py.in:95
 msgid "Filter PAM responses sent to the pam_sss"
-msgstr ""
+msgstr "Filtrar las respuestas PAM enviadas al pam_sss"
 
 #: src/config/SSSDConfig/__init__.py.in:96
 msgid "How many seconds to keep identity information cached for PAM requests"
@@ -253,35 +266,36 @@ msgstr "Cuanto días se debe mostrar un aviso de expiración de contraseña"
 
 #: src/config/SSSDConfig/__init__.py.in:98
 msgid "List of trusted uids or user's name"
-msgstr ""
+msgstr "Lista de uids o nombres de usuario de confianza"
 
 #: src/config/SSSDConfig/__init__.py.in:99
 msgid "List of domains accessible even for untrusted users."
-msgstr ""
+msgstr "Lista de dominios accesibles aún para usuarios los que no se confie"
 
 #: src/config/SSSDConfig/__init__.py.in:100
 msgid "Message printed when user account is expired."
-msgstr ""
+msgstr "Mensaje impreso cuando una cuenta de usuario expira"
 
 #: src/config/SSSDConfig/__init__.py.in:101
 msgid "Message printed when user account is locked."
-msgstr ""
+msgstr "Mensaje impreso cuando una cuenta de usuario es bloqueada"
 
 #: src/config/SSSDConfig/__init__.py.in:102
 msgid "Allow certificate based/Smartcard authentication."
-msgstr ""
+msgstr "Permitir el certificado basado/en autenticación Smartcard"
 
 #: src/config/SSSDConfig/__init__.py.in:103
 msgid "Path to certificate database with PKCS#11 modules."
-msgstr ""
+msgstr "Ruta a la base de datos de certificados con módulos PKCS#11."
 
 #: src/config/SSSDConfig/__init__.py.in:104
 msgid "How many seconds will pam_sss wait for p11_child to finish"
-msgstr ""
+msgstr "Cuantos segundos esperará pam_sss a que termine p11_child"
 
 #: src/config/SSSDConfig/__init__.py.in:105
 msgid "Which PAM services are permitted to contact application domains"
 msgstr ""
+"Que servicios PAM tienen permitido contactar con dominios de aplicación"
 
 #: src/config/SSSDConfig/__init__.py.in:108
 msgid "Whether to evaluate the time-based attributes in sudo rules"
@@ -289,87 +303,100 @@ msgstr "Ya sea para evaluar los atributos basados en el tiempo en reglas sudo"
 
 #: src/config/SSSDConfig/__init__.py.in:109
 msgid "If true, SSSD will switch back to lower-wins ordering logic"
-msgstr ""
+msgstr "Si cierto, SSSD volverá a la lógica de ordenación de triunfos menores"
 
 #: src/config/SSSDConfig/__init__.py.in:110
 msgid ""
 "Maximum number of rules that can be refreshed at once. If this is exceeded, "
 "full refresh is performed."
 msgstr ""
+"Número máximo de reglas que se pueden refrescar de una vez. Si esto se "
+"excede, se llevará a cabo un refresco total."
 
 #: src/config/SSSDConfig/__init__.py.in:116
 msgid "Whether to hash host names and addresses in the known_hosts file"
 msgstr ""
+"Si se deben picar los nombres de host y las direcciones en el archivo known-"
+"hosts"
 
 #: src/config/SSSDConfig/__init__.py.in:117
 msgid ""
 "How many seconds to keep a host in the known_hosts file after its host keys "
 "were requested"
 msgstr ""
+"Cuantos segundos mantener un host en el archivos known_host después de que "
+"se haya pedido su clave de host"
 
 #: src/config/SSSDConfig/__init__.py.in:118
 msgid "Path to storage of trusted CA certificates"
-msgstr ""
+msgstr "Ruta al almacenamiento de los certificados CA de confianza"
 
 #: src/config/SSSDConfig/__init__.py.in:121
 msgid "List of UIDs or user names allowed to access the PAC responder"
 msgstr ""
+"Lista de UIDs o nombres de usuario que tienen permitido acceder al "
+"contestador PAC"
 
 #: src/config/SSSDConfig/__init__.py.in:122
 msgid "How long the PAC data is considered valid"
-msgstr ""
+msgstr "Longitud de datos PAC considerados válidos"
 
 #: src/config/SSSDConfig/__init__.py.in:125
 msgid "List of UIDs or user names allowed to access the InfoPipe responder"
 msgstr ""
+"Lista de UIDs y nombres de usuarios que tienen permitido el acceso al "
+"contestador InfoPipe"
 
 #: src/config/SSSDConfig/__init__.py.in:126
 msgid "List of user attributes the InfoPipe is allowed to publish"
-msgstr ""
+msgstr "Lista de atributos de usuario que InforPipe tiene permitido publicar"
 
 #: src/config/SSSDConfig/__init__.py.in:129
 msgid "The provider where the secrets will be stored in"
-msgstr ""
+msgstr "El proveedor donde se almacenarán los secretos"
 
 #: src/config/SSSDConfig/__init__.py.in:130
 msgid "The maximum allowed number of nested containers"
-msgstr ""
+msgstr "El número máximo permitido de contenedores anidados"
 
 #: src/config/SSSDConfig/__init__.py.in:131
 msgid "The maximum number of secrets that can be stored"
-msgstr ""
+msgstr "El número máximo de secretos que pueden ser almacenados"
 
 #: src/config/SSSDConfig/__init__.py.in:132
 msgid "The maximum number of secrets that can be stored per UID"
-msgstr ""
+msgstr "El número máximo de secretos que puede ser almacenado por UID"
 
 #: src/config/SSSDConfig/__init__.py.in:133
 msgid "The maximum payload size of a secret in kilobytes"
-msgstr ""
+msgstr "El tamaño de carga máxima de un secreto en kilobytes"
 
 #: src/config/SSSDConfig/__init__.py.in:135
 msgid "The URL Custodia server is listening on"
-msgstr ""
+msgstr "El servidor URL Custodia está escuchando en"
 
 #: src/config/SSSDConfig/__init__.py.in:136
 msgid "The method to use when authenticating to a Custodia server"
-msgstr ""
+msgstr "El método a usar cuando se autentica en un servidor Custodia"
 
 #: src/config/SSSDConfig/__init__.py.in:137
 msgid ""
 "The name of the headers that will be added into a HTTP request with the "
 "value defined in auth_header_value"
 msgstr ""
+"El nombre de las cabeceras que se añadirán a una petición HTTP con el valor "
+"definido en auth_header_value"
 
 #: src/config/SSSDConfig/__init__.py.in:138
 msgid "The value sssd-secrets would use for auth_header_name"
-msgstr ""
+msgstr "El valor que sssd-secrets debería usar para auth_header_name"
 
 #: src/config/SSSDConfig/__init__.py.in:139
 msgid ""
 "The list of the headers to forward to the Custodia server together with the "
 "request"
 msgstr ""
+"La lista de las cabeceras a enviar al servidor Custodia junto con la petición"
 
 #: src/config/SSSDConfig/__init__.py.in:140
 msgid ""
@@ -440,9 +467,8 @@ msgid "SELinux provider"
 msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:158
-#, fuzzy
 msgid "Session management provider"
-msgstr "Proveedor de cambio de contraseña"
+msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:161
 msgid "Whether the domain is usable by the OS or by applications"
@@ -576,10 +602,8 @@ msgid "How long can cached credentials be used for cached authentication"
 msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:198
-#, fuzzy
 msgid "Whether to automatically create private groups for users"
 msgstr ""
-"Si actualizar o no en forma automática la entrada DNS del cliente en FreeIPA"
 
 #: src/config/SSSDConfig/__init__.py.in:201
 msgid "IPA domain"
@@ -670,25 +694,20 @@ msgid "Objectclass for group override objects"
 msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:223
-#, fuzzy
 msgid "Search base for Desktop Profile related objects"
-msgstr "Búsqueda base para objetos HBAC"
+msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:224
-#, fuzzy
 msgid ""
 "The amount of time in seconds between lookups of the Desktop Profile rules "
 "against the IPA server"
 msgstr ""
-"Cantidad de tiempo entre búsquedas de reglas HBAC contra el servidor IPA"
 
 #: src/config/SSSDConfig/__init__.py.in:225
-#, fuzzy
 msgid ""
 "The amount of time in minutes between lookups of Desktop Profiles rules "
 "against the IPA server when the last request did not find any rule"
 msgstr ""
-"Cantidad de tiempo entre búsquedas de reglas HBAC contra el servidor IPA"
 
 #: src/config/SSSDConfig/__init__.py.in:228
 msgid "Active Directory domain"
@@ -1145,9 +1164,8 @@ msgid "Attribute listing authorized server hosts"
 msgstr "Atributo de listado de equipos de servidor autorizados"
 
 #: src/config/SSSDConfig/__init__.py.in:353
-#, fuzzy
 msgid "Attribute listing authorized server rhosts"
-msgstr "Atributo de listado de equipos de servidor autorizados"
+msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:354
 msgid "krbLastPwdChange attribute"
@@ -1248,9 +1266,8 @@ msgid "The LDAP group external member attribute"
 msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:384
-#, fuzzy
 msgid "Maximum nesting level SSSD will follow"
-msgstr "A continuación, nivel SSSD de anidado máximo"
+msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:386
 msgid "Base DN for netgroup lookups"
@@ -1525,6 +1542,14 @@ msgstr ""
 msgid "PAM stack to use"
 msgstr "Pila PAM a usar"
 
+#: src/config/SSSDConfig/__init__.py.in:479
+msgid "Path of passwd file sources."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:480
+msgid "Path of group file sources."
+msgstr ""
+
 #: src/monitor/monitor.c:2449
 msgid "Become a daemon (default)"
 msgstr "Convertirse en demonio (predeterminado)"
@@ -1553,23 +1578,23 @@ msgstr "Muestra el número de versión y finaliza"
 msgid "SSSD is already running\n"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:3216 src/providers/ldap/ldap_child.c:617
+#: src/providers/krb5/krb5_child.c:3216 src/providers/ldap/ldap_child.c:605
 msgid "Debug level"
 msgstr "Nive de depuración"
 
-#: src/providers/krb5/krb5_child.c:3218 src/providers/ldap/ldap_child.c:619
+#: src/providers/krb5/krb5_child.c:3218 src/providers/ldap/ldap_child.c:607
 msgid "Add debug timestamps"
 msgstr "Agregar marcas de tiempo de depuración"
 
-#: src/providers/krb5/krb5_child.c:3220 src/providers/ldap/ldap_child.c:621
+#: src/providers/krb5/krb5_child.c:3220 src/providers/ldap/ldap_child.c:609
 msgid "Show timestamps with microseconds"
 msgstr "Mostrar marcas de tiempo con microsegundos"
 
-#: src/providers/krb5/krb5_child.c:3222 src/providers/ldap/ldap_child.c:623
+#: src/providers/krb5/krb5_child.c:3222 src/providers/ldap/ldap_child.c:611
 msgid "An open file descriptor for the debug logs"
 msgstr "Un arhivo abierto de descriptor para los registros de depuración"
 
-#: src/providers/krb5/krb5_child.c:3225 src/providers/ldap/ldap_child.c:625
+#: src/providers/krb5/krb5_child.c:3225 src/providers/ldap/ldap_child.c:613
 msgid "Send the debug output to stderr directly."
 msgstr ""
 
@@ -1716,9 +1741,8 @@ msgid "Password: "
 msgstr "Contraseña: "
 
 #: src/sss_client/pam_sss.c:2201 src/sss_client/pam_sss.c:2204
-#, fuzzy
 msgid "First Factor (Current Password): "
-msgstr "Contraseña actual: "
+msgstr ""
 
 #: src/sss_client/pam_sss.c:2208
 msgid "Current Password: "
@@ -2630,9 +2654,8 @@ msgid "Unable to archive log files\n"
 msgstr ""
 
 #: src/tools/sssctl/sssctl_logs.c:317
-#, fuzzy
 msgid "Specify debug level you want to set"
-msgstr "Nivel de depuración en que se debe ejecutar"
+msgstr ""
 
 #: src/tools/sssctl/sssctl_sifp.c:28
 msgid ""
diff --git a/po/eu.po b/po/eu.po
index 9f04c1c..e4d5f6d 100644
--- a/po/eu.po
+++ b/po/eu.po
@@ -8,8 +8,8 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2018-03-09 12:31+0100\n"
-"PO-Revision-Date: 2014-12-14 11:45-0500\n"
+"POT-Creation-Date: 2018-06-08 21:01+0200\n"
+"PO-Revision-Date: 2014-12-14 11:45+0000\n"
 "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
 "Language-Team: Basque (http://www.transifex.com/projects/p/sssd/language/"
 "eu/)\n"
@@ -18,7 +18,7 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
-"X-Generator: Zanata 3.9.6\n"
+"X-Generator: Zanata 4.4.5\n"
 
 #: src/config/SSSDConfig/__init__.py.in:43
 #: src/config/SSSDConfig/__init__.py.in:44
@@ -1463,6 +1463,14 @@ msgstr ""
 msgid "PAM stack to use"
 msgstr ""
 
+#: src/config/SSSDConfig/__init__.py.in:479
+msgid "Path of passwd file sources."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:480
+msgid "Path of group file sources."
+msgstr ""
+
 #: src/monitor/monitor.c:2449
 msgid "Become a daemon (default)"
 msgstr ""
@@ -1491,23 +1499,23 @@ msgstr "Inprimatu bertsio zenbakia eta irten"
 msgid "SSSD is already running\n"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:3216 src/providers/ldap/ldap_child.c:617
+#: src/providers/krb5/krb5_child.c:3216 src/providers/ldap/ldap_child.c:605
 msgid "Debug level"
 msgstr "Arazketa maila"
 
-#: src/providers/krb5/krb5_child.c:3218 src/providers/ldap/ldap_child.c:619
+#: src/providers/krb5/krb5_child.c:3218 src/providers/ldap/ldap_child.c:607
 msgid "Add debug timestamps"
 msgstr "Gehitu arazketako data-zigiluak"
 
-#: src/providers/krb5/krb5_child.c:3220 src/providers/ldap/ldap_child.c:621
+#: src/providers/krb5/krb5_child.c:3220 src/providers/ldap/ldap_child.c:609
 msgid "Show timestamps with microseconds"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:3222 src/providers/ldap/ldap_child.c:623
+#: src/providers/krb5/krb5_child.c:3222 src/providers/ldap/ldap_child.c:611
 msgid "An open file descriptor for the debug logs"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:3225 src/providers/ldap/ldap_child.c:625
+#: src/providers/krb5/krb5_child.c:3225 src/providers/ldap/ldap_child.c:613
 msgid "Send the debug output to stderr directly."
 msgstr ""
 
@@ -1653,9 +1661,8 @@ msgid "Password: "
 msgstr "Pasahitza: "
 
 #: src/sss_client/pam_sss.c:2201 src/sss_client/pam_sss.c:2204
-#, fuzzy
 msgid "First Factor (Current Password): "
-msgstr "Uneko pasahitza: "
+msgstr ""
 
 #: src/sss_client/pam_sss.c:2208
 msgid "Current Password: "
diff --git a/po/fr.po b/po/fr.po
index 654437a..de6d2ea 100644
--- a/po/fr.po
+++ b/po/fr.po
@@ -13,8 +13,8 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2018-03-09 12:31+0100\n"
-"PO-Revision-Date: 2016-02-24 03:43-0500\n"
+"POT-Creation-Date: 2018-06-08 21:01+0200\n"
+"PO-Revision-Date: 2016-02-24 03:43+0000\n"
 "Last-Translator: Jérôme Fenal <jfenal@gmail.com>\n"
 "Language-Team: French (http://www.transifex.com/projects/p/sssd/language/"
 "fr/)\n"
@@ -23,7 +23,7 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n > 1);\n"
-"X-Generator: Zanata 3.9.6\n"
+"X-Generator: Zanata 4.4.5\n"
 
 #: src/config/SSSDConfig/__init__.py.in:43
 #: src/config/SSSDConfig/__init__.py.in:44
@@ -353,11 +353,8 @@ msgid "The maximum number of secrets that can be stored"
 msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:132
-#, fuzzy
 msgid "The maximum number of secrets that can be stored per UID"
 msgstr ""
-"Le nombre de descripteurs de fichiers qui peuvent être ouverts par ce "
-"répondeur"
 
 #: src/config/SSSDConfig/__init__.py.in:133
 msgid "The maximum payload size of a secret in kilobytes"
@@ -456,9 +453,8 @@ msgid "SELinux provider"
 msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:158
-#, fuzzy
 msgid "Session management provider"
-msgstr "Fournisseur de changement de mot de passe"
+msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:161
 msgid "Whether the domain is usable by the OS or by applications"
@@ -596,9 +592,8 @@ msgid "How long can cached credentials be used for cached authentication"
 msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:198
-#, fuzzy
 msgid "Whether to automatically create private groups for users"
-msgstr "Choisir de mettre à jour automatiquement l'entrée DNS du client"
+msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:201
 msgid "IPA domain"
@@ -691,23 +686,20 @@ msgid "Objectclass for group override objects"
 msgstr "Classe d'objet surchargeant les groupes"
 
 #: src/config/SSSDConfig/__init__.py.in:223
-#, fuzzy
 msgid "Search base for Desktop Profile related objects"
-msgstr "Base de recherche pour les objets HBAC"
+msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:224
-#, fuzzy
 msgid ""
 "The amount of time in seconds between lookups of the Desktop Profile rules "
 "against the IPA server"
-msgstr "Délai entre les recherches de cartes SELinux sur le serveur IPA"
+msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:225
-#, fuzzy
 msgid ""
 "The amount of time in minutes between lookups of Desktop Profiles rules "
 "against the IPA server when the last request did not find any rule"
-msgstr "Délai entre les recherches de règles HBAC sur le serveur IPA"
+msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:228
 msgid "Active Directory domain"
@@ -895,11 +887,8 @@ msgid "Enables enterprise principals"
 msgstr "Active les principals d'entreprise"
 
 #: src/config/SSSDConfig/__init__.py.in:272
-#, fuzzy
 msgid "A mapping from user names to Kerberos principal names"
 msgstr ""
-"Une liste de correspondances entre noms d'utilisateurs et noms de principaux "
-"kerberos"
 
 #: src/config/SSSDConfig/__init__.py.in:275
 #: src/config/SSSDConfig/__init__.py.in:276
@@ -1188,9 +1177,8 @@ msgid "Attribute listing authorized server hosts"
 msgstr "Attribut listant les systèmes serveurs autorisés"
 
 #: src/config/SSSDConfig/__init__.py.in:353
-#, fuzzy
 msgid "Attribute listing authorized server rhosts"
-msgstr "Attribut listant les systèmes serveurs autorisés"
+msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:354
 msgid "krbLastPwdChange attribute"
@@ -1293,9 +1281,8 @@ msgid "The LDAP group external member attribute"
 msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:384
-#, fuzzy
 msgid "Maximum nesting level SSSD will follow"
-msgstr "Niveau de récursion maximum que SSSd doit suivre"
+msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:386
 msgid "Base DN for netgroup lookups"
@@ -1582,6 +1569,14 @@ msgstr "Rechercher le nom canonique du groupe dans le cache si possible"
 msgid "PAM stack to use"
 msgstr "Pile PAM à utiliser"
 
+#: src/config/SSSDConfig/__init__.py.in:479
+msgid "Path of passwd file sources."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:480
+msgid "Path of group file sources."
+msgstr ""
+
 #: src/monitor/monitor.c:2449
 msgid "Become a daemon (default)"
 msgstr "Devenir un démon (par défaut)"
@@ -1610,23 +1605,23 @@ msgstr "Afficher le numéro de version et quitte"
 msgid "SSSD is already running\n"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:3216 src/providers/ldap/ldap_child.c:617
+#: src/providers/krb5/krb5_child.c:3216 src/providers/ldap/ldap_child.c:605
 msgid "Debug level"
 msgstr "Niveau de débogage"
 
-#: src/providers/krb5/krb5_child.c:3218 src/providers/ldap/ldap_child.c:619
+#: src/providers/krb5/krb5_child.c:3218 src/providers/ldap/ldap_child.c:607
 msgid "Add debug timestamps"
 msgstr "Ajouter l'horodatage au débogage"
 
-#: src/providers/krb5/krb5_child.c:3220 src/providers/ldap/ldap_child.c:621
+#: src/providers/krb5/krb5_child.c:3220 src/providers/ldap/ldap_child.c:609
 msgid "Show timestamps with microseconds"
 msgstr "Afficher l'horodatage en microsecondes"
 
-#: src/providers/krb5/krb5_child.c:3222 src/providers/ldap/ldap_child.c:623
+#: src/providers/krb5/krb5_child.c:3222 src/providers/ldap/ldap_child.c:611
 msgid "An open file descriptor for the debug logs"
 msgstr "Un descripteur de fichier ouvert pour les journaux de débogage"
 
-#: src/providers/krb5/krb5_child.c:3225 src/providers/ldap/ldap_child.c:625
+#: src/providers/krb5/krb5_child.c:3225 src/providers/ldap/ldap_child.c:613
 msgid "Send the debug output to stderr directly."
 msgstr "Envoyer la sortie de débogage directement vers l'erreur standard."
 
@@ -1779,9 +1774,8 @@ msgid "Password: "
 msgstr "Mot de passe : "
 
 #: src/sss_client/pam_sss.c:2201 src/sss_client/pam_sss.c:2204
-#, fuzzy
 msgid "First Factor (Current Password): "
-msgstr "Mot de passe actuel : "
+msgstr ""
 
 #: src/sss_client/pam_sss.c:2208
 msgid "Current Password: "
@@ -2721,9 +2715,8 @@ msgid "Unable to archive log files\n"
 msgstr ""
 
 #: src/tools/sssctl/sssctl_logs.c:317
-#, fuzzy
 msgid "Specify debug level you want to set"
-msgstr "Définir le niveau de débogage à utiliser\n"
+msgstr ""
 
 #: src/tools/sssctl/sssctl_sifp.c:28
 msgid ""
@@ -2963,6 +2956,3 @@ msgstr ""
 #: src/util/util.h:87
 msgid "Informs that the responder has been dbus-activated"
 msgstr ""
-
-#~ msgid "Only one argument expected\n"
-#~ msgstr "Un seul argument est attendu\n"
diff --git a/po/hu.po b/po/hu.po
index 738201d..4472a34 100644
--- a/po/hu.po
+++ b/po/hu.po
@@ -10,8 +10,8 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2018-03-09 12:31+0100\n"
-"PO-Revision-Date: 2014-12-14 11:45-0500\n"
+"POT-Creation-Date: 2018-06-08 21:01+0200\n"
+"PO-Revision-Date: 2014-12-14 11:45+0000\n"
 "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
 "Language-Team: Hungarian (http://www.transifex.com/projects/p/sssd/language/"
 "hu/)\n"
@@ -20,7 +20,7 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
-"X-Generator: Zanata 3.9.6\n"
+"X-Generator: Zanata 4.4.5\n"
 
 #: src/config/SSSDConfig/__init__.py.in:43
 #: src/config/SSSDConfig/__init__.py.in:44
@@ -1465,6 +1465,14 @@ msgstr ""
 msgid "PAM stack to use"
 msgstr ""
 
+#: src/config/SSSDConfig/__init__.py.in:479
+msgid "Path of passwd file sources."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:480
+msgid "Path of group file sources."
+msgstr ""
+
 #: src/monitor/monitor.c:2449
 msgid "Become a daemon (default)"
 msgstr ""
@@ -1493,23 +1501,23 @@ msgstr ""
 msgid "SSSD is already running\n"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:3216 src/providers/ldap/ldap_child.c:617
+#: src/providers/krb5/krb5_child.c:3216 src/providers/ldap/ldap_child.c:605
 msgid "Debug level"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:3218 src/providers/ldap/ldap_child.c:619
+#: src/providers/krb5/krb5_child.c:3218 src/providers/ldap/ldap_child.c:607
 msgid "Add debug timestamps"
 msgstr "Időbélyegek a hibakeresési kimenetben"
 
-#: src/providers/krb5/krb5_child.c:3220 src/providers/ldap/ldap_child.c:621
+#: src/providers/krb5/krb5_child.c:3220 src/providers/ldap/ldap_child.c:609
 msgid "Show timestamps with microseconds"
 msgstr "Mikroszekundum pontosságú időbélyegek"
 
-#: src/providers/krb5/krb5_child.c:3222 src/providers/ldap/ldap_child.c:623
+#: src/providers/krb5/krb5_child.c:3222 src/providers/ldap/ldap_child.c:611
 msgid "An open file descriptor for the debug logs"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:3225 src/providers/ldap/ldap_child.c:625
+#: src/providers/krb5/krb5_child.c:3225 src/providers/ldap/ldap_child.c:613
 msgid "Send the debug output to stderr directly."
 msgstr ""
 
@@ -1655,9 +1663,8 @@ msgid "Password: "
 msgstr "Jelszó: "
 
 #: src/sss_client/pam_sss.c:2201 src/sss_client/pam_sss.c:2204
-#, fuzzy
 msgid "First Factor (Current Password): "
-msgstr "Jelenlegi jelszó:"
+msgstr ""
 
 #: src/sss_client/pam_sss.c:2208
 msgid "Current Password: "
diff --git a/po/id.po b/po/id.po
index d8fed31..12cfbd9 100644
--- a/po/id.po
+++ b/po/id.po
@@ -7,8 +7,8 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2018-03-09 12:31+0100\n"
-"PO-Revision-Date: 2014-12-14 11:46-0500\n"
+"POT-Creation-Date: 2018-06-08 21:01+0200\n"
+"PO-Revision-Date: 2014-12-14 11:46+0000\n"
 "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
 "Language-Team: Indonesian (http://www.transifex.com/projects/p/sssd/language/"
 "id/)\n"
@@ -17,7 +17,7 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=1; plural=0;\n"
-"X-Generator: Zanata 3.9.6\n"
+"X-Generator: Zanata 4.4.5\n"
 
 #: src/config/SSSDConfig/__init__.py.in:43
 #: src/config/SSSDConfig/__init__.py.in:44
@@ -412,9 +412,8 @@ msgid "SELinux provider"
 msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:158
-#, fuzzy
 msgid "Session management provider"
-msgstr "Penyedia pengubah kata sandi"
+msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:161
 msgid "Whether the domain is usable by the OS or by applications"
@@ -1463,6 +1462,14 @@ msgstr ""
 msgid "PAM stack to use"
 msgstr ""
 
+#: src/config/SSSDConfig/__init__.py.in:479
+msgid "Path of passwd file sources."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:480
+msgid "Path of group file sources."
+msgstr ""
+
 #: src/monitor/monitor.c:2449
 msgid "Become a daemon (default)"
 msgstr ""
@@ -1491,23 +1498,23 @@ msgstr ""
 msgid "SSSD is already running\n"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:3216 src/providers/ldap/ldap_child.c:617
+#: src/providers/krb5/krb5_child.c:3216 src/providers/ldap/ldap_child.c:605
 msgid "Debug level"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:3218 src/providers/ldap/ldap_child.c:619
+#: src/providers/krb5/krb5_child.c:3218 src/providers/ldap/ldap_child.c:607
 msgid "Add debug timestamps"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:3220 src/providers/ldap/ldap_child.c:621
+#: src/providers/krb5/krb5_child.c:3220 src/providers/ldap/ldap_child.c:609
 msgid "Show timestamps with microseconds"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:3222 src/providers/ldap/ldap_child.c:623
+#: src/providers/krb5/krb5_child.c:3222 src/providers/ldap/ldap_child.c:611
 msgid "An open file descriptor for the debug logs"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:3225 src/providers/ldap/ldap_child.c:625
+#: src/providers/krb5/krb5_child.c:3225 src/providers/ldap/ldap_child.c:613
 msgid "Send the debug output to stderr directly."
 msgstr ""
 
@@ -1653,9 +1660,8 @@ msgid "Password: "
 msgstr "Kata sandi:"
 
 #: src/sss_client/pam_sss.c:2201 src/sss_client/pam_sss.c:2204
-#, fuzzy
 msgid "First Factor (Current Password): "
-msgstr "Kata sandi saat ini:"
+msgstr ""
 
 #: src/sss_client/pam_sss.c:2208
 msgid "Current Password: "
diff --git a/po/it.po b/po/it.po
index 35510a3..e2cfd6a 100644
--- a/po/it.po
+++ b/po/it.po
@@ -8,8 +8,8 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2018-03-09 12:31+0100\n"
-"PO-Revision-Date: 2014-12-14 11:46-0500\n"
+"POT-Creation-Date: 2018-06-08 21:01+0200\n"
+"PO-Revision-Date: 2014-12-14 11:46+0000\n"
 "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
 "Language-Team: Italian (http://www.transifex.com/projects/p/sssd/language/"
 "it/)\n"
@@ -18,7 +18,7 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
-"X-Generator: Zanata 3.9.6\n"
+"X-Generator: Zanata 4.4.5\n"
 
 #: src/config/SSSDConfig/__init__.py.in:43
 #: src/config/SSSDConfig/__init__.py.in:44
@@ -416,9 +416,8 @@ msgid "SELinux provider"
 msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:158
-#, fuzzy
 msgid "Session management provider"
-msgstr "Provider di cambio password"
+msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:161
 msgid "Whether the domain is usable by the OS or by applications"
@@ -1474,6 +1473,14 @@ msgstr ""
 msgid "PAM stack to use"
 msgstr "Stack PAM da usare"
 
+#: src/config/SSSDConfig/__init__.py.in:479
+msgid "Path of passwd file sources."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:480
+msgid "Path of group file sources."
+msgstr ""
+
 #: src/monitor/monitor.c:2449
 msgid "Become a daemon (default)"
 msgstr "Esegui come demone (default)"
@@ -1502,23 +1509,23 @@ msgstr ""
 msgid "SSSD is already running\n"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:3216 src/providers/ldap/ldap_child.c:617
+#: src/providers/krb5/krb5_child.c:3216 src/providers/ldap/ldap_child.c:605
 msgid "Debug level"
 msgstr "Livello debug"
 
-#: src/providers/krb5/krb5_child.c:3218 src/providers/ldap/ldap_child.c:619
+#: src/providers/krb5/krb5_child.c:3218 src/providers/ldap/ldap_child.c:607
 msgid "Add debug timestamps"
 msgstr "Includi timestamp di debug"
 
-#: src/providers/krb5/krb5_child.c:3220 src/providers/ldap/ldap_child.c:621
+#: src/providers/krb5/krb5_child.c:3220 src/providers/ldap/ldap_child.c:609
 msgid "Show timestamps with microseconds"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:3222 src/providers/ldap/ldap_child.c:623
+#: src/providers/krb5/krb5_child.c:3222 src/providers/ldap/ldap_child.c:611
 msgid "An open file descriptor for the debug logs"
 msgstr "Un descrittore di file aperto per l'output di debug"
 
-#: src/providers/krb5/krb5_child.c:3225 src/providers/ldap/ldap_child.c:625
+#: src/providers/krb5/krb5_child.c:3225 src/providers/ldap/ldap_child.c:613
 msgid "Send the debug output to stderr directly."
 msgstr ""
 
@@ -1664,9 +1671,8 @@ msgid "Password: "
 msgstr "Password: "
 
 #: src/sss_client/pam_sss.c:2201 src/sss_client/pam_sss.c:2204
-#, fuzzy
 msgid "First Factor (Current Password): "
-msgstr "Password corrente: "
+msgstr ""
 
 #: src/sss_client/pam_sss.c:2208
 msgid "Current Password: "
@@ -2576,9 +2582,8 @@ msgid "Unable to archive log files\n"
 msgstr ""
 
 #: src/tools/sssctl/sssctl_logs.c:317
-#, fuzzy
 msgid "Specify debug level you want to set"
-msgstr "Il livello di debug da utilizzare"
+msgstr ""
 
 #: src/tools/sssctl/sssctl_sifp.c:28
 msgid ""
diff --git a/po/ja.po b/po/ja.po
index 8d078aa..5fd0196 100644
--- a/po/ja.po
+++ b/po/ja.po
@@ -9,8 +9,8 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2018-03-09 12:31+0100\n"
-"PO-Revision-Date: 2016-08-18 08:06-0400\n"
+"POT-Creation-Date: 2018-06-08 21:01+0200\n"
+"PO-Revision-Date: 2016-08-18 08:06+0000\n"
 "Last-Translator: Noriko Mizumoto <noriko@redhat.com>\n"
 "Language-Team: Japanese (http://www.transifex.com/projects/p/sssd/language/"
 "ja/)\n"
@@ -19,7 +19,7 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=1; plural=0;\n"
-"X-Generator: Zanata 3.9.6\n"
+"X-Generator: Zanata 4.4.5\n"
 
 #: src/config/SSSDConfig/__init__.py.in:43
 #: src/config/SSSDConfig/__init__.py.in:44
@@ -320,9 +320,8 @@ msgid "The maximum number of secrets that can be stored"
 msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:132
-#, fuzzy
 msgid "The maximum number of secrets that can be stored per UID"
-msgstr "このレスポンダーににより開かれるファイル記述子の数"
+msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:133
 msgid "The maximum payload size of a secret in kilobytes"
@@ -421,9 +420,8 @@ msgid "SELinux provider"
 msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:158
-#, fuzzy
 msgid "Session management provider"
-msgstr "パスワード変更プロバイダー"
+msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:161
 msgid "Whether the domain is usable by the OS or by applications"
@@ -552,9 +550,8 @@ msgid "How long can cached credentials be used for cached authentication"
 msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:198
-#, fuzzy
 msgid "Whether to automatically create private groups for users"
-msgstr "自動的にクライアントの DNS エントリーを更新するかどうか"
+msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:201
 msgid "IPA domain"
@@ -641,23 +638,20 @@ msgid "Objectclass for group override objects"
 msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:223
-#, fuzzy
 msgid "Search base for Desktop Profile related objects"
-msgstr "HBAC 関連オブジェクトの検索ベース"
+msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:224
-#, fuzzy
 msgid ""
 "The amount of time in seconds between lookups of the Desktop Profile rules "
 "against the IPA server"
-msgstr "IPA サーバーに対する SELinux マップの検索の間の秒単位の合計時間"
+msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:225
-#, fuzzy
 msgid ""
 "The amount of time in minutes between lookups of Desktop Profiles rules "
 "against the IPA server when the last request did not find any rule"
-msgstr "IPA サーバーに対する HBAC ルールを検索している間の合計時間"
+msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:228
 msgid "Active Directory domain"
@@ -1107,9 +1101,8 @@ msgid "Attribute listing authorized server hosts"
 msgstr "認可されたサーバーホストを一覧化する属性"
 
 #: src/config/SSSDConfig/__init__.py.in:353
-#, fuzzy
 msgid "Attribute listing authorized server rhosts"
-msgstr "認可されたサーバーホストを一覧化する属性"
+msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:354
 msgid "krbLastPwdChange attribute"
@@ -1208,9 +1201,8 @@ msgid "The LDAP group external member attribute"
 msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:384
-#, fuzzy
 msgid "Maximum nesting level SSSD will follow"
-msgstr "SSSd がしたがう最大入れ子レベル"
+msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:386
 msgid "Base DN for netgroup lookups"
@@ -1487,6 +1479,14 @@ msgstr "可能ならばキャッシュから正規化されたグループ名を
 msgid "PAM stack to use"
 msgstr "使用する PAM スタック"
 
+#: src/config/SSSDConfig/__init__.py.in:479
+msgid "Path of passwd file sources."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:480
+msgid "Path of group file sources."
+msgstr ""
+
 #: src/monitor/monitor.c:2449
 msgid "Become a daemon (default)"
 msgstr "デーモンとして実行（デフォルト）"
@@ -1515,23 +1515,23 @@ msgstr "バージョン番号を表示して終了する"
 msgid "SSSD is already running\n"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:3216 src/providers/ldap/ldap_child.c:617
+#: src/providers/krb5/krb5_child.c:3216 src/providers/ldap/ldap_child.c:605
 msgid "Debug level"
 msgstr "デバッグレベル"
 
-#: src/providers/krb5/krb5_child.c:3218 src/providers/ldap/ldap_child.c:619
+#: src/providers/krb5/krb5_child.c:3218 src/providers/ldap/ldap_child.c:607
 msgid "Add debug timestamps"
 msgstr "デバッグのタイムスタンプを追加する"
 
-#: src/providers/krb5/krb5_child.c:3220 src/providers/ldap/ldap_child.c:621
+#: src/providers/krb5/krb5_child.c:3220 src/providers/ldap/ldap_child.c:609
 msgid "Show timestamps with microseconds"
 msgstr "タイムスタンプをミリ秒単位で表示する"
 
-#: src/providers/krb5/krb5_child.c:3222 src/providers/ldap/ldap_child.c:623
+#: src/providers/krb5/krb5_child.c:3222 src/providers/ldap/ldap_child.c:611
 msgid "An open file descriptor for the debug logs"
 msgstr "デバッグログのオープンファイルディスクリプター"
 
-#: src/providers/krb5/krb5_child.c:3225 src/providers/ldap/ldap_child.c:625
+#: src/providers/krb5/krb5_child.c:3225 src/providers/ldap/ldap_child.c:613
 msgid "Send the debug output to stderr directly."
 msgstr ""
 
@@ -1677,9 +1677,8 @@ msgid "Password: "
 msgstr "パスワード: "
 
 #: src/sss_client/pam_sss.c:2201 src/sss_client/pam_sss.c:2204
-#, fuzzy
 msgid "First Factor (Current Password): "
-msgstr "現在のパスワード: "
+msgstr ""
 
 #: src/sss_client/pam_sss.c:2208
 msgid "Current Password: "
@@ -2601,9 +2600,8 @@ msgid "Unable to archive log files\n"
 msgstr ""
 
 #: src/tools/sssctl/sssctl_logs.c:317
-#, fuzzy
 msgid "Specify debug level you want to set"
-msgstr "設定したいデバッグレベルを指定する\n"
+msgstr ""
 
 #: src/tools/sssctl/sssctl_sifp.c:28
 msgid ""
@@ -2843,6 +2841,3 @@ msgstr ""
 #: src/util/util.h:87
 msgid "Informs that the responder has been dbus-activated"
 msgstr ""
-
-#~ msgid "Only one argument expected\n"
-#~ msgstr "引数が一つのみ期待されます\n"
diff --git a/po/nb.po b/po/nb.po
index 5ca71ab..29a8ca2 100644
--- a/po/nb.po
+++ b/po/nb.po
@@ -8,8 +8,8 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2018-03-09 12:31+0100\n"
-"PO-Revision-Date: 2014-12-14 11:46-0500\n"
+"POT-Creation-Date: 2018-06-08 21:01+0200\n"
+"PO-Revision-Date: 2014-12-14 11:46+0000\n"
 "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
 "Language-Team: Norwegian Bokmål (http://www.transifex.com/projects/p/sssd/"
 "language/nb/)\n"
@@ -18,7 +18,7 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
-"X-Generator: Zanata 3.9.6\n"
+"X-Generator: Zanata 4.4.5\n"
 
 #: src/config/SSSDConfig/__init__.py.in:43
 #: src/config/SSSDConfig/__init__.py.in:44
@@ -413,9 +413,8 @@ msgid "SELinux provider"
 msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:158
-#, fuzzy
 msgid "Session management provider"
-msgstr "Passordbyttetilbyder"
+msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:161
 msgid "Whether the domain is usable by the OS or by applications"
@@ -1464,6 +1463,14 @@ msgstr ""
 msgid "PAM stack to use"
 msgstr ""
 
+#: src/config/SSSDConfig/__init__.py.in:479
+msgid "Path of passwd file sources."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:480
+msgid "Path of group file sources."
+msgstr ""
+
 #: src/monitor/monitor.c:2449
 msgid "Become a daemon (default)"
 msgstr ""
@@ -1492,23 +1499,23 @@ msgstr ""
 msgid "SSSD is already running\n"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:3216 src/providers/ldap/ldap_child.c:617
+#: src/providers/krb5/krb5_child.c:3216 src/providers/ldap/ldap_child.c:605
 msgid "Debug level"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:3218 src/providers/ldap/ldap_child.c:619
+#: src/providers/krb5/krb5_child.c:3218 src/providers/ldap/ldap_child.c:607
 msgid "Add debug timestamps"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:3220 src/providers/ldap/ldap_child.c:621
+#: src/providers/krb5/krb5_child.c:3220 src/providers/ldap/ldap_child.c:609
 msgid "Show timestamps with microseconds"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:3222 src/providers/ldap/ldap_child.c:623
+#: src/providers/krb5/krb5_child.c:3222 src/providers/ldap/ldap_child.c:611
 msgid "An open file descriptor for the debug logs"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:3225 src/providers/ldap/ldap_child.c:625
+#: src/providers/krb5/krb5_child.c:3225 src/providers/ldap/ldap_child.c:613
 msgid "Send the debug output to stderr directly."
 msgstr ""
 
diff --git a/po/nl.po b/po/nl.po
index 3c60422..f3217f6 100644
--- a/po/nl.po
+++ b/po/nl.po
@@ -13,8 +13,8 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2018-03-09 12:31+0100\n"
-"PO-Revision-Date: 2014-12-14 11:47-0500\n"
+"POT-Creation-Date: 2018-06-08 21:01+0200\n"
+"PO-Revision-Date: 2014-12-14 11:47+0000\n"
 "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
 "Language-Team: Dutch (http://www.transifex.com/projects/p/sssd/language/"
 "nl/)\n"
@@ -23,7 +23,7 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
-"X-Generator: Zanata 3.9.6\n"
+"X-Generator: Zanata 4.4.5\n"
 
 #: src/config/SSSDConfig/__init__.py.in:43
 #: src/config/SSSDConfig/__init__.py.in:44
@@ -341,11 +341,8 @@ msgid "The maximum number of secrets that can be stored"
 msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:132
-#, fuzzy
 msgid "The maximum number of secrets that can be stored per UID"
 msgstr ""
-"Het aantal bestand descriptors die door deze beantwoorder geopend mogen "
-"worden"
 
 #: src/config/SSSDConfig/__init__.py.in:133
 msgid "The maximum payload size of a secret in kilobytes"
@@ -444,9 +441,8 @@ msgid "SELinux provider"
 msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:158
-#, fuzzy
 msgid "Session management provider"
-msgstr "Wachtwoordwijzigingsaanbieder"
+msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:161
 msgid "Whether the domain is usable by the OS or by applications"
@@ -585,9 +581,8 @@ msgid "How long can cached credentials be used for cached authentication"
 msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:198
-#, fuzzy
 msgid "Whether to automatically create private groups for users"
-msgstr "Of de DNS ingang van de cliënt automatisch vernieuwd moet worden"
+msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:201
 msgid "IPA domain"
@@ -680,25 +675,20 @@ msgid "Objectclass for group override objects"
 msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:223
-#, fuzzy
 msgid "Search base for Desktop Profile related objects"
-msgstr "Zoek basis voor HBAC gerelateerde objecten"
+msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:224
-#, fuzzy
 msgid ""
 "The amount of time in seconds between lookups of the Desktop Profile rules "
 "against the IPA server"
 msgstr ""
-"De tijdsduur in seconden tussen zoekopdrachten in de SELinux mappen voor de "
-"IPA server"
 
 #: src/config/SSSDConfig/__init__.py.in:225
-#, fuzzy
 msgid ""
 "The amount of time in minutes between lookups of Desktop Profiles rules "
 "against the IPA server when the last request did not find any rule"
-msgstr "De tijdsduur tussen het opzoeken van HBAC regels voor de IPA server"
+msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:228
 msgid "Active Directory domain"
@@ -1158,9 +1148,8 @@ msgid "Attribute listing authorized server hosts"
 msgstr "Attribuut dat geautoriseerde server hosts toont"
 
 #: src/config/SSSDConfig/__init__.py.in:353
-#, fuzzy
 msgid "Attribute listing authorized server rhosts"
-msgstr "Attribuut dat geautoriseerde server hosts toont"
+msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:354
 msgid "krbLastPwdChange attribute"
@@ -1259,9 +1248,8 @@ msgid "The LDAP group external member attribute"
 msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:384
-#, fuzzy
 msgid "Maximum nesting level SSSD will follow"
-msgstr "Maximale nest niveau  dat SSSd zal volgen"
+msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:386
 msgid "Base DN for netgroup lookups"
@@ -1545,6 +1533,14 @@ msgstr "Moet indien mogelijk canonieke groepsnaam in cache opgezocht worden "
 msgid "PAM stack to use"
 msgstr "PAM-stack die gebruikt wordt"
 
+#: src/config/SSSDConfig/__init__.py.in:479
+msgid "Path of passwd file sources."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:480
+msgid "Path of group file sources."
+msgstr ""
+
 #: src/monitor/monitor.c:2449
 msgid "Become a daemon (default)"
 msgstr "Start in de achtergrond (standaard)"
@@ -1573,23 +1569,23 @@ msgstr "Print versie nummer en sluit af"
 msgid "SSSD is already running\n"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:3216 src/providers/ldap/ldap_child.c:617
+#: src/providers/krb5/krb5_child.c:3216 src/providers/ldap/ldap_child.c:605
 msgid "Debug level"
 msgstr "Debug niveau"
 
-#: src/providers/krb5/krb5_child.c:3218 src/providers/ldap/ldap_child.c:619
+#: src/providers/krb5/krb5_child.c:3218 src/providers/ldap/ldap_child.c:607
 msgid "Add debug timestamps"
 msgstr "Voeg tijdstempels toe aan debugberichten"
 
-#: src/providers/krb5/krb5_child.c:3220 src/providers/ldap/ldap_child.c:621
+#: src/providers/krb5/krb5_child.c:3220 src/providers/ldap/ldap_child.c:609
 msgid "Show timestamps with microseconds"
 msgstr "Toon tijdstempel met microseconden"
 
-#: src/providers/krb5/krb5_child.c:3222 src/providers/ldap/ldap_child.c:623
+#: src/providers/krb5/krb5_child.c:3222 src/providers/ldap/ldap_child.c:611
 msgid "An open file descriptor for the debug logs"
 msgstr "Een geopend bestand voor de debug logs"
 
-#: src/providers/krb5/krb5_child.c:3225 src/providers/ldap/ldap_child.c:625
+#: src/providers/krb5/krb5_child.c:3225 src/providers/ldap/ldap_child.c:613
 msgid "Send the debug output to stderr directly."
 msgstr ""
 
@@ -1737,9 +1733,8 @@ msgid "Password: "
 msgstr "Wachtwoord: "
 
 #: src/sss_client/pam_sss.c:2201 src/sss_client/pam_sss.c:2204
-#, fuzzy
 msgid "First Factor (Current Password): "
-msgstr "Huidig wachtwoord:"
+msgstr ""
 
 #: src/sss_client/pam_sss.c:2208
 msgid "Current Password: "
@@ -2666,9 +2661,8 @@ msgid "Unable to archive log files\n"
 msgstr ""
 
 #: src/tools/sssctl/sssctl_logs.c:317
-#, fuzzy
 msgid "Specify debug level you want to set"
-msgstr "Specificeer het debug niveau dat je wilt instellen\n"
+msgstr ""
 
 #: src/tools/sssctl/sssctl_sifp.c:28
 msgid ""
@@ -2908,6 +2902,3 @@ msgstr ""
 #: src/util/util.h:87
 msgid "Informs that the responder has been dbus-activated"
 msgstr ""
-
-#~ msgid "Only one argument expected\n"
-#~ msgstr "Er wordt slechts een argument verwacht\n"
diff --git a/po/pl.po b/po/pl.po
index 9539dd8..634026d 100644
--- a/po/pl.po
+++ b/po/pl.po
@@ -8,12 +8,13 @@
 # Piotr Drąg <piotrdrag@gmail.com>, 2015. #zanata
 # Piotr Drąg <piotrdrag@gmail.com>, 2016. #zanata
 # Piotr Drąg <piotrdrag@gmail.com>, 2017. #zanata
+# Piotr Drąg <piotrdrag@gmail.com>, 2018. #zanata
 msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2018-03-09 12:31+0100\n"
-"PO-Revision-Date: 2017-07-27 08:24-0400\n"
+"POT-Creation-Date: 2018-06-08 21:01+0200\n"
+"PO-Revision-Date: 2018-03-09 11:38+0000\n"
 "Last-Translator: Piotr Drąg <piotrdrag@gmail.com>\n"
 "Language-Team: Polish (http://www.transifex.com/projects/p/sssd/language/"
 "pl/)\n"
@@ -23,7 +24,7 @@ msgstr ""
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=3; plural=(n==1 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 "
 "|| n%100>=20) ? 1 : 2);\n"
-"X-Generator: Zanata 3.9.6\n"
+"X-Generator: Zanata 4.4.5\n"
 
 #: src/config/SSSDConfig/__init__.py.in:43
 #: src/config/SSSDConfig/__init__.py.in:44
@@ -236,9 +237,8 @@ msgstr ""
 "Jaki rodzaj komunikatów wyświetlać użytkownikowi podczas uwierzytelniania"
 
 #: src/config/SSSDConfig/__init__.py.in:95
-#, fuzzy
 msgid "Filter PAM responses sent to the pam_sss"
-msgstr "Filtruje odpowiedzi NSS wysyłane do pam_sss"
+msgstr "Filtruje odpowiedzi PAM wysłane do pam_sss"
 
 #: src/config/SSSDConfig/__init__.py.in:96
 msgid "How many seconds to keep identity information cached for PAM requests"
@@ -271,7 +271,6 @@ msgid "Allow certificate based/Smartcard authentication."
 msgstr "Zezwala na uwierzytelnianie za pomocą certyfikatów/smartcard."
 
 #: src/config/SSSDConfig/__init__.py.in:103
-#, fuzzy
 msgid "Path to certificate database with PKCS#11 modules."
 msgstr "Ścieżka do bazy danych certyfikatów z modułami PKCS#11."
 
@@ -298,6 +297,8 @@ msgid ""
 "Maximum number of rules that can be refreshed at once. If this is exceeded, "
 "full refresh is performed."
 msgstr ""
+"Maksymalna liczba reguł, jaką można odświeżyć jednocześnie. Jeśli zostanie "
+"przekroczona, wykonywane jest pełne odświeżenie."
 
 #: src/config/SSSDConfig/__init__.py.in:116
 msgid "Whether to hash host names and addresses in the known_hosts file"
@@ -347,9 +348,8 @@ msgid "The maximum number of secrets that can be stored"
 msgstr "Maksymalna liczba przechowywanych haseł"
 
 #: src/config/SSSDConfig/__init__.py.in:132
-#, fuzzy
 msgid "The maximum number of secrets that can be stored per UID"
-msgstr "Maksymalna liczba przechowywanych haseł"
+msgstr "Maksymalna liczba haseł przechowywanych na UID"
 
 #: src/config/SSSDConfig/__init__.py.in:133
 msgid "The maximum payload size of a secret in kilobytes"
@@ -402,7 +402,6 @@ msgstr ""
 "protokołu HTTPS"
 
 #: src/config/SSSDConfig/__init__.py.in:143
-#, fuzzy
 msgid ""
 "If false peer's certificate may contain different hostname than proxy_url "
 "when https protocol is used"
@@ -459,9 +458,8 @@ msgid "SELinux provider"
 msgstr "Dostawca SELinuksa"
 
 #: src/config/SSSDConfig/__init__.py.in:158
-#, fuzzy
 msgid "Session management provider"
-msgstr "Dostawca zmiany hasła"
+msgstr "Dostawca zarządzania sesją"
 
 #: src/config/SSSDConfig/__init__.py.in:161
 msgid "Whether the domain is usable by the OS or by applications"
@@ -601,9 +599,8 @@ msgstr ""
 "uwierzytelniania w pamięci podręcznej"
 
 #: src/config/SSSDConfig/__init__.py.in:198
-#, fuzzy
 msgid "Whether to automatically create private groups for users"
-msgstr "Czy automatycznie aktualizować wpis DNS klienta"
+msgstr "Czy automatycznie tworzyć prywatne grupy dla użytkowników"
 
 #: src/config/SSSDConfig/__init__.py.in:201
 msgid "IPA domain"
@@ -696,23 +693,23 @@ msgid "Objectclass for group override objects"
 msgstr "Klasa obiektów dla obiektów zastępowania grup"
 
 #: src/config/SSSDConfig/__init__.py.in:223
-#, fuzzy
 msgid "Search base for Desktop Profile related objects"
-msgstr "Podstawa wyszukiwania pod kątem obiektów związanych z HBAC"
+msgstr "Podstawa wyszukiwania pod kątem obiektów związanych z profilem pulpitu"
 
 #: src/config/SSSDConfig/__init__.py.in:224
-#, fuzzy
 msgid ""
 "The amount of time in seconds between lookups of the Desktop Profile rules "
 "against the IPA server"
-msgstr "Czas w sekundach między wyszukiwaniami map SELinuksa w serwerze IPA"
+msgstr ""
+"Czas w sekundach między wyszukiwaniami reguł profilu pulpitu w serwerze IPA"
 
 #: src/config/SSSDConfig/__init__.py.in:225
-#, fuzzy
 msgid ""
 "The amount of time in minutes between lookups of Desktop Profiles rules "
 "against the IPA server when the last request did not find any rule"
-msgstr "Czas między wyszukiwaniami reguł HBAC w serwerze IPA"
+msgstr ""
+"Czas w minutach między wyszukiwaniami reguł profilów pulpitu w serwerze IPA, "
+"kiedy ostatnie żądanie nie odnalazło żadnej reguły"
 
 #: src/config/SSSDConfig/__init__.py.in:228
 msgid "Active Directory domain"
@@ -815,7 +812,6 @@ msgstr ""
 "Maksymalny wiek w dniach przed wymaganiem odnowienia hasła konta komputera"
 
 #: src/config/SSSDConfig/__init__.py.in:248
-#, fuzzy
 msgid "Option for tuning the machine account renewal task"
 msgstr "Opcja dostrajania zadania odnawiania konta komputera"
 
@@ -896,7 +892,6 @@ msgid "Enables enterprise principals"
 msgstr "Włącza naczelników enterprise"
 
 #: src/config/SSSDConfig/__init__.py.in:272
-#, fuzzy
 msgid "A mapping from user names to Kerberos principal names"
 msgstr "Mapa nazw użytkowników do nazw naczelników Kerberos"
 
@@ -1183,9 +1178,8 @@ msgid "Attribute listing authorized server hosts"
 msgstr "Atrybut zawierający listę upoważnionych komputerów serwerowych"
 
 #: src/config/SSSDConfig/__init__.py.in:353
-#, fuzzy
 msgid "Attribute listing authorized server rhosts"
-msgstr "Atrybut zawierający listę upoważnionych komputerów serwerowych"
+msgstr "Atrybut zawierający listę upoważnionych rhosts serwera"
 
 #: src/config/SSSDConfig/__init__.py.in:354
 msgid "krbLastPwdChange attribute"
@@ -1285,7 +1279,6 @@ msgid "The LDAP group external member attribute"
 msgstr "Atrybut zewnętrznego członka grupy LDAP"
 
 #: src/config/SSSDConfig/__init__.py.in:384
-#, fuzzy
 msgid "Maximum nesting level SSSD will follow"
 msgstr "Maksymalny poziom zagnieżdżenia, jaki usługa SSSD będzie używała"
 
@@ -1571,6 +1564,14 @@ msgstr ""
 msgid "PAM stack to use"
 msgstr "Używany stos PAM"
 
+#: src/config/SSSDConfig/__init__.py.in:479
+msgid "Path of passwd file sources."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:480
+msgid "Path of group file sources."
+msgstr ""
+
 #: src/monitor/monitor.c:2449
 msgid "Become a daemon (default)"
 msgstr "Uruchamia jako usługa (domyślnie)"
@@ -1599,23 +1600,23 @@ msgstr "Wyświetla numer wersji i kończy działanie"
 msgid "SSSD is already running\n"
 msgstr "Usługa SSSD jest już uruchomiona\n"
 
-#: src/providers/krb5/krb5_child.c:3216 src/providers/ldap/ldap_child.c:617
+#: src/providers/krb5/krb5_child.c:3216 src/providers/ldap/ldap_child.c:605
 msgid "Debug level"
 msgstr "Poziom debugowania"
 
-#: src/providers/krb5/krb5_child.c:3218 src/providers/ldap/ldap_child.c:619
+#: src/providers/krb5/krb5_child.c:3218 src/providers/ldap/ldap_child.c:607
 msgid "Add debug timestamps"
 msgstr "Dodaje czasy debugowania"
 
-#: src/providers/krb5/krb5_child.c:3220 src/providers/ldap/ldap_child.c:621
+#: src/providers/krb5/krb5_child.c:3220 src/providers/ldap/ldap_child.c:609
 msgid "Show timestamps with microseconds"
 msgstr "Wyświetlanie dat z mikrosekundami"
 
-#: src/providers/krb5/krb5_child.c:3222 src/providers/ldap/ldap_child.c:623
+#: src/providers/krb5/krb5_child.c:3222 src/providers/ldap/ldap_child.c:611
 msgid "An open file descriptor for the debug logs"
 msgstr "Otwiera deskryptor pliku dla dzienników debugowania"
 
-#: src/providers/krb5/krb5_child.c:3225 src/providers/ldap/ldap_child.c:625
+#: src/providers/krb5/krb5_child.c:3225 src/providers/ldap/ldap_child.c:613
 msgid "Send the debug output to stderr directly."
 msgstr ""
 "Wysyła wyjście debugowania bezpośrednio do standardowego wyjścia błędów."
@@ -1654,7 +1655,7 @@ msgstr "Żąda ujednolicenie nazwy naczelnika"
 
 #: src/providers/krb5/krb5_child.c:3245
 msgid "Use custom version of krb5_get_init_creds_password"
-msgstr ""
+msgstr "Użycie niestandardowej wersji krb5_get_init_creds_password"
 
 #: src/providers/data_provider_be.c:555
 msgid "Domain of the information provider (mandatory)"
@@ -1764,9 +1765,8 @@ msgid "Password: "
 msgstr "Hasło: "
 
 #: src/sss_client/pam_sss.c:2201 src/sss_client/pam_sss.c:2204
-#, fuzzy
 msgid "First Factor (Current Password): "
-msgstr "Bieżące hasło: "
+msgstr "Pierwszy czynnik (obecne hasło): "
 
 #: src/sss_client/pam_sss.c:2208
 msgid "Current Password: "
@@ -2518,7 +2518,6 @@ msgid "Unable to create backup directory [%d]: %s"
 msgstr "Nie można utworzyć katalogu kopii zapasowej [%d]: %s"
 
 #: src/tools/sssctl/sssctl_data.c:95
-#, fuzzy
 msgid "SSSD backup of local data already exists, override?"
 msgstr "Kopia zapasowa SSSD lokalnych danych już istnieje, zastąpić?"
 
@@ -2704,9 +2703,8 @@ msgid "Unable to archive log files\n"
 msgstr "Nie można zarchiwizować plików dziennika\n"
 
 #: src/tools/sssctl/sssctl_logs.c:317
-#, fuzzy
 msgid "Specify debug level you want to set"
-msgstr "Podaje poziom debugowania do ustawienia\n"
+msgstr "Podaje poziom debugowania do ustawienia"
 
 #: src/tools/sssctl/sssctl_sifp.c:28
 msgid ""
@@ -2827,9 +2825,9 @@ msgid "User name lookup with [%s] failed.\n"
 msgstr "Wyszukanie nazwy użytkownika [%s] się nie powiodło.\n"
 
 #: src/tools/sssctl/sssctl_user_checks.c:237
-#, fuzzy, c-format
+#, c-format
 msgid "InfoPipe User lookup with [%s] failed.\n"
-msgstr "InforPipe Wyszukanie użytkownika z [%s] się nie powiodło.\n"
+msgstr "InfoPipe Wyszukanie użytkownika z [%s] się nie powiodło.\n"
 
 #: src/tools/sssctl/sssctl_user_checks.c:244
 #, c-format
@@ -2979,6 +2977,3 @@ msgstr "Informuje, że program odpowiadający został aktywowany gniazdem"
 #: src/util/util.h:87
 msgid "Informs that the responder has been dbus-activated"
 msgstr "Informuje, że program odpowiadający został aktywowany magistralą D-Bus"
-
-#~ msgid "Only one argument expected\n"
-#~ msgstr "Oczekiwano tylko jednego parametru\n"
diff --git a/po/pt.po b/po/pt.po
index c5f3692..e01392e 100644
--- a/po/pt.po
+++ b/po/pt.po
@@ -7,8 +7,8 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2018-03-09 12:31+0100\n"
-"PO-Revision-Date: 2014-12-14 11:47-0500\n"
+"POT-Creation-Date: 2018-06-08 21:01+0200\n"
+"PO-Revision-Date: 2014-12-14 11:47+0000\n"
 "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
 "Language-Team: Portuguese (http://www.transifex.com/projects/p/sssd/language/"
 "pt/)\n"
@@ -17,7 +17,7 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
-"X-Generator: Zanata 3.9.6\n"
+"X-Generator: Zanata 4.4.5\n"
 
 #: src/config/SSSDConfig/__init__.py.in:43
 #: src/config/SSSDConfig/__init__.py.in:44
@@ -417,9 +417,8 @@ msgid "SELinux provider"
 msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:158
-#, fuzzy
 msgid "Session management provider"
-msgstr "Fornecedor de Alteração de Senha"
+msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:161
 msgid "Whether the domain is usable by the OS or by applications"
@@ -1474,6 +1473,14 @@ msgstr ""
 msgid "PAM stack to use"
 msgstr "Stack PAM a utilizar"
 
+#: src/config/SSSDConfig/__init__.py.in:479
+msgid "Path of passwd file sources."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:480
+msgid "Path of group file sources."
+msgstr ""
+
 #: src/monitor/monitor.c:2449
 msgid "Become a daemon (default)"
 msgstr "Tornar-se num serviço (omissão)"
@@ -1502,23 +1509,23 @@ msgstr ""
 msgid "SSSD is already running\n"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:3216 src/providers/ldap/ldap_child.c:617
+#: src/providers/krb5/krb5_child.c:3216 src/providers/ldap/ldap_child.c:605
 msgid "Debug level"
 msgstr "Nível de depuração"
 
-#: src/providers/krb5/krb5_child.c:3218 src/providers/ldap/ldap_child.c:619
+#: src/providers/krb5/krb5_child.c:3218 src/providers/ldap/ldap_child.c:607
 msgid "Add debug timestamps"
 msgstr "Adicionar tempos na depuração"
 
-#: src/providers/krb5/krb5_child.c:3220 src/providers/ldap/ldap_child.c:621
+#: src/providers/krb5/krb5_child.c:3220 src/providers/ldap/ldap_child.c:609
 msgid "Show timestamps with microseconds"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:3222 src/providers/ldap/ldap_child.c:623
+#: src/providers/krb5/krb5_child.c:3222 src/providers/ldap/ldap_child.c:611
 msgid "An open file descriptor for the debug logs"
 msgstr "Um descritor de ficheiro aberto para os registos de depuração"
 
-#: src/providers/krb5/krb5_child.c:3225 src/providers/ldap/ldap_child.c:625
+#: src/providers/krb5/krb5_child.c:3225 src/providers/ldap/ldap_child.c:613
 msgid "Send the debug output to stderr directly."
 msgstr ""
 
@@ -1664,9 +1671,8 @@ msgid "Password: "
 msgstr "Senha: "
 
 #: src/sss_client/pam_sss.c:2201 src/sss_client/pam_sss.c:2204
-#, fuzzy
 msgid "First Factor (Current Password): "
-msgstr "Senha actual: "
+msgstr ""
 
 #: src/sss_client/pam_sss.c:2208
 msgid "Current Password: "
@@ -2575,9 +2581,8 @@ msgid "Unable to archive log files\n"
 msgstr ""
 
 #: src/tools/sssctl/sssctl_logs.c:317
-#, fuzzy
 msgid "Specify debug level you want to set"
-msgstr "O nível de depuração a utilizar durante a execução"
+msgstr ""
 
 #: src/tools/sssctl/sssctl_sifp.c:28
 msgid ""
diff --git a/po/pt_BR.po b/po/pt_BR.po
index 1b6ad00..7e36a70 100644
--- a/po/pt_BR.po
+++ b/po/pt_BR.po
@@ -3,15 +3,15 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2018-03-09 12:31+0100\n"
-"PO-Revision-Date: 2015-10-27 08:15-0400\n"
+"POT-Creation-Date: 2018-06-08 21:01+0200\n"
+"PO-Revision-Date: 2015-10-27 08:15+0000\n"
 "Last-Translator: Marco Aurélio Krause <ouesten@me.com>\n"
 "Language-Team: Portuguese (Brazil)\n"
-"Language: pt-BR\n"
+"Language: pt_BR\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"X-Generator: Zanata 3.9.6\n"
+"X-Generator: Zanata 4.4.5\n"
 "Plural-Forms: nplurals=2; plural=(n != 1)\n"
 
 #: src/config/SSSDConfig/__init__.py.in:43
@@ -1457,6 +1457,14 @@ msgstr ""
 msgid "PAM stack to use"
 msgstr ""
 
+#: src/config/SSSDConfig/__init__.py.in:479
+msgid "Path of passwd file sources."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:480
+msgid "Path of group file sources."
+msgstr ""
+
 #: src/monitor/monitor.c:2449
 msgid "Become a daemon (default)"
 msgstr ""
@@ -1485,23 +1493,23 @@ msgstr ""
 msgid "SSSD is already running\n"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:3216 src/providers/ldap/ldap_child.c:617
+#: src/providers/krb5/krb5_child.c:3216 src/providers/ldap/ldap_child.c:605
 msgid "Debug level"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:3218 src/providers/ldap/ldap_child.c:619
+#: src/providers/krb5/krb5_child.c:3218 src/providers/ldap/ldap_child.c:607
 msgid "Add debug timestamps"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:3220 src/providers/ldap/ldap_child.c:621
+#: src/providers/krb5/krb5_child.c:3220 src/providers/ldap/ldap_child.c:609
 msgid "Show timestamps with microseconds"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:3222 src/providers/ldap/ldap_child.c:623
+#: src/providers/krb5/krb5_child.c:3222 src/providers/ldap/ldap_child.c:611
 msgid "An open file descriptor for the debug logs"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:3225 src/providers/ldap/ldap_child.c:625
+#: src/providers/krb5/krb5_child.c:3225 src/providers/ldap/ldap_child.c:613
 msgid "Send the debug output to stderr directly."
 msgstr ""
 
diff --git a/po/ru.po b/po/ru.po
index 59b4105..abe92df 100644
--- a/po/ru.po
+++ b/po/ru.po
@@ -9,8 +9,8 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2018-03-09 12:31+0100\n"
-"PO-Revision-Date: 2016-02-23 10:04-0500\n"
+"POT-Creation-Date: 2018-06-08 21:01+0200\n"
+"PO-Revision-Date: 2016-02-23 10:04+0000\n"
 "Last-Translator: Oleksii Levan <exlevan@gmail.com>\n"
 "Language-Team: Russian (http://www.transifex.com/projects/p/sssd/language/"
 "ru/)\n"
@@ -20,7 +20,7 @@ msgstr ""
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n"
 "%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n"
-"X-Generator: Zanata 3.9.6\n"
+"X-Generator: Zanata 4.4.5\n"
 
 #: src/config/SSSDConfig/__init__.py.in:43
 #: src/config/SSSDConfig/__init__.py.in:44
@@ -334,9 +334,8 @@ msgid "The maximum number of secrets that can be stored"
 msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:132
-#, fuzzy
 msgid "The maximum number of secrets that can be stored per UID"
-msgstr "Количество файловых дескрипторов, которые может открыть этот процесс"
+msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:133
 msgid "The maximum payload size of a secret in kilobytes"
@@ -435,9 +434,8 @@ msgid "SELinux provider"
 msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:158
-#, fuzzy
 msgid "Session management provider"
-msgstr "Поставщик операции смены пароля"
+msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:161
 msgid "Whether the domain is usable by the OS or by applications"
@@ -569,9 +567,8 @@ msgid "How long can cached credentials be used for cached authentication"
 msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:198
-#, fuzzy
 msgid "Whether to automatically create private groups for users"
-msgstr "Если требуется автоматическое обновление записи в"
+msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:201
 msgid "IPA domain"
@@ -1494,6 +1491,14 @@ msgstr ""
 msgid "PAM stack to use"
 msgstr "Используемый стек PAM"
 
+#: src/config/SSSDConfig/__init__.py.in:479
+msgid "Path of passwd file sources."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:480
+msgid "Path of group file sources."
+msgstr ""
+
 #: src/monitor/monitor.c:2449
 msgid "Become a daemon (default)"
 msgstr "Запускаться в качестве службы (по умолчанию)"
@@ -1522,23 +1527,23 @@ msgstr ""
 msgid "SSSD is already running\n"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:3216 src/providers/ldap/ldap_child.c:617
+#: src/providers/krb5/krb5_child.c:3216 src/providers/ldap/ldap_child.c:605
 msgid "Debug level"
 msgstr "Уровень отладки"
 
-#: src/providers/krb5/krb5_child.c:3218 src/providers/ldap/ldap_child.c:619
+#: src/providers/krb5/krb5_child.c:3218 src/providers/ldap/ldap_child.c:607
 msgid "Add debug timestamps"
 msgstr "Добавить отладочные отметки времени"
 
-#: src/providers/krb5/krb5_child.c:3220 src/providers/ldap/ldap_child.c:621
+#: src/providers/krb5/krb5_child.c:3220 src/providers/ldap/ldap_child.c:609
 msgid "Show timestamps with microseconds"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:3222 src/providers/ldap/ldap_child.c:623
+#: src/providers/krb5/krb5_child.c:3222 src/providers/ldap/ldap_child.c:611
 msgid "An open file descriptor for the debug logs"
 msgstr "Открытый дескриптор файла для журналов отладки"
 
-#: src/providers/krb5/krb5_child.c:3225 src/providers/ldap/ldap_child.c:625
+#: src/providers/krb5/krb5_child.c:3225 src/providers/ldap/ldap_child.c:613
 msgid "Send the debug output to stderr directly."
 msgstr ""
 
@@ -1686,9 +1691,8 @@ msgid "Password: "
 msgstr "Пароль:"
 
 #: src/sss_client/pam_sss.c:2201 src/sss_client/pam_sss.c:2204
-#, fuzzy
 msgid "First Factor (Current Password): "
-msgstr "Текущий пароль:"
+msgstr ""
 
 #: src/sss_client/pam_sss.c:2208
 msgid "Current Password: "
@@ -2594,9 +2598,8 @@ msgid "Unable to archive log files\n"
 msgstr ""
 
 #: src/tools/sssctl/sssctl_logs.c:317
-#, fuzzy
 msgid "Specify debug level you want to set"
-msgstr "Уровень отладки для запуска"
+msgstr ""
 
 #: src/tools/sssctl/sssctl_sifp.c:28
 msgid ""
diff --git a/po/sssd.pot b/po/sssd.pot
index 473bb8d..85f578f 100644
--- a/po/sssd.pot
+++ b/po/sssd.pot
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2018-03-09 12:31+0100\n"
+"POT-Creation-Date: 2018-06-08 21:01+0200\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -1460,6 +1460,14 @@ msgstr ""
 msgid "PAM stack to use"
 msgstr ""
 
+#: src/config/SSSDConfig/__init__.py.in:479
+msgid "Path of passwd file sources."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:480
+msgid "Path of group file sources."
+msgstr ""
+
 #: src/monitor/monitor.c:2449
 msgid "Become a daemon (default)"
 msgstr ""
@@ -1488,23 +1496,23 @@ msgstr ""
 msgid "SSSD is already running\n"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:3216 src/providers/ldap/ldap_child.c:617
+#: src/providers/krb5/krb5_child.c:3216 src/providers/ldap/ldap_child.c:605
 msgid "Debug level"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:3218 src/providers/ldap/ldap_child.c:619
+#: src/providers/krb5/krb5_child.c:3218 src/providers/ldap/ldap_child.c:607
 msgid "Add debug timestamps"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:3220 src/providers/ldap/ldap_child.c:621
+#: src/providers/krb5/krb5_child.c:3220 src/providers/ldap/ldap_child.c:609
 msgid "Show timestamps with microseconds"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:3222 src/providers/ldap/ldap_child.c:623
+#: src/providers/krb5/krb5_child.c:3222 src/providers/ldap/ldap_child.c:611
 msgid "An open file descriptor for the debug logs"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:3225 src/providers/ldap/ldap_child.c:625
+#: src/providers/krb5/krb5_child.c:3225 src/providers/ldap/ldap_child.c:613
 msgid "Send the debug output to stderr directly."
 msgstr ""
 
diff --git a/po/sv.po b/po/sv.po
index 04ba951..6a42b99 100644
--- a/po/sv.po
+++ b/po/sv.po
@@ -4,13 +4,14 @@
 #
 # Translators:
 # Göran Uddeborg <goeran@uddeborg.se>, 2013-2014
+# Göran Uddeborg <goeran@uddeborg.se>, 2018. #zanata
 msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2018-03-09 12:31+0100\n"
-"PO-Revision-Date: 2014-12-14 11:48-0500\n"
-"Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
+"POT-Creation-Date: 2018-06-08 21:01+0200\n"
+"PO-Revision-Date: 2018-06-03 04:06+0000\n"
+"Last-Translator: Göran Uddeborg <goeran@uddeborg.se>\n"
 "Language-Team: Swedish (http://www.transifex.com/projects/p/sssd/language/"
 "sv/)\n"
 "Language: sv\n"
@@ -18,7 +19,7 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
-"X-Generator: Zanata 3.9.6\n"
+"X-Generator: Zanata 4.4.5\n"
 
 #: src/config/SSSDConfig/__init__.py.in:43
 #: src/config/SSSDConfig/__init__.py.in:44
@@ -39,7 +40,7 @@ msgstr "Skriv felmeddelanden till loggfiler"
 
 #: src/config/SSSDConfig/__init__.py.in:48
 msgid "Watchdog timeout before restarting service"
-msgstr ""
+msgstr "Vakthundstidsgräns före tjänst startas om"
 
 #: src/config/SSSDConfig/__init__.py.in:49
 msgid "Command to start service"
@@ -59,11 +60,11 @@ msgstr "Inaktiv tid före en klient automatiskt kopplas ifrån"
 
 #: src/config/SSSDConfig/__init__.py.in:53
 msgid "Idle time before automatic shutdown of the responder"
-msgstr ""
+msgstr "Inaktiv tid före den svarande automatiskt stängs av"
 
 #: src/config/SSSDConfig/__init__.py.in:54
 msgid "Always query all the caches before querying the Data Providers"
-msgstr ""
+msgstr "Fråga alltid alla cacharna före dataleverantörerna frågas"
 
 #: src/config/SSSDConfig/__init__.py.in:57
 msgid "SSSD Services to start"
@@ -101,27 +102,30 @@ msgstr "Domän att lägga till till namn utan en domändel."
 
 #: src/config/SSSDConfig/__init__.py.in:64
 msgid "The user to drop privileges to"
-msgstr ""
+msgstr "Användaren skall släppa behörigheter till"
 
 #: src/config/SSSDConfig/__init__.py.in:65
 msgid "Tune certificate verification"
-msgstr ""
+msgstr "Trimma certifikatverifikation"
 
 #: src/config/SSSDConfig/__init__.py.in:66
 msgid "All spaces in group or user names will be replaced with this character"
 msgstr ""
+"Alla mellanrum i grupp- eller användarnamn kommer att ersättas med detta "
+"tecken"
 
 #: src/config/SSSDConfig/__init__.py.in:67
 msgid "Tune sssd to honor or ignore netlink state changes"
 msgstr ""
+"Trimma sssd till att beakta eller ignorera ändringar av netlink-tillståndet"
 
 #: src/config/SSSDConfig/__init__.py.in:68
 msgid "Enable or disable the implicit files domain"
-msgstr ""
+msgstr "Aktivera eller avaktivera den implicita fildomänen"
 
 #: src/config/SSSDConfig/__init__.py.in:69
 msgid "A specific order of the domains to be looked up"
-msgstr ""
+msgstr "En specifik ordning på domänerna som skall slås upp"
 
 #: src/config/SSSDConfig/__init__.py.in:72
 msgid "Enumeration cache timeout length (seconds)"
@@ -138,7 +142,7 @@ msgstr "Tidsgränslängd för negativ cache (sekunder)"
 
 #: src/config/SSSDConfig/__init__.py.in:75
 msgid "Files negative cache timeout length (seconds)"
-msgstr ""
+msgstr "Tidsgränslängd för negativ filcache (sekunder)"
 
 #: src/config/SSSDConfig/__init__.py.in:76
 msgid "Users that SSSD should explicitly ignore"
@@ -154,7 +158,7 @@ msgstr "Skall filtrerade användare förekomma i grupper"
 
 #: src/config/SSSDConfig/__init__.py.in:79
 msgid "The value of the password field the NSS provider should return"
-msgstr "Värdet på lösenordfältet som NSS-leverantörer skall returnera"
+msgstr "Värdet på lösenordsfältet som NSS-leverantörer skall returnera"
 
 #: src/config/SSSDConfig/__init__.py.in:80
 msgid "Override homedir value from the identity provider with this value"
@@ -197,7 +201,7 @@ msgstr "Hur länge sparade poster i minnet är giltiga"
 
 #: src/config/SSSDConfig/__init__.py.in:88
 msgid "List of user attributes the NSS responder is allowed to publish"
-msgstr ""
+msgstr "Lista över användarattribut NSS-svaranden får publicera"
 
 #: src/config/SSSDConfig/__init__.py.in:91
 msgid "How long to allow cached logins between online logins (days)"
@@ -218,11 +222,11 @@ msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:94
 msgid "What kind of messages are displayed to the user during authentication"
-msgstr "Vilka slags meddelanden som visas för användaren under autenticering"
+msgstr "Vilka slags meddelanden som visas för användaren under autentisering"
 
 #: src/config/SSSDConfig/__init__.py.in:95
 msgid "Filter PAM responses sent to the pam_sss"
-msgstr ""
+msgstr "Filtrera PAM-svar skickade till pam_sss"
 
 #: src/config/SSSDConfig/__init__.py.in:96
 msgid "How many seconds to keep identity information cached for PAM requests"
@@ -234,35 +238,35 @@ msgstr "Hur många dagar före ett lösenord går ut en varning skall visas"
 
 #: src/config/SSSDConfig/__init__.py.in:98
 msgid "List of trusted uids or user's name"
-msgstr ""
+msgstr "Lista över betrodda uid:n eller användarnamn"
 
 #: src/config/SSSDConfig/__init__.py.in:99
 msgid "List of domains accessible even for untrusted users."
-msgstr ""
+msgstr "Lista över domäner tillgängliga även för ej betrodda användare."
 
 #: src/config/SSSDConfig/__init__.py.in:100
 msgid "Message printed when user account is expired."
-msgstr ""
+msgstr "Meddelande som skrivs när ett användarkonto har gått ut."
 
 #: src/config/SSSDConfig/__init__.py.in:101
 msgid "Message printed when user account is locked."
-msgstr ""
+msgstr "Meddelande som skrivs när ett användarkonto är låst."
 
 #: src/config/SSSDConfig/__init__.py.in:102
 msgid "Allow certificate based/Smartcard authentication."
-msgstr ""
+msgstr "Tillåt certifikatbaserad/smartkortsautentisering."
 
 #: src/config/SSSDConfig/__init__.py.in:103
 msgid "Path to certificate database with PKCS#11 modules."
-msgstr ""
+msgstr "Sökväg till certifikatdatabasen med PKCS#11-moduler."
 
 #: src/config/SSSDConfig/__init__.py.in:104
 msgid "How many seconds will pam_sss wait for p11_child to finish"
-msgstr ""
+msgstr "Hur många sekunder kommer pam_sss vänta på p11_child att avsluta"
 
 #: src/config/SSSDConfig/__init__.py.in:105
 msgid "Which PAM services are permitted to contact application domains"
-msgstr ""
+msgstr "Vilken PAM-tjänster tillåts att kontakta applikationsdomäner"
 
 #: src/config/SSSDConfig/__init__.py.in:108
 msgid "Whether to evaluate the time-based attributes in sudo rules"
@@ -271,12 +275,15 @@ msgstr "Om tidsbaserade attribut i sudo-regler skall beräknas"
 #: src/config/SSSDConfig/__init__.py.in:109
 msgid "If true, SSSD will switch back to lower-wins ordering logic"
 msgstr ""
+"Om sant kommer SSSD byta tillbaka till ordningslogiken att lägre vinner"
 
 #: src/config/SSSDConfig/__init__.py.in:110
 msgid ""
 "Maximum number of rules that can be refreshed at once. If this is exceeded, "
 "full refresh is performed."
 msgstr ""
+"Maximalt antal regler som kan som kan uppdateras samtidigt.  OM detta "
+"överskrids utförs en fullständig uppdatering."
 
 #: src/config/SSSDConfig/__init__.py.in:116
 msgid "Whether to hash host names and addresses in the known_hosts file"
@@ -293,7 +300,7 @@ msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:118
 msgid "Path to storage of trusted CA certificates"
-msgstr ""
+msgstr "Sökväg till lagring av betrodda CA-certifikat"
 
 #: src/config/SSSDConfig/__init__.py.in:121
 msgid "List of UIDs or user names allowed to access the PAC responder"
@@ -301,7 +308,7 @@ msgstr "Lista över UID:er eller användarnamn som tillåts komma åt PAC-svarar
 
 #: src/config/SSSDConfig/__init__.py.in:122
 msgid "How long the PAC data is considered valid"
-msgstr ""
+msgstr "Hur länge PAC-data betraktas som giltiga"
 
 #: src/config/SSSDConfig/__init__.py.in:125
 msgid "List of UIDs or user names allowed to access the InfoPipe responder"
@@ -310,88 +317,99 @@ msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:126
 msgid "List of user attributes the InfoPipe is allowed to publish"
-msgstr "Lista över aänvändarattribut InfoPipe får publicera"
+msgstr "Lista över användarattribut InfoPipe får publicera"
 
 #: src/config/SSSDConfig/__init__.py.in:129
 msgid "The provider where the secrets will be stored in"
-msgstr ""
+msgstr "Leverantören där hemligheter kommer lagras i"
 
 #: src/config/SSSDConfig/__init__.py.in:130
 msgid "The maximum allowed number of nested containers"
-msgstr ""
+msgstr "Det maximala antalet tillåtna nästlade behållare"
 
 #: src/config/SSSDConfig/__init__.py.in:131
 msgid "The maximum number of secrets that can be stored"
-msgstr ""
+msgstr "Det maximala antalet hemligheter som kan lagras"
 
 #: src/config/SSSDConfig/__init__.py.in:132
-#, fuzzy
 msgid "The maximum number of secrets that can be stored per UID"
-msgstr "Antalet fildeskriptorer som får öppnas av denna svarare"
+msgstr "Det maximala antalet hemligheter som kan lagras per UID"
 
 #: src/config/SSSDConfig/__init__.py.in:133
 msgid "The maximum payload size of a secret in kilobytes"
-msgstr ""
+msgstr "Den maximala laststorleken av hemligheter i kilobyte"
 
 #: src/config/SSSDConfig/__init__.py.in:135
 msgid "The URL Custodia server is listening on"
-msgstr ""
+msgstr "URL:en Custodia-servern lyssnar på"
 
 #: src/config/SSSDConfig/__init__.py.in:136
 msgid "The method to use when authenticating to a Custodia server"
-msgstr ""
+msgstr "Metoden att använda vid autentisering mot en Custodia-server"
 
 #: src/config/SSSDConfig/__init__.py.in:137
 msgid ""
 "The name of the headers that will be added into a HTTP request with the "
 "value defined in auth_header_value"
 msgstr ""
+"Namnet på huvudena som kommer läggas till i en HTTP-begäran med värdet "
+"definierat i auth_header_value"
 
 #: src/config/SSSDConfig/__init__.py.in:138
 msgid "The value sssd-secrets would use for auth_header_name"
-msgstr ""
+msgstr "Värdet sssd-hemligheter skulle använda till auth_header_name"
 
 #: src/config/SSSDConfig/__init__.py.in:139
 msgid ""
 "The list of the headers to forward to the Custodia server together with the "
 "request"
 msgstr ""
+"Listan över huvuden att vidarebefordra till Custodia-servern tillsammans med "
+"begäran"
 
 #: src/config/SSSDConfig/__init__.py.in:140
 msgid ""
 "The username to use when authenticating to a Custodia server using basic_auth"
 msgstr ""
+"Användarnamnet att använda vid autentisering mot en Custodia-server med "
+"basic_auth"
 
 #: src/config/SSSDConfig/__init__.py.in:141
 msgid ""
 "The password to use when authenticating to a Custodia server using basic_auth"
 msgstr ""
+"Lösenordet att använda vid autentisering mot en Custodia-server med "
+"basic_auth"
 
 #: src/config/SSSDConfig/__init__.py.in:142
 msgid "If true peer's certificate is verified if proxy_url uses https protocol"
 msgstr ""
+"Om sant verifieras motpartens certifikat om proxy_url använder protokollet "
+"https"
 
 #: src/config/SSSDConfig/__init__.py.in:143
 msgid ""
 "If false peer's certificate may contain different hostname than proxy_url "
 "when https protocol is used"
 msgstr ""
+"Om falskt får motpartens certifikat innehålla ett annat värdnamn än "
+"proxy_url när protokollet https används"
 
 #: src/config/SSSDConfig/__init__.py.in:144
 msgid "Path to directory where certificate authority certificates are stored"
-msgstr ""
+msgstr "Sökväg till katalogen där certifikatutfärdares certifikat lagras"
 
 #: src/config/SSSDConfig/__init__.py.in:145
 msgid "Path to file containing server's CA certificate"
-msgstr ""
+msgstr "Sökväg till filen som innehåller serverns CA-certifikat"
 
 #: src/config/SSSDConfig/__init__.py.in:146
 msgid "Path to file containing client's certificate"
-msgstr ""
+msgstr "Sökväg till filen som innehåller klientens certifikat"
 
 #: src/config/SSSDConfig/__init__.py.in:147
 msgid "Path to file containing client's private key"
-msgstr ""
+msgstr "Sökväg till filen som innehåller klientens privata nyckel"
 
 #: src/config/SSSDConfig/__init__.py.in:150
 msgid "Identity provider"
@@ -419,20 +437,19 @@ msgstr "Autofs-leverantör"
 
 #: src/config/SSSDConfig/__init__.py.in:156
 msgid "Host identity provider"
-msgstr "Värdidentiftetsleverantör"
+msgstr "Värdidentitetsleverantör"
 
 #: src/config/SSSDConfig/__init__.py.in:157
 msgid "SELinux provider"
-msgstr ""
+msgstr "SELinux-leverantör"
 
 #: src/config/SSSDConfig/__init__.py.in:158
-#, fuzzy
 msgid "Session management provider"
-msgstr "Leverantör av lösenordsändringar"
+msgstr "Sessionshanteringsleverantör"
 
 #: src/config/SSSDConfig/__init__.py.in:161
 msgid "Whether the domain is usable by the OS or by applications"
-msgstr ""
+msgstr "Huruvida domänen är användbar av OS:et eller av program"
 
 #: src/config/SSSDConfig/__init__.py.in:162
 msgid "Minimum user ID"
@@ -532,12 +549,12 @@ msgstr "Huruvida verktyget nsupdate skall använda TCP som standard"
 #: src/config/SSSDConfig/__init__.py.in:189
 msgid "What kind of authentication should be used to perform the DNS update"
 msgstr ""
-"Vilken sorts autenticering som skall användas för att utföra DNS-"
+"Vilken sorts autentisering som skall användas för att utföra DNS-"
 "uppdateringen"
 
 #: src/config/SSSDConfig/__init__.py.in:190
 msgid "Override the DNS server used to perform the DNS update"
-msgstr ""
+msgstr "Åsidosätt DNS-servern som används för att utföra DNS-uppdateringen"
 
 #: src/config/SSSDConfig/__init__.py.in:191
 msgid "Control enumeration of trusted domains"
@@ -549,20 +566,19 @@ msgstr "Hur ofta skall listan över underdomäner uppdateras"
 
 #: src/config/SSSDConfig/__init__.py.in:193
 msgid "List of options that should be inherited into a subdomain"
-msgstr ""
+msgstr "Lista över flaggor som skall ärvas in i en underdomän"
 
 #: src/config/SSSDConfig/__init__.py.in:194
 msgid "Default subdomain homedir value"
-msgstr ""
+msgstr "Standard hemkatalogvärde för underdomäner"
 
 #: src/config/SSSDConfig/__init__.py.in:195
 msgid "How long can cached credentials be used for cached authentication"
-msgstr ""
+msgstr "Hur länge cachade kreditiv får användas för cachad autentisering"
 
 #: src/config/SSSDConfig/__init__.py.in:198
-#, fuzzy
 msgid "Whether to automatically create private groups for users"
-msgstr "Huruvida klienternas DNS-poster uppdateras automatiskt"
+msgstr "Huruvida privata grupper för användare skall skapas automatiskt"
 
 #: src/config/SSSDConfig/__init__.py.in:201
 msgid "IPA domain"
@@ -578,7 +594,7 @@ msgstr "Adress till reserv-IPA-server"
 
 #: src/config/SSSDConfig/__init__.py.in:204
 msgid "IPA client hostname"
-msgstr "IPA-klienvärdnamn"
+msgstr "IPA-klientvärdnamn"
 
 #: src/config/SSSDConfig/__init__.py.in:205
 msgid "Whether to automatically update the client's DNS entry in FreeIPA"
@@ -623,51 +639,51 @@ msgstr "Aktivera DNS-sajter - platsbaserad detektering av tjänster"
 
 #: src/config/SSSDConfig/__init__.py.in:216
 msgid "Search base for view containers"
-msgstr ""
+msgstr "Sökbas för vybehållare"
 
 #: src/config/SSSDConfig/__init__.py.in:217
 msgid "Objectclass for view containers"
-msgstr ""
+msgstr "Objektklass för vybehållare"
 
 #: src/config/SSSDConfig/__init__.py.in:218
 msgid "Attribute with the name of the view"
-msgstr ""
+msgstr "Attribut med namnet på vyn"
 
 #: src/config/SSSDConfig/__init__.py.in:219
 msgid "Objectclass for override objects"
-msgstr ""
+msgstr "Objektklass för åsidosättande objekt"
 
 #: src/config/SSSDConfig/__init__.py.in:220
 msgid "Attribute with the reference to the original object"
-msgstr ""
+msgstr "Attribut med referensen till originalobjektet"
 
 #: src/config/SSSDConfig/__init__.py.in:221
 msgid "Objectclass for user override objects"
-msgstr ""
+msgstr "Objektklass för användaråsidosättande objekt"
 
 #: src/config/SSSDConfig/__init__.py.in:222
 msgid "Objectclass for group override objects"
-msgstr ""
+msgstr "Objektklass för gruppåsidosättande objekt"
 
 #: src/config/SSSDConfig/__init__.py.in:223
-#, fuzzy
 msgid "Search base for Desktop Profile related objects"
-msgstr "Sökbas för HBAC-relaterade objekt"
+msgstr "Sökväg för objekt relaterade till skrivbordsprofiler"
 
 #: src/config/SSSDConfig/__init__.py.in:224
-#, fuzzy
 msgid ""
 "The amount of time in seconds between lookups of the Desktop Profile rules "
 "against the IPA server"
 msgstr ""
-"Tiden i sekunder mellan uppslagningar av SELinux-mappningar mot IPA-servern"
+"Tiden i sekunder mellan uppslagningar av skrivbordsprofilsregler mot IPA-"
+"servern"
 
 #: src/config/SSSDConfig/__init__.py.in:225
-#, fuzzy
 msgid ""
 "The amount of time in minutes between lookups of Desktop Profiles rules "
 "against the IPA server when the last request did not find any rule"
-msgstr "Tidsåtgången mellan uppslagningar av HBAC-reglerna mot IPA-servern"
+msgstr ""
+"Tiden i minuter mellan uppslagningar av skrivbordsprofilsregler mot IPA-"
+"servern när det den senaste förfrågan inte hittade någon regel"
 
 #: src/config/SSSDConfig/__init__.py.in:228
 msgid "Active Directory domain"
@@ -675,7 +691,7 @@ msgstr "Active Directory-domän"
 
 #: src/config/SSSDConfig/__init__.py.in:229
 msgid "Enabled Active Directory domains"
-msgstr ""
+msgstr "Aktivera Active Directory-domäner"
 
 #: src/config/SSSDConfig/__init__.py.in:230
 msgid "Active Directory server address"
@@ -687,7 +703,7 @@ msgstr "Adress till Active Directory-reservserver"
 
 #: src/config/SSSDConfig/__init__.py.in:232
 msgid "Active Directory client hostname"
-msgstr "Active Directory-klienvärdnamn"
+msgstr "Active Directory-klientvärdnamn"
 
 #: src/config/SSSDConfig/__init__.py.in:234
 #: src/config/SSSDConfig/__init__.py.in:420
@@ -700,71 +716,83 @@ msgstr "Huruvida den globala katalogen skall användas för uppslagningar"
 
 #: src/config/SSSDConfig/__init__.py.in:236
 msgid "Operation mode for GPO-based access control"
-msgstr "Arbetsläge för GPO-baserad åtkomstkontrol"
+msgstr "Arbetsläge för GPO-baserad åtkomstkontroll"
 
 #: src/config/SSSDConfig/__init__.py.in:237
 msgid ""
 "The amount of time between lookups of the GPO policy files against the AD "
 "server"
-msgstr ""
+msgstr "Tidsåtgången mellan uppslagningar av GPO-policyfiler mot AD-servern"
 
 #: src/config/SSSDConfig/__init__.py.in:238
 msgid ""
 "PAM service names that map to the GPO (Deny)InteractiveLogonRight policy "
 "settings"
 msgstr ""
+"PAM-tjänstenamn som översätts till GPO-policyinställningen "
+"(Deny)InteractiveLogonRight"
 
 #: src/config/SSSDConfig/__init__.py.in:239
 msgid ""
 "PAM service names that map to the GPO (Deny)RemoteInteractiveLogonRight "
 "policy settings"
 msgstr ""
+"PAM-tjänstenamn som översätts till GPO-policyinställningen "
+"(Deny)RemoteInteractiveLogonRight"
 
 #: src/config/SSSDConfig/__init__.py.in:240
 msgid ""
 "PAM service names that map to the GPO (Deny)NetworkLogonRight policy settings"
 msgstr ""
+"PAM-tjänstenamn som översätts till GPO-policyinställningen "
+"(Deny)NetworkLogonRight"
 
 #: src/config/SSSDConfig/__init__.py.in:241
 msgid ""
 "PAM service names that map to the GPO (Deny)BatchLogonRight policy settings"
 msgstr ""
+"PAM-tjänstenamn som översätts till GPO-policyinställningen "
+"(Deny)BatchLogonRight"
 
 #: src/config/SSSDConfig/__init__.py.in:242
 msgid ""
 "PAM service names that map to the GPO (Deny)ServiceLogonRight policy settings"
 msgstr ""
+"PAM-tjänstenamn som översätts till GPO-policyinställningen "
+"(Deny)ServiceLogonRight"
 
 #: src/config/SSSDConfig/__init__.py.in:243
 msgid "PAM service names for which GPO-based access is always granted"
-msgstr ""
+msgstr "PAM-tjänstenamn för vilka GPO-baserad åtkomst alltid tillåts"
 
 #: src/config/SSSDConfig/__init__.py.in:244
 msgid "PAM service names for which GPO-based access is always denied"
-msgstr ""
+msgstr "PAM-tjänstenamn för vilka GPO-baserad åtkomst alltid nekas"
 
 #: src/config/SSSDConfig/__init__.py.in:245
 msgid ""
 "Default logon right (or permit/deny) to use for unmapped PAM service names"
 msgstr ""
+"Standardinloggningsrättigheter (eller permit/deny) att använda för omappade "
+"PAM-tjänstenamn"
 
 #: src/config/SSSDConfig/__init__.py.in:246
 msgid "a particular site to be used by the client"
-msgstr ""
+msgstr "en viss sajt att användas av klienten"
 
 #: src/config/SSSDConfig/__init__.py.in:247
 msgid ""
 "Maximum age in days before the machine account password should be renewed"
-msgstr ""
+msgstr "Maximal ålder i dagar innan maskinkontots lösenord skall förnyas"
 
 #: src/config/SSSDConfig/__init__.py.in:248
 msgid "Option for tuning the machine account renewal task"
-msgstr ""
+msgstr "Flagga för att trimma maskinkontots förnyelseuppgift"
 
 #: src/config/SSSDConfig/__init__.py.in:251
 #: src/config/SSSDConfig/__init__.py.in:252
 msgid "Kerberos server address"
-msgstr "Adress till server för Kerberos"
+msgstr "Adress till Kerberosserver"
 
 #: src/config/SSSDConfig/__init__.py.in:253
 msgid "Kerberos backup server address"
@@ -784,7 +812,7 @@ msgstr "Huruvida kdcinfo-filer skall skapas"
 
 #: src/config/SSSDConfig/__init__.py.in:257
 msgid "Where to drop krb5 config snippets"
-msgstr ""
+msgstr "Var konfigurationssnuttar för krb5 skall läggas"
 
 #: src/config/SSSDConfig/__init__.py.in:260
 msgid "Directory to store credential caches"
@@ -828,7 +856,7 @@ msgstr "Väljer huvudman att använda för FAST"
 
 #: src/config/SSSDConfig/__init__.py.in:270
 msgid "Enables principal canonicalization"
-msgstr "Aktivera kanonsisk form av huvudman"
+msgstr "Aktivera kanonisk form av huvudman"
 
 #: src/config/SSSDConfig/__init__.py.in:271
 msgid "Enables enterprise principals"
@@ -836,7 +864,7 @@ msgstr "Aktiverar företagshuvudmän"
 
 #: src/config/SSSDConfig/__init__.py.in:272
 msgid "A mapping from user names to Kerberos principal names"
-msgstr ""
+msgstr "En översättning från användarnamn till Kerberos huvudmansnamn"
 
 #: src/config/SSSDConfig/__init__.py.in:275
 #: src/config/SSSDConfig/__init__.py.in:276
@@ -865,11 +893,11 @@ msgstr "Standard bindnings-DN"
 
 #: src/config/SSSDConfig/__init__.py.in:284
 msgid "The type of the authentication token of the default bind DN"
-msgstr "Typen på autenticerings-token för standard bindnings-DN"
+msgstr "Typen på autentiserings-token för standard bindnings-DN"
 
 #: src/config/SSSDConfig/__init__.py.in:285
 msgid "The authentication token of the default bind DN"
-msgstr "Autenticerings-token för standard bindnings-DN"
+msgstr "Autentiserings-token för standard bindnings-DN"
 
 #: src/config/SSSDConfig/__init__.py.in:286
 msgid "Length of time to attempt connection"
@@ -933,7 +961,7 @@ msgstr "Kerberostjänstens nyckeltabell"
 
 #: src/config/SSSDConfig/__init__.py.in:301
 msgid "Use Kerberos auth for LDAP connection"
-msgstr "Avnänd Kerberosautenticering för LDAP-anslutning"
+msgstr "Använd Kerberosautentisering för LDAP-anslutningaä"
 
 #: src/config/SSSDConfig/__init__.py.in:302
 msgid "Follow LDAP referrals"
@@ -1055,7 +1083,7 @@ msgstr "Skalattribut"
 
 #: src/config/SSSDConfig/__init__.py.in:336
 msgid "UUID attribute"
-msgstr ""
+msgstr "UUID-attribut"
 
 #: src/config/SSSDConfig/__init__.py.in:337
 #: src/config/SSSDConfig/__init__.py.in:379
@@ -1119,9 +1147,8 @@ msgid "Attribute listing authorized server hosts"
 msgstr "Attribut för listning av auktoriserade servervärdar"
 
 #: src/config/SSSDConfig/__init__.py.in:353
-#, fuzzy
 msgid "Attribute listing authorized server rhosts"
-msgstr "Attribut för listning av auktoriserade servervärdar"
+msgstr "Attribut för listning av auktoriserade server-rhosts"
 
 #: src/config/SSSDConfig/__init__.py.in:354
 msgid "krbLastPwdChange attribute"
@@ -1165,15 +1192,15 @@ msgstr "Attribut för publik SSH-nyckel"
 
 #: src/config/SSSDConfig/__init__.py.in:364
 msgid "attribute listing allowed authentication types for a user"
-msgstr ""
+msgstr "attribut för listning av tillåtna autentiseringstyper för en användare"
 
 #: src/config/SSSDConfig/__init__.py.in:365
 msgid "attribute containing the X509 certificate of the user"
-msgstr ""
+msgstr "attribut som innehåller användarens X509-certifikat"
 
 #: src/config/SSSDConfig/__init__.py.in:366
 msgid "attribute containing the email address of the user"
-msgstr ""
+msgstr "attribut som innehåller e-postadresser till användaren"
 
 #: src/config/SSSDConfig/__init__.py.in:368
 msgid "A list of extra attributes to download along with the user entry"
@@ -1205,7 +1232,7 @@ msgstr "Gruppmedlemsattribut"
 
 #: src/config/SSSDConfig/__init__.py.in:378
 msgid "Group UUID attribute"
-msgstr ""
+msgstr "Grupp-UUID-attribut"
 
 #: src/config/SSSDConfig/__init__.py.in:380
 msgid "Modification time attribute for groups"
@@ -1217,12 +1244,11 @@ msgstr "Typen av grupp och andra flaggor"
 
 #: src/config/SSSDConfig/__init__.py.in:382
 msgid "The LDAP group external member attribute"
-msgstr ""
+msgstr "LDAP-gruppens externa medlemsattribut"
 
 #: src/config/SSSDConfig/__init__.py.in:384
-#, fuzzy
 msgid "Maximum nesting level SSSD will follow"
-msgstr "Maximal nästningsnivå SSSd kommer följa"
+msgstr "Maximal nästningsnivå SSSD kommer följa"
 
 #: src/config/SSSDConfig/__init__.py.in:386
 msgid "Base DN for netgroup lookups"
@@ -1294,7 +1320,7 @@ msgstr "Standarddomänens SID för ID-mappning"
 
 #: src/config/SSSDConfig/__init__.py.in:406
 msgid "Number of secondary slices"
-msgstr ""
+msgstr "Antal sekundära skivor"
 
 #: src/config/SSSDConfig/__init__.py.in:408
 msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for group lookups"
@@ -1318,11 +1344,11 @@ msgstr "Sätt övre gräns för tillåtna ID:n från LDAP-servern"
 
 #: src/config/SSSDConfig/__init__.py.in:413
 msgid "DN for ppolicy queries"
-msgstr ""
+msgstr "DN för ppolicy-frågor"
 
 #: src/config/SSSDConfig/__init__.py.in:414
 msgid "How many maximum entries to fetch during a wildcard request"
-msgstr ""
+msgstr "Hur många poster att maximalt hämta i en joker-begäran"
 
 #: src/config/SSSDConfig/__init__.py.in:417
 msgid "Policy to evaluate the password expiration"
@@ -1425,7 +1451,7 @@ msgstr "Attribut för sudo-regelflaggor"
 
 #: src/config/SSSDConfig/__init__.py.in:445
 msgid "Sudo rule runas attribute"
-msgstr ""
+msgstr "Sudo-regel-runas-attribut"
 
 #: src/config/SSSDConfig/__init__.py.in:446
 msgid "Sudo rule runasuser attribute"
@@ -1449,19 +1475,19 @@ msgstr "Attribut för sudo-order-regler"
 
 #: src/config/SSSDConfig/__init__.py.in:453
 msgid "Object class for automounter maps"
-msgstr "Objektklass för automatmonteraravbildningar"
+msgstr "Objektklass för avbildningar för automatmonterare"
 
 #: src/config/SSSDConfig/__init__.py.in:454
 msgid "Automounter map name attribute"
-msgstr "Attribut för automatmonteraravbildningsnamn"
+msgstr "Attribut för namn i avbildningar för automatmonterare"
 
 #: src/config/SSSDConfig/__init__.py.in:455
 msgid "Object class for automounter map entries"
-msgstr "Objektklass för poster i automatmonteraravbildningar"
+msgstr "Objektklass för poster i avbildningar för automatmonterare"
 
 #: src/config/SSSDConfig/__init__.py.in:456
 msgid "Automounter map entry key attribute"
-msgstr "Attribut för postnycklar i automatmonteraravbildningar"
+msgstr "Attribut för postnycklar i avbildningar för automatmonterare"
 
 #: src/config/SSSDConfig/__init__.py.in:457
 msgid "Automounter map entry value attribute"
@@ -1469,7 +1495,7 @@ msgstr "Attribut på postvärde i avbildning för automatmonteraren"
 
 #: src/config/SSSDConfig/__init__.py.in:458
 msgid "Base DN for automounter map lookups"
-msgstr "Bas-DN för uppslagningar i automatmonteraravbildningar"
+msgstr "Bas-DN för uppslagningar i avbildningar för automatmonterare"
 
 #: src/config/SSSDConfig/__init__.py.in:461
 msgid "Comma separated list of allowed users"
@@ -1489,7 +1515,7 @@ msgstr "Bas för hemkataloger"
 
 #: src/config/SSSDConfig/__init__.py.in:469
 msgid "The number of preforked proxy children."
-msgstr ""
+msgstr "Antal ombudsbarn före grening"
 
 #: src/config/SSSDConfig/__init__.py.in:472
 msgid "The name of the NSS library to use"
@@ -1503,6 +1529,14 @@ msgstr "Huruvida kanoniska gruppnamn skall slås upp från cachen om möjligt"
 msgid "PAM stack to use"
 msgstr "PAM-stack att använda"
 
+#: src/config/SSSDConfig/__init__.py.in:479
+msgid "Path of passwd file sources."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:480
+msgid "Path of group file sources."
+msgstr ""
+
 #: src/monitor/monitor.c:2449
 msgid "Become a daemon (default)"
 msgstr "Bli en demon (standard)"
@@ -1513,7 +1547,7 @@ msgstr "Kör interaktivt (inte en demon)"
 
 #: src/monitor/monitor.c:2454
 msgid "Disable netlink interface"
-msgstr ""
+msgstr "Avaktivera netlink-gränssnittet"
 
 #: src/monitor/monitor.c:2456 src/tools/sssctl/sssctl_logs.c:311
 msgid "Specify a non-default config file"
@@ -1521,7 +1555,7 @@ msgstr "Ange en konfigurationsfil annan än standard"
 
 #: src/monitor/monitor.c:2458
 msgid "Refresh the configuration database, then exit"
-msgstr ""
+msgstr "Uppdatera konfigurationsdatabasen, avsluta sedan"
 
 #: src/monitor/monitor.c:2461
 msgid "Print version number and exit"
@@ -1529,63 +1563,63 @@ msgstr "Skriv ut versionsnumret och avsluta"
 
 #: src/monitor/monitor.c:2627
 msgid "SSSD is already running\n"
-msgstr ""
+msgstr "SSSD kör redan\n"
 
-#: src/providers/krb5/krb5_child.c:3216 src/providers/ldap/ldap_child.c:617
+#: src/providers/krb5/krb5_child.c:3216 src/providers/ldap/ldap_child.c:605
 msgid "Debug level"
 msgstr "Felsökningsnivå"
 
-#: src/providers/krb5/krb5_child.c:3218 src/providers/ldap/ldap_child.c:619
+#: src/providers/krb5/krb5_child.c:3218 src/providers/ldap/ldap_child.c:607
 msgid "Add debug timestamps"
 msgstr "Lägg till felsökningstidstämplar"
 
-#: src/providers/krb5/krb5_child.c:3220 src/providers/ldap/ldap_child.c:621
+#: src/providers/krb5/krb5_child.c:3220 src/providers/ldap/ldap_child.c:609
 msgid "Show timestamps with microseconds"
 msgstr "Visa tidsstämplar med mikrosekunder"
 
-#: src/providers/krb5/krb5_child.c:3222 src/providers/ldap/ldap_child.c:623
+#: src/providers/krb5/krb5_child.c:3222 src/providers/ldap/ldap_child.c:611
 msgid "An open file descriptor for the debug logs"
 msgstr "Ett öppet filhandtag för felsökningsloggarna"
 
-#: src/providers/krb5/krb5_child.c:3225 src/providers/ldap/ldap_child.c:625
+#: src/providers/krb5/krb5_child.c:3225 src/providers/ldap/ldap_child.c:613
 msgid "Send the debug output to stderr directly."
-msgstr ""
+msgstr "Skicka felsökningsutdata direkt till standard fel."
 
 #: src/providers/krb5/krb5_child.c:3228
 msgid "The user to create FAST ccache as"
-msgstr ""
+msgstr "Användaren att skapa en FAST-ccache som"
 
 #: src/providers/krb5/krb5_child.c:3230
 msgid "The group to create FAST ccache as"
-msgstr ""
+msgstr "Gruppen att skapa en FAST-ccache som"
 
 #: src/providers/krb5/krb5_child.c:3232
 msgid "Kerberos realm to use"
-msgstr ""
+msgstr "Kerberosrike att använda"
 
 #: src/providers/krb5/krb5_child.c:3234
 msgid "Requested lifetime of the ticket"
-msgstr ""
+msgstr "Begärd livslängd på biljetten"
 
 #: src/providers/krb5/krb5_child.c:3236
 msgid "Requested renewable lifetime of the ticket"
-msgstr ""
+msgstr "Begärd förnybar livslängd på biljetten"
 
 #: src/providers/krb5/krb5_child.c:3238
 msgid "FAST options ('never', 'try', 'demand')"
-msgstr ""
+msgstr "FAST-flaggor (”never”, ”try”, ”demand”)"
 
 #: src/providers/krb5/krb5_child.c:3241
 msgid "Specifies the server principal to use for FAST"
-msgstr ""
+msgstr "Anger serverhuvudmannen att använda för FAST"
 
 #: src/providers/krb5/krb5_child.c:3243
 msgid "Requests canonicalization of the principal name"
-msgstr ""
+msgstr "Begär kanonisering av huvudmannanamnet"
 
 #: src/providers/krb5/krb5_child.c:3245
 msgid "Use custom version of krb5_get_init_creds_password"
-msgstr ""
+msgstr "Använd en anpassad version av krb5_get_init_creds_password"
 
 #: src/providers/data_provider_be.c:555
 msgid "Domain of the information provider (mandatory)"
@@ -1593,7 +1627,7 @@ msgstr "Domän för informationsleverantören (obligatoriskt)"
 
 #: src/sss_client/common.c:1066
 msgid "Privileged socket has wrong ownership or permissions."
-msgstr "Priviligierat uttag (socket) har fel ägarskap eller rättigheter."
+msgstr "Privilegierat uttag (socket) har fel ägarskap eller rättigheter."
 
 #: src/sss_client/common.c:1069
 msgid "Public socket has wrong ownership or permissions."
@@ -1617,7 +1651,7 @@ msgstr "Oväntat fel vid sökning efter ett felmeddelande"
 
 #: src/sss_client/pam_sss.c:76
 msgid "Permission denied. "
-msgstr ""
+msgstr "Åtkomst nekas. "
 
 #: src/sss_client/pam_sss.c:77 src/sss_client/pam_sss.c:782
 #: src/sss_client/pam_sss.c:793
@@ -1680,24 +1714,23 @@ msgstr "Skriv det nya lösenordet igen: "
 
 #: src/sss_client/pam_sss.c:2039 src/sss_client/pam_sss.c:2042
 msgid "First Factor: "
-msgstr ""
+msgstr "Första faktorn: "
 
 #: src/sss_client/pam_sss.c:2040 src/sss_client/pam_sss.c:2202
 msgid "Second Factor (optional): "
-msgstr ""
+msgstr "Andra faktorn (frivillig): "
 
 #: src/sss_client/pam_sss.c:2043 src/sss_client/pam_sss.c:2205
 msgid "Second Factor: "
-msgstr ""
+msgstr "Andra faktorn: "
 
 #: src/sss_client/pam_sss.c:2058
 msgid "Password: "
 msgstr "Lösenord: "
 
 #: src/sss_client/pam_sss.c:2201 src/sss_client/pam_sss.c:2204
-#, fuzzy
 msgid "First Factor (Current Password): "
-msgstr "Nuvarande lösenord: "
+msgstr "Första faktorn (nuvarande lösenord): "
 
 #: src/sss_client/pam_sss.c:2208
 msgid "Current Password: "
@@ -1958,12 +1991,12 @@ msgid ""
 "Cannot find group in local domain, modifying groups is allowed only in local "
 "domain\n"
 msgstr ""
-"Ken inte hitta gruppen i den lokala domänen, att ändra grupper är endast "
+"Kan inte hitta gruppen i den lokala domänen, att ändra grupper är endast "
 "tillåtet i den lokala domänen\n"
 
 #: src/tools/sss_groupmod.c:153 src/tools/sss_groupmod.c:182
 msgid "Member groups must be in the same domain as parent group\n"
-msgstr "Medlemsgrupper måster ligga i samma domän som föräldragrupper\n"
+msgstr "Medlemsgrupper måste ligga i samma domän som föräldragrupper\n"
 
 #: src/tools/sss_groupmod.c:161 src/tools/sss_groupmod.c:190
 #: src/tools/sss_usermod.c:214 src/tools/sss_usermod.c:243
@@ -2061,7 +2094,7 @@ msgstr "Framtvinga borttagning av filer som inte ägs av användaren"
 
 #: src/tools/sss_userdel.c:142
 msgid "Kill users' processes before removing him"
-msgstr "Döda anvädares processer före de tas bort"
+msgstr "Döda användares processer före de tas bort"
 
 #: src/tools/sss_userdel.c:188
 msgid "Specify user to delete\n"
@@ -2150,7 +2183,7 @@ msgid ""
 "multi-valued attributes, the command replaces the values already present"
 msgstr ""
 "Sätt ett attribut till ett namn/värde-par.  Formatet är attrnamn=värde.  För "
-"flervärda attribut ersätter kommandot de värden som redan finns."
+"flervärda attribut ersätter kommandot de värden som redan finns"
 
 #: src/tools/sss_usermod.c:117 src/tools/sss_usermod.c:126
 #: src/tools/sss_usermod.c:135
@@ -2190,16 +2223,16 @@ msgstr "Inga cache-objekt matchade den angivna sökningen\n"
 #: src/tools/sss_cache.c:502
 #, c-format
 msgid "Couldn't invalidate %1$s\n"
-msgstr ""
+msgstr "Kunde inte invalidera %1$s\n"
 
 #: src/tools/sss_cache.c:509
 #, c-format
 msgid "Couldn't invalidate %1$s %2$s\n"
-msgstr ""
+msgstr "Kunde inte invalidera %1$s %2$s\n"
 
 #: src/tools/sss_cache.c:672
 msgid "Invalidate all cached entries"
-msgstr ""
+msgstr "Invalidera alla cachade poster"
 
 #: src/tools/sss_cache.c:674
 msgid "Invalidate particular user"
@@ -2243,19 +2276,19 @@ msgstr "Invalidera alla autofs-mappar"
 
 #: src/tools/sss_cache.c:697
 msgid "Invalidate particular SSH host"
-msgstr ""
+msgstr "Invalidera en viss SSH-värd"
 
 #: src/tools/sss_cache.c:699
 msgid "Invalidate all SSH hosts"
-msgstr ""
+msgstr "Invalidera alla SSH-värdar"
 
 #: src/tools/sss_cache.c:703
 msgid "Invalidate particular sudo rule"
-msgstr ""
+msgstr "Invalidera en viss sudo-regel"
 
 #: src/tools/sss_cache.c:705
 msgid "Invalidate all cached sudo rules"
-msgstr ""
+msgstr "Invalidera alla cachade sudo-regler"
 
 #: src/tools/sss_cache.c:708
 msgid "Only invalidate entries from a particular domain"
@@ -2266,6 +2299,8 @@ msgid ""
 "Unexpected argument(s) provided, options that invalidate a single object "
 "only accept a single provided argument.\n"
 msgstr ""
+"Oväntat argument angivet, flaggor som invaliderar ett ensamt objekt tar bara "
+"ett ensamt angivet argument.\n"
 
 #: src/tools/sss_cache.c:772
 msgid "Please select at least one object to invalidate\n"
@@ -2302,106 +2337,106 @@ msgstr "%1$s måste köras som root\n"
 
 #: src/tools/sssctl/sssctl.c:35
 msgid "yes"
-msgstr ""
+msgstr "ja"
 
 #: src/tools/sssctl/sssctl.c:37
 msgid "no"
-msgstr ""
+msgstr "nej"
 
 #: src/tools/sssctl/sssctl.c:39
 msgid "error"
-msgstr ""
+msgstr "fel"
 
 #: src/tools/sssctl/sssctl.c:42
 msgid "Invalid result."
-msgstr ""
+msgstr "Felaktigt resultat."
 
 #: src/tools/sssctl/sssctl.c:78
 #, c-format
 msgid "Unable to read user input\n"
-msgstr ""
+msgstr "Kan inte läsa användarens indata\n"
 
 #: src/tools/sssctl/sssctl.c:91
 #, c-format
 msgid "Invalid input, please provide either '%s' or '%s'.\n"
-msgstr ""
+msgstr "Felaktig indata, ange antingen ”%s” eller ”%s”.\n"
 
 #: src/tools/sssctl/sssctl.c:109 src/tools/sssctl/sssctl.c:114
 #, c-format
 msgid "Error while executing external command\n"
-msgstr ""
+msgstr "Fel när externt kommando kördes\n"
 
 #: src/tools/sssctl/sssctl.c:156
 msgid "SSSD needs to be running. Start SSSD now?"
-msgstr ""
+msgstr "SSSD behöver köras.  Starta SSSD nu?"
 
 #: src/tools/sssctl/sssctl.c:195
 msgid "SSSD must not be running. Stop SSSD now?"
-msgstr ""
+msgstr "SSSD får inte köra.  Stoppa SSSD nu?"
 
 #: src/tools/sssctl/sssctl.c:231
 msgid "SSSD needs to be restarted. Restart SSSD now?"
-msgstr ""
+msgstr "SSSD behöver startas om.  Starta om SSSD nu?"
 
 #: src/tools/sssctl/sssctl_cache.c:31
 #, c-format
 msgid " %s is not present in cache.\n"
-msgstr ""
+msgstr " %s finns inte i cachen.\n"
 
 #: src/tools/sssctl/sssctl_cache.c:33
 msgid "Name"
-msgstr ""
+msgstr "Namn"
 
 #: src/tools/sssctl/sssctl_cache.c:34
 msgid "Cache entry creation date"
-msgstr ""
+msgstr "Datum då cache-posten skapades"
 
 #: src/tools/sssctl/sssctl_cache.c:35
 msgid "Cache entry last update time"
-msgstr ""
+msgstr "Tidpunkt då cache-posten senast uppdaterades"
 
 #: src/tools/sssctl/sssctl_cache.c:36
 msgid "Cache entry expiration time"
-msgstr ""
+msgstr "Tidpunkt då cache-posten går ut"
 
 #: src/tools/sssctl/sssctl_cache.c:37
 msgid "Cached in InfoPipe"
-msgstr ""
+msgstr "Cachad i InfoPipe"
 
 #: src/tools/sssctl/sssctl_cache.c:512
 #, c-format
 msgid "Error: Unable to get object [%d]: %s\n"
-msgstr ""
+msgstr "Fel: kan inte hämta objektet [%d]: %s\n"
 
 #: src/tools/sssctl/sssctl_cache.c:528
 #, c-format
 msgid "%s: Unable to read value [%d]: %s\n"
-msgstr ""
+msgstr "%s: Kan inte läsa värdet [%d]: %s\n"
 
 #: src/tools/sssctl/sssctl_cache.c:556
 msgid "Specify name."
-msgstr ""
+msgstr "Ange namn."
 
 #: src/tools/sssctl/sssctl_cache.c:566
 #, c-format
 msgid "Unable to parse name %s.\n"
-msgstr ""
+msgstr "Kan inte tolka namnet %s.\n"
 
 #: src/tools/sssctl/sssctl_cache.c:592 src/tools/sssctl/sssctl_cache.c:639
 msgid "Search by SID"
-msgstr ""
+msgstr "Sök via SID"
 
 #: src/tools/sssctl/sssctl_cache.c:593
 msgid "Search by user ID"
-msgstr ""
+msgstr "Sök via användar-ID"
 
 #: src/tools/sssctl/sssctl_cache.c:602
 msgid "Initgroups expiration time"
-msgstr ""
+msgstr "Init-gruppers utgångstid"
 
 #: src/tools/sssctl/sssctl_cache.c:640
 msgid "Search by group ID"
-msgstr ""
+msgstr "Sök via grupp-ID"
 
 #: src/tools/sssctl/sssctl_config.c:67
 #, c-format
@@ -2409,172 +2444,177 @@ msgid ""
 "File %1$s does not exist. SSSD will use default configuration with files "
 "provider.\n"
 msgstr ""
+"Filen %1$s finns inte.  SSSD kommer använda standardkonfigurationen med "
+"filleverantörer.\n"
 
 #: src/tools/sssctl/sssctl_config.c:81
 #, c-format
 msgid ""
 "File ownership and permissions check failed. Expected root:root and 0600.\n"
 msgstr ""
+"Kontrollen av filens ägarskap och rättigheter misslyckades.  root:root och "
+"0600 förväntades.\n"
 
 #: src/tools/sssctl/sssctl_config.c:104
 #, c-format
 msgid "Issues identified by validators: %zu\n"
-msgstr ""
+msgstr "Problem identifierade av validerare: %zu\n"
 
 #: src/tools/sssctl/sssctl_config.c:114
 #, c-format
 msgid "Messages generated during configuration merging: %zu\n"
-msgstr ""
+msgstr "Meddelanden genererade under sammanslagning av konfigurationen: %zu\n"
 
 #: src/tools/sssctl/sssctl_config.c:127
 #, c-format
 msgid "Used configuration snippet files: %u\n"
-msgstr ""
+msgstr "Använda konfigurationssnuttfiler: %u\n"
 
 #: src/tools/sssctl/sssctl_data.c:89
 #, c-format
 msgid "Unable to create backup directory [%d]: %s"
-msgstr ""
+msgstr "Kan inte skapa en katalog för säkerhetskopia [%d]: %s"
 
 #: src/tools/sssctl/sssctl_data.c:95
 msgid "SSSD backup of local data already exists, override?"
-msgstr ""
+msgstr "En SSSD-säkerhetskopia av lokala data finns redan, åsidosätt?"
 
 #: src/tools/sssctl/sssctl_data.c:111
 #, c-format
 msgid "Unable to export user overrides\n"
-msgstr ""
+msgstr "Kan inte exportera användaråsidosättanden\n"
 
 #: src/tools/sssctl/sssctl_data.c:118
 #, c-format
 msgid "Unable to export group overrides\n"
-msgstr ""
+msgstr "Kan inte exportera gruppåsidosättanden\n"
 
 #: src/tools/sssctl/sssctl_data.c:134 src/tools/sssctl/sssctl_data.c:217
 msgid "Override existing backup"
-msgstr ""
+msgstr "Åsidosätt befintlig säkerhetskopia"
 
 #: src/tools/sssctl/sssctl_data.c:164
 #, c-format
 msgid "Unable to import user overrides\n"
-msgstr ""
+msgstr "Kan inte importera användaråsidosättanden\n"
 
 #: src/tools/sssctl/sssctl_data.c:173
 #, c-format
 msgid "Unable to import group overrides\n"
-msgstr ""
+msgstr "Kan inte importera gruppåsidosättanden\n"
 
 #: src/tools/sssctl/sssctl_data.c:194 src/tools/sssctl/sssctl_domains.c:74
 #: src/tools/sssctl/sssctl_domains.c:339
 msgid "Start SSSD if it is not running"
-msgstr ""
+msgstr "Starta SSSD om den inte kör"
 
 #: src/tools/sssctl/sssctl_data.c:195
 msgid "Restart SSSD after data import"
-msgstr ""
+msgstr "Starta om SSSD efter import av data"
 
 #: src/tools/sssctl/sssctl_data.c:218
 msgid "Create clean cache files and import local data"
-msgstr ""
+msgstr "Skapa rena cachefiler och importera lokala data"
 
 #: src/tools/sssctl/sssctl_data.c:219
 msgid "Stop SSSD before removing the cache"
-msgstr ""
+msgstr "Stoppa SSSD före cachen tas bort"
 
 #: src/tools/sssctl/sssctl_data.c:220
 msgid "Start SSSD when the cache is removed"
-msgstr ""
+msgstr "Starta SSSD när cachen är borttagen"
 
 #: src/tools/sssctl/sssctl_data.c:235
 #, c-format
 msgid "Creating backup of local data...\n"
-msgstr ""
+msgstr "Skapa säkerhetskopia av lokala data …\n"
 
 #: src/tools/sssctl/sssctl_data.c:238
 #, c-format
 msgid "Unable to create backup of local data, can not remove the cache.\n"
 msgstr ""
+"Kan inte skapa säkerhetskopia av lokala data, kan inte ta bort cachen.\n"
 
 #: src/tools/sssctl/sssctl_data.c:243
 #, c-format
 msgid "Removing cache files...\n"
-msgstr ""
+msgstr "Tar bort cache-filer …\n"
 
 #: src/tools/sssctl/sssctl_data.c:246
 #, c-format
 msgid "Unable to remove cache files\n"
-msgstr ""
+msgstr "Kan inte ta bort cache-filer\n"
 
 #: src/tools/sssctl/sssctl_data.c:251
 #, c-format
 msgid "Restoring local data...\n"
-msgstr ""
+msgstr "Återställer lokala data …\n"
 
 #: src/tools/sssctl/sssctl_domains.c:75
 msgid "Show domain list including primary or trusted domain type"
-msgstr ""
+msgstr "Visa domänlistan inklusive primär eller betrodd domäntyp"
 
 #: src/tools/sssctl/sssctl_domains.c:156
 #, c-format
 msgid "Online status: %s\n"
-msgstr ""
+msgstr "Uppkopplingsstatus: %s\n"
 
 #: src/tools/sssctl/sssctl_domains.c:156
 msgid "Online"
-msgstr ""
+msgstr "Uppkopplad"
 
 #: src/tools/sssctl/sssctl_domains.c:156
 msgid "Offline"
-msgstr ""
+msgstr "Frånkopplad"
 
 #: src/tools/sssctl/sssctl_domains.c:214
 #, c-format
 msgid "Active servers:\n"
-msgstr ""
+msgstr "Aktiva servrar:\n"
 
 #: src/tools/sssctl/sssctl_domains.c:231
 msgid "not connected"
-msgstr ""
+msgstr "inte ansluten"
 
 #: src/tools/sssctl/sssctl_domains.c:278
 #, c-format
 msgid "Discovered %s servers:\n"
-msgstr ""
+msgstr "Upptäckte %s servrar:\n"
 
 #: src/tools/sssctl/sssctl_domains.c:296
 msgid "None so far.\n"
-msgstr ""
+msgstr "Ingen än så länge.\n"
 
 #: src/tools/sssctl/sssctl_domains.c:336
 msgid "Show online status"
-msgstr ""
+msgstr "Visa uppkopplingsstatus"
 
 #: src/tools/sssctl/sssctl_domains.c:337
 msgid "Show information about active server"
-msgstr ""
+msgstr "Visa information om aktiv server"
 
 #: src/tools/sssctl/sssctl_domains.c:338
 msgid "Show list of discovered servers"
-msgstr ""
+msgstr "Visa lista över upptäckta servrar"
 
 #: src/tools/sssctl/sssctl_domains.c:344
 msgid "Specify domain name."
-msgstr ""
+msgstr "Ange domännamn."
 
 #: src/tools/sssctl/sssctl_domains.c:360
 #, c-format
 msgid "Out of memory!\n"
-msgstr ""
+msgstr "Slut på minne!\n"
 
 #: src/tools/sssctl/sssctl_domains.c:377 src/tools/sssctl/sssctl_domains.c:387
 #, c-format
 msgid "Unable to get online status\n"
-msgstr ""
+msgstr "Kan inte ta reda på uppkopplingsstatus\n"
 
 #: src/tools/sssctl/sssctl_domains.c:397
 #, c-format
 msgid "Unable to get server list\n"
-msgstr ""
+msgstr "Kan inte ta reda på serverlistan\n"
 
 #: src/tools/sssctl/sssctl_logs.c:47
 msgid "\n"
@@ -2582,123 +2622,124 @@ msgstr "\n"
 
 #: src/tools/sssctl/sssctl_logs.c:237
 msgid "Delete log files instead of truncating"
-msgstr ""
+msgstr "Radera loggfiler istället för att hugga av"
 
 #: src/tools/sssctl/sssctl_logs.c:248
 #, c-format
 msgid "Deleting log files...\n"
-msgstr ""
+msgstr "Raderar loggfiler …\n"
 
 #: src/tools/sssctl/sssctl_logs.c:251
 #, c-format
 msgid "Unable to remove log files\n"
-msgstr ""
+msgstr "Kan inte ta bort loggfiler\n"
 
 #: src/tools/sssctl/sssctl_logs.c:257
 #, c-format
 msgid "Truncating log files...\n"
-msgstr ""
+msgstr "Hugger av loggfiler …\n"
 
 #: src/tools/sssctl/sssctl_logs.c:260
 #, c-format
 msgid "Unable to truncate log files\n"
-msgstr ""
+msgstr "Kan inte hugga av loggfiler\n"
 
 #: src/tools/sssctl/sssctl_logs.c:286
 #, c-format
 msgid "Out of memory!"
-msgstr ""
+msgstr "Slut på minne!"
 
 #: src/tools/sssctl/sssctl_logs.c:289
 #, c-format
 msgid "Archiving log files into %s...\n"
-msgstr ""
+msgstr "Arkiverar loggfiler in i %s …\n"
 
 #: src/tools/sssctl/sssctl_logs.c:292
 #, c-format
 msgid "Unable to archive log files\n"
-msgstr ""
+msgstr "Kan inte arkivera loggfiler\n"
 
 #: src/tools/sssctl/sssctl_logs.c:317
-#, fuzzy
 msgid "Specify debug level you want to set"
-msgstr "Ange felsökningsnivån du vill ställa in\n"
+msgstr "Ange felsökningsnivå du vill sätta"
 
 #: src/tools/sssctl/sssctl_sifp.c:28
 msgid ""
 "Check that SSSD is running and the InfoPipe responder is enabled. Make sure "
 "'ifp' is listed in the 'services' option in sssd.conf.\n"
 msgstr ""
+"Kontrollera att SSSD kör och InfoPipe-respondenten är aktiverad.  Se till "
+"att ”ifp” listas i flaggan ”services” i sssd.conf.\n"
 
 #: src/tools/sssctl/sssctl_user_checks.c:91
 #, c-format
 msgid "Unable to connect to the InfoPipe"
-msgstr ""
+msgstr "Kan inte ansluta till InfoPipe"
 
 #: src/tools/sssctl/sssctl_user_checks.c:97
 #, c-format
 msgid "Unable to get user object"
-msgstr ""
+msgstr "Kan inte att användarobjektet"
 
 #: src/tools/sssctl/sssctl_user_checks.c:101
 #, c-format
 msgid "SSSD InfoPipe user lookup result:\n"
-msgstr ""
+msgstr "Resultat av SSSD InfoPipe-användaruppslagning:\n"
 
 #: src/tools/sssctl/sssctl_user_checks.c:113
 #, c-format
 msgid "Unable to get user name attr"
-msgstr ""
+msgstr "Kan inte hämta användarnamnsattribut"
 
 #: src/tools/sssctl/sssctl_user_checks.c:146
 #, c-format
 msgid "dlopen failed with [%s].\n"
-msgstr ""
+msgstr "dlopen misslyckades med [%s].\n"
 
 #: src/tools/sssctl/sssctl_user_checks.c:153
 #, c-format
 msgid "dlsym failed with [%s].\n"
-msgstr ""
+msgstr "dlsym misslyckades med [%s].\n"
 
 #: src/tools/sssctl/sssctl_user_checks.c:161
 #, c-format
 msgid "malloc failed.\n"
-msgstr ""
+msgstr "malloc misslyckades.\n"
 
 #: src/tools/sssctl/sssctl_user_checks.c:168
 #, c-format
 msgid "sss_getpwnam_r failed with [%d].\n"
-msgstr ""
+msgstr "sss_getpwnam_r misslyckades med [%d].\n"
 
 #: src/tools/sssctl/sssctl_user_checks.c:173
 #, c-format
 msgid "SSSD nss user lookup result:\n"
-msgstr ""
+msgstr "Resultat av SSSD nss-användaruppslagning:\n"
 
 #: src/tools/sssctl/sssctl_user_checks.c:174
 #, c-format
 msgid " - user name: %s\n"
-msgstr ""
+msgstr " - användarnamn: %s\n"
 
 #: src/tools/sssctl/sssctl_user_checks.c:175
 #, c-format
 msgid " - user id: %d\n"
-msgstr ""
+msgstr " - användar-id: %d\n"
 
 #: src/tools/sssctl/sssctl_user_checks.c:176
 #, c-format
 msgid " - group id: %d\n"
-msgstr ""
+msgstr " - grupp-id: %d\n"
 
 #: src/tools/sssctl/sssctl_user_checks.c:177
 #, c-format
 msgid " - gecos: %s\n"
-msgstr ""
+msgstr " - gecos: %s\n"
 
 #: src/tools/sssctl/sssctl_user_checks.c:178
 #, c-format
 msgid " - home directory: %s\n"
-msgstr ""
+msgstr " - hemkatalog: %s\n"
 
 #: src/tools/sssctl/sssctl_user_checks.c:179
 #, c-format
@@ -2706,18 +2747,20 @@ msgid ""
 " - shell: %s\n"
 "\n"
 msgstr ""
+" - skal: %s\n"
+"\n"
 
 #: src/tools/sssctl/sssctl_user_checks.c:211
 msgid "PAM action [auth|acct|setc|chau|open|clos], default: "
-msgstr ""
+msgstr "PAM-åtgärd [auth|acct|setc|chau|open|clos], standard: "
 
 #: src/tools/sssctl/sssctl_user_checks.c:214
 msgid "PAM service, default: "
-msgstr ""
+msgstr "PAM-tjänst, standard: "
 
 #: src/tools/sssctl/sssctl_user_checks.c:219
 msgid "Specify user name."
-msgstr ""
+msgstr "Ange användarnamn."
 
 #: src/tools/sssctl/sssctl_user_checks.c:226
 #, c-format
@@ -2727,21 +2770,25 @@ msgid ""
 "service: %s\n"
 "\n"
 msgstr ""
+"användare: %s\n"
+"åtgärd: %s\n"
+"tjänst: %s\n"
+"\n"
 
 #: src/tools/sssctl/sssctl_user_checks.c:232
 #, c-format
 msgid "User name lookup with [%s] failed.\n"
-msgstr ""
+msgstr "Användarnamnsuppslagning med [%s] misslyckades.\n"
 
 #: src/tools/sssctl/sssctl_user_checks.c:237
 #, c-format
 msgid "InfoPipe User lookup with [%s] failed.\n"
-msgstr ""
+msgstr "InfoPipe-användaruppslagning med [%s] misslyckades.\n"
 
 #: src/tools/sssctl/sssctl_user_checks.c:244
 #, c-format
 msgid "pam_start failed: %s\n"
-msgstr ""
+msgstr "pam_start misslyckades: %s\n"
 
 #: src/tools/sssctl/sssctl_user_checks.c:249
 #, c-format
@@ -2749,11 +2796,13 @@ msgid ""
 "testing pam_authenticate\n"
 "\n"
 msgstr ""
+"testar pam_authenticate\n"
+"\n"
 
 #: src/tools/sssctl/sssctl_user_checks.c:253
 #, c-format
 msgid "pam_get_item failed: %s\n"
-msgstr ""
+msgstr "pam_get_item misslyckades: %s\n"
 
 #: src/tools/sssctl/sssctl_user_checks.c:257
 #, c-format
@@ -2761,6 +2810,8 @@ msgid ""
 "pam_authenticate for user [%s]: %s\n"
 "\n"
 msgstr ""
+"pam_authenticate för användaren [%s]: %s\n"
+"\n"
 
 #: src/tools/sssctl/sssctl_user_checks.c:260
 #, c-format
@@ -2768,6 +2819,8 @@ msgid ""
 "testing pam_chauthtok\n"
 "\n"
 msgstr ""
+"testar pam_chauthtok\n"
+"\n"
 
 #: src/tools/sssctl/sssctl_user_checks.c:262
 #, c-format
@@ -2775,6 +2828,8 @@ msgid ""
 "pam_chauthtok: %s\n"
 "\n"
 msgstr ""
+"pam_chauthtok: %s\n"
+"\n"
 
 #: src/tools/sssctl/sssctl_user_checks.c:264
 #, c-format
@@ -2782,6 +2837,8 @@ msgid ""
 "testing pam_acct_mgmt\n"
 "\n"
 msgstr ""
+"testar pam_acct_mgmt\n"
+"\n"
 
 #: src/tools/sssctl/sssctl_user_checks.c:266
 #, c-format
@@ -2789,6 +2846,8 @@ msgid ""
 "pam_acct_mgmt: %s\n"
 "\n"
 msgstr ""
+"pam_acct_mgmt: %s\n"
+"\n"
 
 #: src/tools/sssctl/sssctl_user_checks.c:268
 #, c-format
@@ -2796,6 +2855,8 @@ msgid ""
 "testing pam_setcred\n"
 "\n"
 msgstr ""
+"testar pam_setcred\n"
+"\n"
 
 #: src/tools/sssctl/sssctl_user_checks.c:270
 #, c-format
@@ -2803,6 +2864,8 @@ msgid ""
 "pam_setcred: [%s]\n"
 "\n"
 msgstr ""
+"pam_setcred: [%s]\n"
+"\n"
 
 #: src/tools/sssctl/sssctl_user_checks.c:272
 #, c-format
@@ -2810,6 +2873,8 @@ msgid ""
 "testing pam_open_session\n"
 "\n"
 msgstr ""
+"testar pam_open_session\n"
+"\n"
 
 #: src/tools/sssctl/sssctl_user_checks.c:274
 #, c-format
@@ -2817,6 +2882,8 @@ msgid ""
 "pam_open_session: %s\n"
 "\n"
 msgstr ""
+"pam_open_session: %s\n"
+"\n"
 
 #: src/tools/sssctl/sssctl_user_checks.c:276
 #, c-format
@@ -2824,6 +2891,8 @@ msgid ""
 "testing pam_close_session\n"
 "\n"
 msgstr ""
+"testar pam_close_session\n"
+"\n"
 
 #: src/tools/sssctl/sssctl_user_checks.c:278
 #, c-format
@@ -2831,37 +2900,36 @@ msgid ""
 "pam_close_session: %s\n"
 "\n"
 msgstr ""
+"pam_close_session: %s\n"
+"\n"
 
 #: src/tools/sssctl/sssctl_user_checks.c:281
 #, c-format
 msgid "unknown action\n"
-msgstr ""
+msgstr "okänd åtgärd\n"
 
 #: src/tools/sssctl/sssctl_user_checks.c:284
 #, c-format
 msgid "PAM Environment:\n"
-msgstr ""
+msgstr "PAM-miljö:\n"
 
 #: src/tools/sssctl/sssctl_user_checks.c:292
 #, c-format
 msgid " - no env -\n"
-msgstr ""
+msgstr " - ingen miljö -\n"
 
 #: src/util/util.h:75
 msgid "The user ID to run the server as"
-msgstr ""
+msgstr "Användar-ID:t att köra servern som"
 
 #: src/util/util.h:77
 msgid "The group ID to run the server as"
-msgstr ""
+msgstr "Grupp-ID:t att köra servern som"
 
 #: src/util/util.h:85
 msgid "Informs that the responder has been socket-activated"
-msgstr ""
+msgstr "Informerar att respondenten har blivit uttagsaktiverad"
 
 #: src/util/util.h:87
 msgid "Informs that the responder has been dbus-activated"
-msgstr ""
-
-#~ msgid "Only one argument expected\n"
-#~ msgstr "Endast ett argument förväntades\n"
+msgstr "Informerar att respondenten har blivit dbus-aktiverad"
diff --git a/po/tg.po b/po/tg.po
index 829203e..69d38b6 100644
--- a/po/tg.po
+++ b/po/tg.po
@@ -7,8 +7,8 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2018-03-09 12:31+0100\n"
-"PO-Revision-Date: 2014-12-14 11:48-0500\n"
+"POT-Creation-Date: 2018-06-08 21:01+0200\n"
+"PO-Revision-Date: 2014-12-14 11:48+0000\n"
 "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
 "Language-Team: Tajik (http://www.transifex.com/projects/p/sssd/language/"
 "tg/)\n"
@@ -17,7 +17,7 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
-"X-Generator: Zanata 3.9.6\n"
+"X-Generator: Zanata 4.4.5\n"
 
 #: src/config/SSSDConfig/__init__.py.in:43
 #: src/config/SSSDConfig/__init__.py.in:44
@@ -1462,6 +1462,14 @@ msgstr ""
 msgid "PAM stack to use"
 msgstr ""
 
+#: src/config/SSSDConfig/__init__.py.in:479
+msgid "Path of passwd file sources."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:480
+msgid "Path of group file sources."
+msgstr ""
+
 #: src/monitor/monitor.c:2449
 msgid "Become a daemon (default)"
 msgstr ""
@@ -1490,23 +1498,23 @@ msgstr ""
 msgid "SSSD is already running\n"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:3216 src/providers/ldap/ldap_child.c:617
+#: src/providers/krb5/krb5_child.c:3216 src/providers/ldap/ldap_child.c:605
 msgid "Debug level"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:3218 src/providers/ldap/ldap_child.c:619
+#: src/providers/krb5/krb5_child.c:3218 src/providers/ldap/ldap_child.c:607
 msgid "Add debug timestamps"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:3220 src/providers/ldap/ldap_child.c:621
+#: src/providers/krb5/krb5_child.c:3220 src/providers/ldap/ldap_child.c:609
 msgid "Show timestamps with microseconds"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:3222 src/providers/ldap/ldap_child.c:623
+#: src/providers/krb5/krb5_child.c:3222 src/providers/ldap/ldap_child.c:611
 msgid "An open file descriptor for the debug logs"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:3225 src/providers/ldap/ldap_child.c:625
+#: src/providers/krb5/krb5_child.c:3225 src/providers/ldap/ldap_child.c:613
 msgid "Send the debug output to stderr directly."
 msgstr ""
 
diff --git a/po/tr.po b/po/tr.po
index 86ebe5b..4871681 100644
--- a/po/tr.po
+++ b/po/tr.po
@@ -8,8 +8,8 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2018-03-09 12:31+0100\n"
-"PO-Revision-Date: 2014-12-14 11:49-0500\n"
+"POT-Creation-Date: 2018-06-08 21:01+0200\n"
+"PO-Revision-Date: 2014-12-14 11:49+0000\n"
 "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
 "Language-Team: Turkish (http://www.transifex.com/projects/p/sssd/language/"
 "tr/)\n"
@@ -18,7 +18,7 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n > 1);\n"
-"X-Generator: Zanata 3.9.6\n"
+"X-Generator: Zanata 4.4.5\n"
 
 #: src/config/SSSDConfig/__init__.py.in:43
 #: src/config/SSSDConfig/__init__.py.in:44
@@ -1463,6 +1463,14 @@ msgstr ""
 msgid "PAM stack to use"
 msgstr ""
 
+#: src/config/SSSDConfig/__init__.py.in:479
+msgid "Path of passwd file sources."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:480
+msgid "Path of group file sources."
+msgstr ""
+
 #: src/monitor/monitor.c:2449
 msgid "Become a daemon (default)"
 msgstr ""
@@ -1491,23 +1499,23 @@ msgstr ""
 msgid "SSSD is already running\n"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:3216 src/providers/ldap/ldap_child.c:617
+#: src/providers/krb5/krb5_child.c:3216 src/providers/ldap/ldap_child.c:605
 msgid "Debug level"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:3218 src/providers/ldap/ldap_child.c:619
+#: src/providers/krb5/krb5_child.c:3218 src/providers/ldap/ldap_child.c:607
 msgid "Add debug timestamps"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:3220 src/providers/ldap/ldap_child.c:621
+#: src/providers/krb5/krb5_child.c:3220 src/providers/ldap/ldap_child.c:609
 msgid "Show timestamps with microseconds"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:3222 src/providers/ldap/ldap_child.c:623
+#: src/providers/krb5/krb5_child.c:3222 src/providers/ldap/ldap_child.c:611
 msgid "An open file descriptor for the debug logs"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:3225 src/providers/ldap/ldap_child.c:625
+#: src/providers/krb5/krb5_child.c:3225 src/providers/ldap/ldap_child.c:613
 msgid "Send the debug output to stderr directly."
 msgstr ""
 
diff --git a/po/uk.po b/po/uk.po
index b1c9a9d..592bf73 100644
--- a/po/uk.po
+++ b/po/uk.po
@@ -8,12 +8,13 @@
 # Yuri Chornoivan <yurchor@ukr.net>, 2013
 # Yuri Chornoivan <yurchor@ukr.net>, 2015. #zanata
 # Yuri Chornoivan <yurchor@ukr.net>, 2017. #zanata
+# Yuri Chornoivan <yurchor@ukr.net>, 2018. #zanata
 msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2018-03-09 12:31+0100\n"
-"PO-Revision-Date: 2017-07-26 12:16-0400\n"
+"POT-Creation-Date: 2018-06-08 21:01+0200\n"
+"PO-Revision-Date: 2018-03-09 08:59+0000\n"
 "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
 "Language-Team: Ukrainian (http://www.transifex.com/projects/p/sssd/language/"
 "uk/)\n"
@@ -23,7 +24,7 @@ msgstr ""
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n"
 "%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n"
-"X-Generator: Zanata 3.9.6\n"
+"X-Generator: Zanata 4.4.5\n"
 
 #: src/config/SSSDConfig/__init__.py.in:43
 #: src/config/SSSDConfig/__init__.py.in:44
@@ -234,7 +235,6 @@ msgid "What kind of messages are displayed to the user during authentication"
 msgstr "Тип повідомлень, які буде показано користувачеві під час розпізнавання"
 
 #: src/config/SSSDConfig/__init__.py.in:95
-#, fuzzy
 msgid "Filter PAM responses sent to the pam_sss"
 msgstr "Фільтрувати відповіді PAM, які надіслано pam_sss"
 
@@ -276,7 +276,6 @@ msgid "Allow certificate based/Smartcard authentication."
 msgstr "Дозволити розпізнавання за сертифікатом або смарткарткою."
 
 #: src/config/SSSDConfig/__init__.py.in:103
-#, fuzzy
 msgid "Path to certificate database with PKCS#11 modules."
 msgstr "Шлях до бази даних сертифікатів із модулями PKCS#11."
 
@@ -309,6 +308,8 @@ msgid ""
 "Maximum number of rules that can be refreshed at once. If this is exceeded, "
 "full refresh is performed."
 msgstr ""
+"Максимальна кількість правил, які може бути одночасно оновлено. Якщо цю "
+"кількість буде перевищено, буде виконано повне оновлення."
 
 #: src/config/SSSDConfig/__init__.py.in:116
 msgid "Whether to hash host names and addresses in the known_hosts file"
@@ -359,9 +360,9 @@ msgid "The maximum number of secrets that can be stored"
 msgstr "Максимальна кількість записів реєстраційних даних, які можна зберігати"
 
 #: src/config/SSSDConfig/__init__.py.in:132
-#, fuzzy
 msgid "The maximum number of secrets that can be stored per UID"
-msgstr "Максимальна кількість записів реєстраційних даних, які можна зберігати"
+msgstr ""
+"Максимальна кількість записів реєстраційних даних, які можна зберігати за UID"
 
 #: src/config/SSSDConfig/__init__.py.in:133
 msgid "The maximum payload size of a secret in kilobytes"
@@ -416,7 +417,6 @@ msgstr ""
 "використовує протокол https"
 
 #: src/config/SSSDConfig/__init__.py.in:143
-#, fuzzy
 msgid ""
 "If false peer's certificate may contain different hostname than proxy_url "
 "when https protocol is used"
@@ -474,9 +474,8 @@ msgid "SELinux provider"
 msgstr "Надавач даних SELinux"
 
 #: src/config/SSSDConfig/__init__.py.in:158
-#, fuzzy
 msgid "Session management provider"
-msgstr "Служба зміни паролів"
+msgstr "Засіб керування сеансами"
 
 #: src/config/SSSDConfig/__init__.py.in:161
 msgid "Whether the domain is usable by the OS or by applications"
@@ -622,9 +621,9 @@ msgstr ""
 "розпізнавання за кешем"
 
 #: src/config/SSSDConfig/__init__.py.in:198
-#, fuzzy
 msgid "Whether to automatically create private groups for users"
-msgstr "Визначає, чи слід автоматично оновлювати запис DNS клієнта"
+msgstr ""
+"Визначає, чи слід автоматично створювати приватні групи для користувачів"
 
 #: src/config/SSSDConfig/__init__.py.in:201
 msgid "IPA domain"
@@ -716,24 +715,23 @@ msgid "Objectclass for group override objects"
 msgstr "Клас об’єктів для об’єктів перевизначення груп"
 
 #: src/config/SSSDConfig/__init__.py.in:223
-#, fuzzy
 msgid "Search base for Desktop Profile related objects"
-msgstr "Шукати у базі об’єкти, пов’язані з HBAC"
+msgstr "Шукати у базі пов'язані і профілями станцій об'єкти"
 
 #: src/config/SSSDConfig/__init__.py.in:224
-#, fuzzy
 msgid ""
 "The amount of time in seconds between lookups of the Desktop Profile rules "
 "against the IPA server"
-msgstr "Час, у секундах, між пошуками у картах SELinux на сервері IPA"
+msgstr ""
+"Час, у секундах, між пошуками у правилах профілів станцій на сервері IPA"
 
 #: src/config/SSSDConfig/__init__.py.in:225
-#, fuzzy
 msgid ""
 "The amount of time in minutes between lookups of Desktop Profiles rules "
 "against the IPA server when the last request did not find any rule"
 msgstr ""
-"Інтервал часу між послідовними сеансами пошуку правил HBAC на сервері IPA"
+"Час, у хвилинах, між пошуками у правилах профілів станцій на сервері IPA, "
+"якщо під час останнього запиту не було знайдено жодного правила"
 
 #: src/config/SSSDConfig/__init__.py.in:228
 msgid "Active Directory domain"
@@ -839,11 +837,9 @@ msgstr ""
 "пароль має бути оновлено"
 
 #: src/config/SSSDConfig/__init__.py.in:248
-#, fuzzy
 msgid "Option for tuning the machine account renewal task"
 msgstr ""
-"Параметр для налаштовування завдання з оновлення облікових записів "
-"комп'ютерів"
+"Параметр налаштовування завдання оновлення облікових записів комп’ютерів"
 
 #: src/config/SSSDConfig/__init__.py.in:251
 #: src/config/SSSDConfig/__init__.py.in:252
@@ -919,9 +915,8 @@ msgid "Enables enterprise principals"
 msgstr "Увімкнути промислові реєстраційні дані"
 
 #: src/config/SSSDConfig/__init__.py.in:272
-#, fuzzy
 msgid "A mapping from user names to Kerberos principal names"
-msgstr "Прив’язка імен користувачів до основних імен kerberos"
+msgstr "Прив’язка імен користувачів до основних імен Kerberos"
 
 #: src/config/SSSDConfig/__init__.py.in:275
 #: src/config/SSSDConfig/__init__.py.in:276
@@ -1213,9 +1208,8 @@ msgid "Attribute listing authorized server hosts"
 msgstr "Атрибути зі списком уповноважених серверних вузлів"
 
 #: src/config/SSSDConfig/__init__.py.in:353
-#, fuzzy
 msgid "Attribute listing authorized server rhosts"
-msgstr "Атрибути зі списком уповноважених серверних вузлів"
+msgstr "Атрибути зі списком уповноважених серверних r-вузлів"
 
 #: src/config/SSSDConfig/__init__.py.in:354
 msgid "krbLastPwdChange attribute"
@@ -1316,7 +1310,6 @@ msgid "The LDAP group external member attribute"
 msgstr "Атрибут групи LDAP зовнішнього учасника"
 
 #: src/config/SSSDConfig/__init__.py.in:384
-#, fuzzy
 msgid "Maximum nesting level SSSD will follow"
 msgstr "Максимальний рівень вкладеності, який використовуватиме SSSD"
 
@@ -1614,6 +1607,14 @@ msgstr ""
 msgid "PAM stack to use"
 msgstr "Стек PAM, який слід використовувати"
 
+#: src/config/SSSDConfig/__init__.py.in:479
+msgid "Path of passwd file sources."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:480
+msgid "Path of group file sources."
+msgstr ""
+
 #: src/monitor/monitor.c:2449
 msgid "Become a daemon (default)"
 msgstr "Запуститися фонову службу (типова поведінка)"
@@ -1642,23 +1643,23 @@ msgstr "Вивести номер версії і завершити робот�
 msgid "SSSD is already running\n"
 msgstr "SSSD вже запущено\n"
 
-#: src/providers/krb5/krb5_child.c:3216 src/providers/ldap/ldap_child.c:617
+#: src/providers/krb5/krb5_child.c:3216 src/providers/ldap/ldap_child.c:605
 msgid "Debug level"
 msgstr "Рівень зневаджування"
 
-#: src/providers/krb5/krb5_child.c:3218 src/providers/ldap/ldap_child.c:619
+#: src/providers/krb5/krb5_child.c:3218 src/providers/ldap/ldap_child.c:607
 msgid "Add debug timestamps"
 msgstr "Додавати діагностичні часові позначки"
 
-#: src/providers/krb5/krb5_child.c:3220 src/providers/ldap/ldap_child.c:621
+#: src/providers/krb5/krb5_child.c:3220 src/providers/ldap/ldap_child.c:609
 msgid "Show timestamps with microseconds"
 msgstr "Показувати мікросекунди у часових позначках"
 
-#: src/providers/krb5/krb5_child.c:3222 src/providers/ldap/ldap_child.c:623
+#: src/providers/krb5/krb5_child.c:3222 src/providers/ldap/ldap_child.c:611
 msgid "An open file descriptor for the debug logs"
 msgstr "Дескриптор відкритого файла для запису журналів діагностики"
 
-#: src/providers/krb5/krb5_child.c:3225 src/providers/ldap/ldap_child.c:625
+#: src/providers/krb5/krb5_child.c:3225 src/providers/ldap/ldap_child.c:613
 msgid "Send the debug output to stderr directly."
 msgstr "Надіслати діагностичну інформацію безпосередньо до stderr."
 
@@ -1697,7 +1698,7 @@ msgstr "Вимагає перетворення реєстраційного з�
 
 #: src/providers/krb5/krb5_child.c:3245
 msgid "Use custom version of krb5_get_init_creds_password"
-msgstr ""
+msgstr "Використовувати нетипову версію krb5_get_init_creds_password"
 
 #: src/providers/data_provider_be.c:555
 msgid "Domain of the information provider (mandatory)"
@@ -1807,9 +1808,8 @@ msgid "Password: "
 msgstr "Пароль: "
 
 #: src/sss_client/pam_sss.c:2201 src/sss_client/pam_sss.c:2204
-#, fuzzy
 msgid "First Factor (Current Password): "
-msgstr "Поточний пароль: "
+msgstr "Перший фактор (поточний пароль): "
 
 #: src/sss_client/pam_sss.c:2208
 msgid "Current Password: "
@@ -2565,9 +2565,9 @@ msgid "Unable to create backup directory [%d]: %s"
 msgstr "Не вдалося створити каталог резервної копії [%d]: %s"
 
 #: src/tools/sssctl/sssctl_data.c:95
-#, fuzzy
 msgid "SSSD backup of local data already exists, override?"
-msgstr "Резервна копія SSSD локальних даних вже існує, перевизначити?"
+msgstr ""
+"Резервна копія SSSD для локальних даних вже існує. Хочете її перезаписати?"
 
 #: src/tools/sssctl/sssctl_data.c:111
 #, c-format
@@ -2752,9 +2752,8 @@ msgid "Unable to archive log files\n"
 msgstr "Не вдалося архівувати файли журналу\n"
 
 #: src/tools/sssctl/sssctl_logs.c:317
-#, fuzzy
 msgid "Specify debug level you want to set"
-msgstr "Вкажіть рівень діагностики, який ви бажаєте встановити\n"
+msgstr "Вкажіть рівень діагностики, яким ви хочете скористатися"
 
 #: src/tools/sssctl/sssctl_sifp.c:28
 msgid ""
@@ -2874,10 +2873,9 @@ msgid "User name lookup with [%s] failed.\n"
 msgstr "Не вдалося знайти користувача за допомогою [%s].\n"
 
 #: src/tools/sssctl/sssctl_user_checks.c:237
-#, fuzzy, c-format
+#, c-format
 msgid "InfoPipe User lookup with [%s] failed.\n"
-msgstr ""
-"Спроба пошуку користувача у InfoPipe за допомогою [%s] зазнала невдачі.\n"
+msgstr "Не вдалося знайти користувача InfoPipe за допомогою [%s].\n"
 
 #: src/tools/sssctl/sssctl_user_checks.c:244
 #, c-format
@@ -3027,6 +3025,3 @@ msgstr "Інформує про те, що на відповідачі заді�
 #: src/util/util.h:87
 msgid "Informs that the responder has been dbus-activated"
 msgstr "Інформує про те, що на відповідачі задіяно D-Bus"
-
-#~ msgid "Only one argument expected\n"
-#~ msgstr "Мало бути вказано лише один аргумент\n"
diff --git a/po/zh_CN.po b/po/zh_CN.po
index e13f7c0..1ebcb39 100644
--- a/po/zh_CN.po
+++ b/po/zh_CN.po
@@ -8,17 +8,17 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2018-03-09 12:31+0100\n"
-"PO-Revision-Date: 2014-12-14 11:50-0500\n"
+"POT-Creation-Date: 2018-06-08 21:01+0200\n"
+"PO-Revision-Date: 2014-12-14 11:50+0000\n"
 "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
 "Language-Team: Chinese (China) (http://www.transifex.com/projects/p/sssd/"
 "language/zh_CN/)\n"
-"Language: zh-CN\n"
+"Language: zh_CN\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=1; plural=0;\n"
-"X-Generator: Zanata 3.9.6\n"
+"X-Generator: Zanata 4.4.5\n"
 
 #: src/config/SSSDConfig/__init__.py.in:43
 #: src/config/SSSDConfig/__init__.py.in:44
@@ -1463,6 +1463,14 @@ msgstr ""
 msgid "PAM stack to use"
 msgstr ""
 
+#: src/config/SSSDConfig/__init__.py.in:479
+msgid "Path of passwd file sources."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:480
+msgid "Path of group file sources."
+msgstr ""
+
 #: src/monitor/monitor.c:2449
 msgid "Become a daemon (default)"
 msgstr ""
@@ -1491,23 +1499,23 @@ msgstr ""
 msgid "SSSD is already running\n"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:3216 src/providers/ldap/ldap_child.c:617
+#: src/providers/krb5/krb5_child.c:3216 src/providers/ldap/ldap_child.c:605
 msgid "Debug level"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:3218 src/providers/ldap/ldap_child.c:619
+#: src/providers/krb5/krb5_child.c:3218 src/providers/ldap/ldap_child.c:607
 msgid "Add debug timestamps"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:3220 src/providers/ldap/ldap_child.c:621
+#: src/providers/krb5/krb5_child.c:3220 src/providers/ldap/ldap_child.c:609
 msgid "Show timestamps with microseconds"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:3222 src/providers/ldap/ldap_child.c:623
+#: src/providers/krb5/krb5_child.c:3222 src/providers/ldap/ldap_child.c:611
 msgid "An open file descriptor for the debug logs"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:3225 src/providers/ldap/ldap_child.c:625
+#: src/providers/krb5/krb5_child.c:3225 src/providers/ldap/ldap_child.c:613
 msgid "Send the debug output to stderr directly."
 msgstr ""
 
diff --git a/po/zh_TW.po b/po/zh_TW.po
index de1a8f0..026491b 100644
--- a/po/zh_TW.po
+++ b/po/zh_TW.po
@@ -7,17 +7,17 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2018-03-09 12:31+0100\n"
-"PO-Revision-Date: 2014-12-14 11:50-0500\n"
+"POT-Creation-Date: 2018-06-08 21:01+0200\n"
+"PO-Revision-Date: 2014-12-14 11:50+0000\n"
 "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
 "Language-Team: Chinese (Taiwan) (http://www.transifex.com/projects/p/sssd/"
 "language/zh_TW/)\n"
-"Language: zh-TW\n"
+"Language: zh_TW\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=1; plural=0;\n"
-"X-Generator: Zanata 3.9.6\n"
+"X-Generator: Zanata 4.4.5\n"
 
 #: src/config/SSSDConfig/__init__.py.in:43
 #: src/config/SSSDConfig/__init__.py.in:44
@@ -412,9 +412,8 @@ msgid "SELinux provider"
 msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:158
-#, fuzzy
 msgid "Session management provider"
-msgstr "密碼變更提供者"
+msgstr ""
 
 #: src/config/SSSDConfig/__init__.py.in:161
 msgid "Whether the domain is usable by the OS or by applications"
@@ -1463,6 +1462,14 @@ msgstr ""
 msgid "PAM stack to use"
 msgstr "要使用的 PAM 堆疊"
 
+#: src/config/SSSDConfig/__init__.py.in:479
+msgid "Path of passwd file sources."
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:480
+msgid "Path of group file sources."
+msgstr ""
+
 #: src/monitor/monitor.c:2449
 msgid "Become a daemon (default)"
 msgstr "作為幕後程式 (預設)"
@@ -1491,23 +1498,23 @@ msgstr ""
 msgid "SSSD is already running\n"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:3216 src/providers/ldap/ldap_child.c:617
+#: src/providers/krb5/krb5_child.c:3216 src/providers/ldap/ldap_child.c:605
 msgid "Debug level"
 msgstr "除錯層級"
 
-#: src/providers/krb5/krb5_child.c:3218 src/providers/ldap/ldap_child.c:619
+#: src/providers/krb5/krb5_child.c:3218 src/providers/ldap/ldap_child.c:607
 msgid "Add debug timestamps"
 msgstr "加入除錯時間戳記"
 
-#: src/providers/krb5/krb5_child.c:3220 src/providers/ldap/ldap_child.c:621
+#: src/providers/krb5/krb5_child.c:3220 src/providers/ldap/ldap_child.c:609
 msgid "Show timestamps with microseconds"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:3222 src/providers/ldap/ldap_child.c:623
+#: src/providers/krb5/krb5_child.c:3222 src/providers/ldap/ldap_child.c:611
 msgid "An open file descriptor for the debug logs"
 msgstr ""
 
-#: src/providers/krb5/krb5_child.c:3225 src/providers/ldap/ldap_child.c:625
+#: src/providers/krb5/krb5_child.c:3225 src/providers/ldap/ldap_child.c:613
 msgid "Send the debug output to stderr directly."
 msgstr ""
 
@@ -1653,9 +1660,8 @@ msgid "Password: "
 msgstr "密碼："
 
 #: src/sss_client/pam_sss.c:2201 src/sss_client/pam_sss.c:2204
-#, fuzzy
 msgid "First Factor (Current Password): "
-msgstr "目前的密碼："
+msgstr ""
 
 #: src/sss_client/pam_sss.c:2208
 msgid "Current Password: "
diff --git a/src/man/po/br.po b/src/man/po/br.po
index 9d7351e..57277e7 100644
--- a/src/man/po/br.po
+++ b/src/man/po/br.po
@@ -6,10 +6,10 @@
 # Fulup <fulup.jakez@gmail.com>, 2012
 msgid ""
 msgstr ""
-"Project-Id-Version: sssd-docs 1.15.3\n"
+"Project-Id-Version: sssd-docs 1.16.1\n"
 "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2018-03-09 12:30+0100\n"
-"PO-Revision-Date: 2014-12-14 11:51-0500\n"
+"POT-Creation-Date: 2018-06-08 21:00+0200\n"
+"PO-Revision-Date: 2014-12-14 11:51+0000\n"
 "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
 "Language-Team: Breton (http://www.transifex.com/projects/p/sssd/language/"
 "br/)\n"
@@ -18,7 +18,7 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n > 1);\n"
-"X-Generator: Zanata 3.9.6\n"
+"X-Generator: Zanata 4.4.5\n"
 
 #. type: Content of: <reference><title>
 #: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
@@ -92,7 +92,7 @@ msgstr ""
 #: sss_groupmod.8.xml:39 pam_sss.8.xml:64 sssd.8.xml:42 sss_obfuscate.8.xml:58
 #: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
 #: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
-#: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:66
+#: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:123
 #: sss_ssh_knownhostsproxy.1.xml:62
 msgid "OPTIONS"
 msgstr "DIBARZHIOÙ"
@@ -190,7 +190,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd.conf.5.xml:41
 msgid ""
-"A line comment starts with a hash sign (<quote>#</quote>) or a semicolon "
+"A comment line starts with a hash sign (<quote>#</quote>) or a semicolon "
 "(<quote>;</quote>).  Inline comments are not supported."
 msgstr ""
 
@@ -298,11 +298,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:133 sssd.conf.5.xml:543 sssd.conf.5.xml:837
-#: sssd.conf.5.xml:1474 sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1937
-#: sssd-ldap.5.xml:1999 sssd-ldap.5.xml:2565 sssd-ldap.5.xml:2630
-#: sssd-ldap.5.xml:2648 sssd-ad.5.xml:224 sssd-ad.5.xml:338 sssd-ad.5.xml:882
-#: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
+#: sssd.conf.5.xml:133 sssd.conf.5.xml:543 sssd.conf.5.xml:839
+#: sssd.conf.5.xml:1491 sssd.conf.5.xml:1521 sssd-ldap.5.xml:1840
+#: sssd-ldap.5.xml:1937 sssd-ldap.5.xml:1999 sssd-ldap.5.xml:2565
+#: sssd-ldap.5.xml:2630 sssd-ldap.5.xml:2648 sssd-ad.5.xml:227
+#: sssd-ad.5.xml:341 sssd-ad.5.xml:885 sssd-krb5.5.xml:499
+#: sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
 msgid "Default: true"
 msgstr "Dre ziouer : true"
 
@@ -319,8 +320,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:146 sssd.conf.5.xml:540 sssd.conf.5.xml:721
-#: sssd.conf.5.xml:1407 sssd.conf.5.xml:2925 sssd-ldap.5.xml:708
+#: sssd.conf.5.xml:146 sssd.conf.5.xml:540 sssd.conf.5.xml:722
+#: sssd.conf.5.xml:1424 sssd.conf.5.xml:2983 sssd-ldap.5.xml:708
 #: sssd-ldap.5.xml:1714 sssd-ldap.5.xml:1733 sssd-ldap.5.xml:1909
 #: sssd-ldap.5.xml:2335 sssd-ipa.5.xml:151 sssd-ipa.5.xml:238
 #: sssd-ipa.5.xml:559 sssd-krb5.5.xml:266 sssd-krb5.5.xml:300
@@ -354,7 +355,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:169 sssd.conf.5.xml:1359 sssd.conf.5.xml:2941
+#: sssd.conf.5.xml:169 sssd.conf.5.xml:1376 sssd.conf.5.xml:2999
 #: sssd-ldap.5.xml:1585 include/ldap_id_mapping.xml:264
 msgid "Default: 10"
 msgstr ""
@@ -370,7 +371,7 @@ msgid "The [sssd] section"
 msgstr "Ar rann [sssd]"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:191 sssd.conf.5.xml:3030
+#: sssd.conf.5.xml:191 sssd.conf.5.xml:3088
 msgid "Section parameters"
 msgstr "Arventennoù ar rann"
 
@@ -418,19 +419,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231 sssd.conf.5.xml:613
+#: sssd.conf.5.xml:231 sssd.conf.5.xml:614
 msgid "reconnection_retries (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:234 sssd.conf.5.xml:616
+#: sssd.conf.5.xml:234 sssd.conf.5.xml:617
 msgid ""
 "Number of times services should attempt to reconnect in the event of a Data "
 "Provider crash or restart before they give up"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:239 sssd.conf.5.xml:621
+#: sssd.conf.5.xml:239 sssd.conf.5.xml:622
 msgid "Default: 3"
 msgstr "Dre ziouer : 3"
 
@@ -450,7 +451,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:259 sssd.conf.5.xml:2539
+#: sssd.conf.5.xml:259 sssd.conf.5.xml:2597
 msgid "re_expression (string)"
 msgstr "re_expression (neudennad)"
 
@@ -470,12 +471,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:276 sssd.conf.5.xml:2590
+#: sssd.conf.5.xml:276 sssd.conf.5.xml:2648
 msgid "full_name_format (string)"
 msgstr "full_name_format (neudennad)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:279 sssd.conf.5.xml:2593
+#: sssd.conf.5.xml:279 sssd.conf.5.xml:2651
 msgid ""
 "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
 "manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -483,39 +484,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:290 sssd.conf.5.xml:2604
+#: sssd.conf.5.xml:290 sssd.conf.5.xml:2662
 msgid "%1$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:291 sssd.conf.5.xml:2605
+#: sssd.conf.5.xml:291 sssd.conf.5.xml:2663
 msgid "user name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:294 sssd.conf.5.xml:2608
+#: sssd.conf.5.xml:294 sssd.conf.5.xml:2666
 msgid "%2$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:297 sssd.conf.5.xml:2611
+#: sssd.conf.5.xml:297 sssd.conf.5.xml:2669
 msgid "domain name as specified in the SSSD config file."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:303 sssd.conf.5.xml:2617
+#: sssd.conf.5.xml:303 sssd.conf.5.xml:2675
 msgid "%3$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:306 sssd.conf.5.xml:2620
+#: sssd.conf.5.xml:306 sssd.conf.5.xml:2678
 msgid ""
 "domain flat name. Mostly usable for Active Directory domains, both directly "
 "configured or discovered via IPA trusts."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:287 sssd.conf.5.xml:2601
+#: sssd.conf.5.xml:287 sssd.conf.5.xml:2659
 msgid ""
 "The following expansions are supported: <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
@@ -639,9 +640,9 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:418 sssd.conf.5.xml:1163 sssd-ldap.5.xml:679
+#: sssd.conf.5.xml:418 sssd.conf.5.xml:1165 sssd-ldap.5.xml:679
 #: sssd-ldap.5.xml:1319 sssd-ldap.5.xml:1673 sssd-ldap.5.xml:1685
-#: sssd-ldap.5.xml:1767 sssd-ad.5.xml:687 sssd-ad.5.xml:762 sssd.8.xml:126
+#: sssd-ldap.5.xml:1767 sssd-ad.5.xml:690 sssd-ad.5.xml:765 sssd.8.xml:126
 #: sssd-krb5.5.xml:410 sssd-krb5.5.xml:556 sssd-secrets.5.xml:339
 #: sssd-secrets.5.xml:377 sssd-secrets.5.xml:390 sssd-secrets.5.xml:404
 #: sssd-secrets.5.xml:415 include/ldap_id_mapping.xml:205
@@ -819,21 +820,22 @@ msgstr ""
 #: sssd.conf.5.xml:563
 msgid ""
 "Please, note that when this option is set the output format of all commands "
-"is always fully-qualified even when using short names for input.  In case "
-"the administrator wants the output not fully-qualified, the full_name_format "
-"option can be used as shown below: <quote>full_name_format=%1$s</quote> "
-"However, keep in mind that during login, login applications often "
-"canonicalize the username by calling <citerefentry> <refentrytitle>getpwnam</"
-"refentrytitle> <manvolnum>3</manvolnum> </citerefentry> which, if a "
-"shortname is returned for a qualified input (while trying to reach a user "
-"which exists in multiple domains) might re-route the login attempt into the "
-"domain which users shortnames, making this workaround totally not "
-"recommended in cases where usernames may overlap between domains."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587 sssd.conf.5.xml:1371 sssd.conf.5.xml:2991
-#: sssd-ad.5.xml:161 sssd-ad.5.xml:299 sssd-ad.5.xml:313
+"is always fully-qualified even when using short names for input, for all "
+"users but the ones managed by the files provider.  In case the administrator "
+"wants the output not fully-qualified, the full_name_format option can be "
+"used as shown below: <quote>full_name_format=%1$s</quote> However, keep in "
+"mind that during login, login applications often canonicalize the username "
+"by calling <citerefentry> <refentrytitle>getpwnam</refentrytitle> "
+"<manvolnum>3</manvolnum> </citerefentry> which, if a shortname is returned "
+"for a qualified input (while trying to reach a user which exists in multiple "
+"domains) might re-route the login attempt into the domain which uses "
+"shortnames, making this workaround totally not recommended in cases where "
+"usernames may overlap between domains."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:588 sssd.conf.5.xml:1388 sssd.conf.5.xml:3049
+#: sssd-ad.5.xml:164 sssd-ad.5.xml:302 sssd-ad.5.xml:316
 msgid "Default: Not set"
 msgstr ""
 
@@ -849,12 +851,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:598
+#: sssd.conf.5.xml:599
 msgid "SERVICES SECTIONS"
 msgstr "RANNOÙ SERVIJOÙ"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:600
+#: sssd.conf.5.xml:601
 msgid ""
 "Settings that can be used to configure different services are described in "
 "this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -863,22 +865,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:607
+#: sssd.conf.5.xml:608
 msgid "General service configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:609
+#: sssd.conf.5.xml:610
 msgid "These options can be used to configure any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:626
+#: sssd.conf.5.xml:627
 msgid "fd_limit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:629
+#: sssd.conf.5.xml:630
 msgid ""
 "This option specifies the maximum number of file descriptors that may be "
 "opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -888,17 +890,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:638
+#: sssd.conf.5.xml:639
 msgid "Default: 8192 (or limits.conf \"hard\" limit)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:643
+#: sssd.conf.5.xml:644
 msgid "client_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:646
+#: sssd.conf.5.xml:647
 msgid ""
 "This option specifies the number of seconds that a client of an SSSD process "
 "can hold onto a file descriptor without communicating on it. This value is "
@@ -908,18 +910,18 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:655 sssd.conf.5.xml:687 sssd.conf.5.xml:968
-#: sssd.conf.5.xml:1229 sssd-ldap.5.xml:1412
+#: sssd.conf.5.xml:656 sssd.conf.5.xml:688 sssd.conf.5.xml:970
+#: sssd.conf.5.xml:1231 sssd-ldap.5.xml:1412
 msgid "Default: 60"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:660
+#: sssd.conf.5.xml:661
 msgid "offline_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:663
+#: sssd.conf.5.xml:664
 msgid ""
 "When SSSD switches to offline mode the amount of time before it tries to go "
 "back online will increase based upon the time spent disconnected.  This "
@@ -927,24 +929,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:670
+#: sssd.conf.5.xml:671
 msgid "offline_timeout + random_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:673
+#: sssd.conf.5.xml:674
 msgid ""
 "The random offset can increment up to 30 seconds.  After each unsuccessful "
 "attempt to go online, the new interval is recalculated by the following:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:678
+#: sssd.conf.5.xml:679
 msgid "new_interval = old_interval*2 + random_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:681
+#: sssd.conf.5.xml:682
 msgid ""
 "Note that the maximum length of each interval is currently limited to one "
 "hour. If the calculated length of new_interval is greater than an hour, it "
@@ -952,12 +954,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:692
+#: sssd.conf.5.xml:693
 msgid "responder_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:695
+#: sssd.conf.5.xml:696
 msgid ""
 "This option specifies the number of seconds that an SSSD responder process "
 "can be up without being used. This value is limited in order to avoid "
@@ -969,58 +971,58 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:709 sssd.conf.5.xml:981 sssd.conf.5.xml:1566
+#: sssd.conf.5.xml:710 sssd.conf.5.xml:983 sssd.conf.5.xml:1616
 #: sssd-ldap.5.xml:722
 msgid "Default: 300"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:714
+#: sssd.conf.5.xml:715
 msgid "cache_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:717
+#: sssd.conf.5.xml:718
 msgid ""
 "This option specifies whether the responder should query all caches before "
 "querying the Data Providers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:729
+#: sssd.conf.5.xml:730
 msgid "NSS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:731
+#: sssd.conf.5.xml:732
 msgid ""
 "These options can be used to configure the Name Service Switch (NSS) service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:736
+#: sssd.conf.5.xml:737
 msgid "enum_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:739
+#: sssd.conf.5.xml:740
 msgid ""
 "How many seconds should nss_sss cache enumerations (requests for info about "
 "all users)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:743
+#: sssd.conf.5.xml:744
 msgid "Default: 120"
 msgstr "Dre ziouer : 120"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:748
+#: sssd.conf.5.xml:749
 msgid "entry_cache_nowait_percentage (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:751
+#: sssd.conf.5.xml:752
 msgid ""
 "The entry cache can be set to automatically update entries in the background "
 "if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -1028,7 +1030,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:757
+#: sssd.conf.5.xml:758
 msgid ""
 "For example, if the domain's entry_cache_timeout is set to 30s and "
 "entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -1038,7 +1040,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:767
+#: sssd.conf.5.xml:768
 msgid ""
 "Valid values for this option are 0-99 and represent a percentage of the "
 "entry_cache_timeout for each domain. For performance reasons, this "
@@ -1047,17 +1049,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:775 sssd.conf.5.xml:1428
+#: sssd.conf.5.xml:776 sssd.conf.5.xml:1445
 msgid "Default: 50"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:780
+#: sssd.conf.5.xml:781
 msgid "entry_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:784
 msgid ""
 "Specifies for how many seconds nss_sss should cache negative cache hits "
 "(that is, queries for invalid database entries, like nonexistent ones)  "
@@ -1065,34 +1067,37 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:789 sssd.conf.5.xml:1452
+#: sssd.conf.5.xml:790 sssd.conf.5.xml:1469
 msgid "Default: 15"
 msgstr "Dre ziouer : 15"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:794
+#: sssd.conf.5.xml:795
 msgid "local_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:797
+#: sssd.conf.5.xml:798
 msgid ""
 "Specifies for how many seconds nss_sss should keep local users and groups in "
-"negative cache before trying to look it up in the back end again."
+"negative cache before trying to look it up in the back end again. Setting "
+"the option to 0 disables this feature."
 msgstr ""
 
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:802 sssd.conf.5.xml:1217 sssd.conf.5.xml:2846 sssd.8.xml:79
-msgid "Default: 0"
-msgstr "Dre ziouer : 0"
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:804
+#, fuzzy
+#| msgid "Default: 120"
+msgid "Default: 14400 (4 hours)"
+msgstr "Dre ziouer : 120"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:807
+#: sssd.conf.5.xml:809
 msgid "filter_users, filter_groups (string)"
 msgstr "filter_users, filter_groups (neudennad)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:810
+#: sssd.conf.5.xml:812
 msgid ""
 "Exclude certain users or groups from being fetched from the sss NSS "
 "database. This is particularly useful for system accounts. This option can "
@@ -1101,7 +1106,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:817
+#: sssd.conf.5.xml:819
 msgid ""
 "NOTE: The filter_groups option doesn't affect inheritance of nested group "
 "members, since filtering happens after they are propagated for returning via "
@@ -1110,41 +1115,41 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:825
+#: sssd.conf.5.xml:827
 msgid "Default: root"
 msgstr "Dre zoiuer : root"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:830
+#: sssd.conf.5.xml:832
 msgid "filter_users_in_groups (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:833
+#: sssd.conf.5.xml:835
 msgid ""
 "If you want filtered user still be group members set this option to false."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:844
+#: sssd.conf.5.xml:846
 msgid "fallback_homedir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:849
 msgid ""
 "Set a default template for a user's home directory if one is not specified "
 "explicitly by the domain's data provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:852
+#: sssd.conf.5.xml:854
 msgid ""
 "The available values for this option are the same as for override_homedir."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:858
+#: sssd.conf.5.xml:860
 #, no-wrap
 msgid ""
 "fallback_homedir = /home/%u\n"
@@ -1152,23 +1157,23 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:856 sssd.conf.5.xml:1296 sssd.conf.5.xml:1315
+#: sssd.conf.5.xml:858 sssd.conf.5.xml:1298 sssd.conf.5.xml:1317
 #: sssd-krb5.5.xml:539 include/override_homedir.xml:59
 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:862
+#: sssd.conf.5.xml:864
 msgid "Default: not set (no substitution for unset home directories)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:870
 msgid "override_shell (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:873
 msgid ""
 "Override the login shell for all users. This option supersedes any other "
 "shell options if it takes effect and can be set either in the [nss] section "
@@ -1176,47 +1181,47 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:877
+#: sssd.conf.5.xml:879
 msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:883
+#: sssd.conf.5.xml:885
 msgid "allowed_shells (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:886
+#: sssd.conf.5.xml:888
 msgid ""
 "Restrict user shell to one of the listed values. The order of evaluation is:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:889
+#: sssd.conf.5.xml:891
 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:895
 msgid ""
 "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
 "quote>, use the value of the shell_fallback parameter."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:898
+#: sssd.conf.5.xml:900
 msgid ""
 "3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
 "shells</quote>, a nologin shell is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:903
+#: sssd.conf.5.xml:905
 msgid "The wildcard (*) can be used to allow any shell."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:906
+#: sssd.conf.5.xml:908
 msgid ""
 "The (*) is useful if you want to use shell_fallback in case that user's "
 "shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -1224,112 +1229,112 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:913
+#: sssd.conf.5.xml:915
 msgid "An empty string for shell is passed as-is to libc."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:918
 msgid ""
 "The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
 "that a restart of the SSSD is required in case a new shell is installed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:920
+#: sssd.conf.5.xml:922
 msgid "Default: Not set. The user shell is automatically used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:925
+#: sssd.conf.5.xml:927
 msgid "vetoed_shells (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:928
+#: sssd.conf.5.xml:930
 msgid "Replace any instance of these shells with the shell_fallback"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:933
+#: sssd.conf.5.xml:935
 msgid "shell_fallback (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:936
+#: sssd.conf.5.xml:938
 msgid ""
 "The default shell to use if an allowed shell is not installed on the machine."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
+#: sssd.conf.5.xml:942
 msgid "Default: /bin/sh"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:945
+#: sssd.conf.5.xml:947
 msgid "default_shell"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:950
 msgid ""
 "The default shell to use if the provider does not return one during lookup. "
 "This option can be specified globally in the [nss] section or per-domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:956
 msgid ""
 "Default: not set (Return NULL if no shell is specified and rely on libc to "
 "substitute something sensible when necessary, usually /bin/sh)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:961 sssd.conf.5.xml:1222
+#: sssd.conf.5.xml:963 sssd.conf.5.xml:1224
 msgid "get_domains_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:964 sssd.conf.5.xml:1225
+#: sssd.conf.5.xml:966 sssd.conf.5.xml:1227
 msgid ""
 "Specifies time in seconds for which the list of subdomains will be "
 "considered valid."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:973
+#: sssd.conf.5.xml:975
 msgid "memcache_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:976
+#: sssd.conf.5.xml:978
 msgid ""
 "Specifies time in seconds for which records in the in-memory cache will be "
 "valid. Setting this option to zero will disable the in-memory cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:984
+#: sssd.conf.5.xml:986
 msgid ""
 "WARNING: Disabling the in-memory cache will have significant negative impact "
 "on SSSD's performance and should only be used for testing."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:990
+#: sssd.conf.5.xml:992
 msgid ""
 "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
 "client applications will not use the fast in-memory cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:998 sssd-ifp.5.xml:74
+#: sssd.conf.5.xml:1000 sssd-ifp.5.xml:74
 msgid "user_attributes (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1001
+#: sssd.conf.5.xml:1003
 msgid ""
 "Some of the additional NSS responder requests can return more attributes "
 "than just the POSIX ones defined by the NSS interface. The list of "
@@ -1340,96 +1345,96 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1014
+#: sssd.conf.5.xml:1016
 msgid ""
 "To make configuration more easy the NSS responder will check the InfoPipe "
 "option if it is not set for the NSS responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1019
+#: sssd.conf.5.xml:1021
 msgid "Default: not set, fallback to InfoPipe option"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1026
 msgid "pwfield (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1029
 msgid ""
 "The value that NSS operations that return users or groups will return for "
 "the <quote>password</quote> field."
 msgstr ""
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:1032 include/override_homedir.xml:56
+#: sssd.conf.5.xml:1034 include/override_homedir.xml:56
 msgid "This option can also be set per-domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1035
+#: sssd.conf.5.xml:1037
 msgid ""
 "Default: <quote>*</quote> (remote domains)  or <quote>x</quote> (the files "
 "domain)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1043
+#: sssd.conf.5.xml:1045
 msgid "PAM configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1047
 msgid ""
 "These options can be used to configure the Pluggable Authentication Module "
 "(PAM) service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1050
+#: sssd.conf.5.xml:1052
 msgid "offline_credentials_expiration (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1053
+#: sssd.conf.5.xml:1055
 msgid ""
 "If the authentication provider is offline, how long should we allow cached "
 "logins (in days since the last successful online login)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1058 sssd.conf.5.xml:1071
+#: sssd.conf.5.xml:1060 sssd.conf.5.xml:1073
 msgid "Default: 0 (No limit)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1064
+#: sssd.conf.5.xml:1066
 msgid "offline_failed_login_attempts (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1067
+#: sssd.conf.5.xml:1069
 msgid ""
 "If the authentication provider is offline, how many failed login attempts "
 "are allowed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1077
+#: sssd.conf.5.xml:1079
 msgid "offline_failed_login_delay (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1080
+#: sssd.conf.5.xml:1082
 msgid ""
 "The time in minutes which has to pass after offline_failed_login_attempts "
 "has been reached before a new login attempt is possible."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1085
+#: sssd.conf.5.xml:1087
 msgid ""
 "If set to 0 the user cannot authenticate offline if "
 "offline_failed_login_attempts has been reached. Only a successful online "
@@ -1437,59 +1442,59 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1091 sssd.conf.5.xml:1189
+#: sssd.conf.5.xml:1093 sssd.conf.5.xml:1191
 msgid "Default: 5"
 msgstr "Dre zoiuer : 5"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1097
+#: sssd.conf.5.xml:1099
 msgid "pam_verbosity (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1100
+#: sssd.conf.5.xml:1102
 msgid ""
 "Controls what kind of messages are shown to the user during authentication. "
 "The higher the number to more messages are displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1105
+#: sssd.conf.5.xml:1107
 msgid "Currently sssd supports the following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1108
+#: sssd.conf.5.xml:1110
 msgid "<emphasis>0</emphasis>: do not show any message"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1111
+#: sssd.conf.5.xml:1113
 msgid "<emphasis>1</emphasis>: show only important messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1115
+#: sssd.conf.5.xml:1117
 msgid "<emphasis>2</emphasis>: show informational messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1118
+#: sssd.conf.5.xml:1120
 msgid "<emphasis>3</emphasis>: show all messages and debug information"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1122 sssd.8.xml:63
+#: sssd.conf.5.xml:1124 sssd.8.xml:63
 msgid "Default: 1"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1128
+#: sssd.conf.5.xml:1130
 msgid "pam_response_filter (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1131
+#: sssd.conf.5.xml:1133
 msgid ""
 "A comma separated list of strings which allows to remove (filter) data sent "
 "by the PAM responder to pam_sss PAM module. There are different kind of "
@@ -1498,61 +1503,61 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1139
+#: sssd.conf.5.xml:1141
 msgid ""
 "While messages already can be controlled with the help of the pam_verbosity "
 "option this option allows to filter out other kind of responses as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1148
 msgid "ENV"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1147
+#: sssd.conf.5.xml:1149
 msgid "Do not send any environment variables to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1150
+#: sssd.conf.5.xml:1152
 msgid "ENV:var_name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1151
+#: sssd.conf.5.xml:1153
 msgid "Do not send environment variable var_name to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1155
+#: sssd.conf.5.xml:1157
 msgid "ENV:var_name:service"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1156
+#: sssd.conf.5.xml:1158
 msgid "Do not send environment variable var_name to service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1144
+#: sssd.conf.5.xml:1146
 msgid ""
 "Currently the following filters are supported: <placeholder type="
 "\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1166
+#: sssd.conf.5.xml:1168
 msgid "Example: ENV:KRB5CCNAME:sudo-i"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1174
 msgid "pam_id_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1175
+#: sssd.conf.5.xml:1177
 msgid ""
 "For any PAM request while SSSD is online, the SSSD will attempt to "
 "immediately update the cached identity information for the user in order to "
@@ -1560,7 +1565,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1181
+#: sssd.conf.5.xml:1183
 msgid ""
 "A complete PAM conversation may perform multiple PAM requests, such as "
 "account management and session opening. This option controls (on a per-"
@@ -1569,17 +1574,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1195
+#: sssd.conf.5.xml:1197
 msgid "pam_pwd_expiration_warning (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1198 sssd.conf.5.xml:2028
+#: sssd.conf.5.xml:1200 sssd.conf.5.xml:2078
 msgid "Display a warning N days before the password expires."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1201
+#: sssd.conf.5.xml:1203
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -1587,26 +1592,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1207 sssd.conf.5.xml:2031
+#: sssd.conf.5.xml:1209 sssd.conf.5.xml:2081
 msgid ""
 "If zero is set, then this filter is not applied, i.e. if the expiration "
 "warning was received from backend server, it will automatically be displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1212
+#: sssd.conf.5.xml:1214
 msgid ""
 "This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
 "emphasis> for a particular domain."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1219 sssd.conf.5.xml:2904 sssd.8.xml:79
+msgid "Default: 0"
+msgstr "Dre ziouer : 0"
+
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1234
+#: sssd.conf.5.xml:1236
 msgid "pam_trusted_users (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1237
+#: sssd.conf.5.xml:1239
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to run PAM conversations against trusted domains.  Users not "
@@ -1616,74 +1626,74 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1247
+#: sssd.conf.5.xml:1249
 msgid "Default: All users are considered trusted by default"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1251
+#: sssd.conf.5.xml:1253
 msgid ""
 "Please note that UID 0 is always allowed to access the PAM responder even in "
 "case it is not in the pam_trusted_users list."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1258
+#: sssd.conf.5.xml:1260
 msgid "pam_public_domains (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1261
+#: sssd.conf.5.xml:1263
 msgid ""
 "Specifies the comma-separated list of domain names that are accessible even "
 "to untrusted users."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1265
+#: sssd.conf.5.xml:1267
 msgid "Two special values for pam_public_domains option are defined:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1269
+#: sssd.conf.5.xml:1271
 msgid ""
 "all (Untrusted users are allowed to access all domains in PAM responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1273
+#: sssd.conf.5.xml:1275
 msgid ""
 "none (Untrusted users are not allowed to access any domains PAM in "
 "responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1277 sssd.conf.5.xml:1302 sssd.conf.5.xml:1321
-#: sssd.conf.5.xml:1825 sssd.conf.5.xml:2782 sssd-ldap.5.xml:1968
+#: sssd.conf.5.xml:1279 sssd.conf.5.xml:1304 sssd.conf.5.xml:1323
+#: sssd.conf.5.xml:1875 sssd.conf.5.xml:2840 sssd-ldap.5.xml:1968
 msgid "Default: none"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1282
+#: sssd.conf.5.xml:1284
 msgid "pam_account_expired_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1285
+#: sssd.conf.5.xml:1287
 msgid ""
 "Allows a custom expiration message to be set, replacing the default "
 "'Permission denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1290
+#: sssd.conf.5.xml:1292
 msgid ""
 "Note: Please be aware that message is only printed for the SSH service "
 "unless pam_verbosity is set to 3 (show all messages and debug information)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1298
+#: sssd.conf.5.xml:1300
 #, no-wrap
 msgid ""
 "pam_account_expired_message = Account expired, please contact help desk.\n"
@@ -1691,19 +1701,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1307
+#: sssd.conf.5.xml:1309
 msgid "pam_account_locked_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1310
+#: sssd.conf.5.xml:1312
 msgid ""
 "Allows a custom lockout message to be set, replacing the default 'Permission "
 "denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1317
+#: sssd.conf.5.xml:1319
 #, no-wrap
 msgid ""
 "pam_account_locked_message = Account locked, please contact help desk.\n"
@@ -1711,12 +1721,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1326
+#: sssd.conf.5.xml:1328
 msgid "pam_cert_auth (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1329
+#: sssd.conf.5.xml:1331
 msgid ""
 "Enable certificate based Smartcard authentication.  Since this requires "
 "additional communication with the Smartcard which will delay the "
@@ -1724,58 +1734,82 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1335 sssd.conf.5.xml:2875 sssd-ldap.5.xml:1087
+#: sssd.conf.5.xml:1337 sssd.conf.5.xml:2933 sssd-ldap.5.xml:1087
 #: sssd-ldap.5.xml:1114 sssd-ldap.5.xml:1514 sssd-ldap.5.xml:1535
 #: sssd-ldap.5.xml:2041 include/ldap_id_mapping.xml:244
 msgid "Default: False"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1340
+#: sssd.conf.5.xml:1342
 msgid "pam_cert_db_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1343
+#: sssd.conf.5.xml:1345
 msgid ""
 "The path to the certificate database which contain the PKCS#11 modules to "
 "access the Smartcard."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1347
-msgid "Default: /etc/pki/nssdb (NSS version)"
+#: sssd.conf.5.xml:1349 sssd.conf.5.xml:1534
+#, fuzzy
+#| msgid "Default: 3"
+msgid "Default:"
+msgstr "Dre ziouer : 3"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:1351 sssd.conf.5.xml:1536
+msgid "/etc/pki/nssdb (NSS version, path to a NSS database)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:1354 sssd.conf.5.xml:1539
+msgid ""
+"/etc/sssd/pki/sssd_auth_ca_db.pem (OpenSSL version, path to a file with "
+"trusted CA certificates in PEM format)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1361 sssd.conf.5.xml:1546
+msgid "This man page was generated for the NSS version."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1364 sssd.conf.5.xml:1549
+msgid "This man page was generated for the OpenSSL version."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1352
+#: sssd.conf.5.xml:1369
 msgid "p11_child_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1355
+#: sssd.conf.5.xml:1372
 msgid "How many seconds will pam_sss wait for p11_child to finish."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1364
+#: sssd.conf.5.xml:1381
 msgid "pam_app_services (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1367
+#: sssd.conf.5.xml:1384
 msgid ""
 "Which PAM services are permitted to contact domains of type "
 "<quote>application</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1380
+#: sssd.conf.5.xml:1397
 msgid "SUDO configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1382
+#: sssd.conf.5.xml:1399
 msgid ""
 "These options can be used to configure the sudo service.  The detailed "
 "instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -1786,24 +1820,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1399
+#: sssd.conf.5.xml:1416
 msgid "sudo_timed (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1402
+#: sssd.conf.5.xml:1419
 msgid ""
 "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
 "that implement time-dependent sudoers entries."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1414
+#: sssd.conf.5.xml:1431
 msgid "sudo_threshold (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1417
+#: sssd.conf.5.xml:1434
 msgid ""
 "Maximum number of expired rules that can be refreshed at once. If number of "
 "expired rules is below threshold, those rules are refreshed with "
@@ -1813,22 +1847,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1436
+#: sssd.conf.5.xml:1453
 msgid "AUTOFS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1438
+#: sssd.conf.5.xml:1455
 msgid "These options can be used to configure the autofs service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1442
+#: sssd.conf.5.xml:1459
 msgid "autofs_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1445
+#: sssd.conf.5.xml:1462
 msgid ""
 "Specifies for how many seconds should the autofs responder negative cache "
 "hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1836,68 +1870,77 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1461
+#: sssd.conf.5.xml:1478
 msgid "SSH configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1463
+#: sssd.conf.5.xml:1480
 msgid "These options can be used to configure the SSH service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1467
+#: sssd.conf.5.xml:1484
 msgid "ssh_hash_known_hosts (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1470
+#: sssd.conf.5.xml:1487
 msgid ""
 "Whether or not to hash host names and addresses in the managed known_hosts "
 "file."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1479
+#: sssd.conf.5.xml:1496
 msgid "ssh_known_hosts_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1482
+#: sssd.conf.5.xml:1499
 msgid ""
 "How many seconds to keep a host in the managed known_hosts file after its "
 "host keys were requested."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1486
+#: sssd.conf.5.xml:1503
 msgid "Default: 180"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1491
-msgid "ca_db (string)"
+#: sssd.conf.5.xml:1508
+msgid "ssh_use_certificate_keys (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1494
+#: sssd.conf.5.xml:1511
 msgid ""
-"Path to a storage of trusted CA certificates. The option is used to validate "
-"user certificates before deriving public ssh keys from them."
+"If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh "
+"keys derived from the public key of X.509 certificates stored in the user "
+"entry as well. See <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</"
+"refentrytitle> <manvolnum>1</manvolnum> </citerefentry> for details."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1526
+msgid "ca_db (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1499
-msgid "Default: /etc/pki/nssdb"
+#: sssd.conf.5.xml:1529
+msgid ""
+"Path to a storage of trusted CA certificates. The option is used to validate "
+"user certificates before deriving public ssh keys from them."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1507
+#: sssd.conf.5.xml:1557
 msgid "PAC responder configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1509
+#: sssd.conf.5.xml:1559
 msgid ""
 "The PAC responder works together with the authorization data plugin for MIT "
 "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -1908,7 +1951,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1518
+#: sssd.conf.5.xml:1568
 msgid ""
 "If the remote user does not exist in the cache, it is created. The UID is "
 "determined with the help of the SID, trusted domains will have UPGs and the "
@@ -1919,24 +1962,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1526
+#: sssd.conf.5.xml:1576
 msgid ""
 "If there are SIDs of groups from domains sssd knows about, the user will be "
 "added to those groups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1532
+#: sssd.conf.5.xml:1582
 msgid "These options can be used to configure the PAC responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1536 sssd-ifp.5.xml:50
+#: sssd.conf.5.xml:1586 sssd-ifp.5.xml:50
 msgid "allowed_uids (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1539
+#: sssd.conf.5.xml:1589
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -1944,12 +1987,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1545
+#: sssd.conf.5.xml:1595
 msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1549
+#: sssd.conf.5.xml:1599
 msgid ""
 "Please note that although the UID 0 is used as the default it will be "
 "overwritten with this option. If you still want to allow the root user to "
@@ -1958,24 +2001,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1558
+#: sssd.conf.5.xml:1608
 msgid "pac_lifetime (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1561
+#: sssd.conf.5.xml:1611
 msgid ""
 "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
 "data can be used to determine the group memberships of a user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1574
+#: sssd.conf.5.xml:1624
 msgid "Session recording configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1576
+#: sssd.conf.5.xml:1626
 msgid ""
 "Session recording works in conjunction with <citerefentry> "
 "<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </"
@@ -1985,72 +2028,66 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1589
+#: sssd.conf.5.xml:1639
 msgid "These options can be used to configure session recording."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1593 sssd-session-recording.5.xml:64
-#, fuzzy
-#| msgid "re_expression (string)"
+#: sssd.conf.5.xml:1643 sssd-session-recording.5.xml:64
 msgid "scope (string)"
-msgstr "re_expression (neudennad)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1600 sssd-session-recording.5.xml:71
+#: sssd.conf.5.xml:1650 sssd-session-recording.5.xml:71
 msgid "\"none\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1603 sssd-session-recording.5.xml:74
+#: sssd.conf.5.xml:1653 sssd-session-recording.5.xml:74
 msgid "No users are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1608 sssd-session-recording.5.xml:79
+#: sssd.conf.5.xml:1658 sssd-session-recording.5.xml:79
 msgid "\"some\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1611 sssd-session-recording.5.xml:82
+#: sssd.conf.5.xml:1661 sssd-session-recording.5.xml:82
 msgid ""
 "Users/groups specified by <replaceable>users</replaceable> and "
 "<replaceable>groups</replaceable> options are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1620 sssd-session-recording.5.xml:91
+#: sssd.conf.5.xml:1670 sssd-session-recording.5.xml:91
 msgid "\"all\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1623 sssd-session-recording.5.xml:94
+#: sssd.conf.5.xml:1673 sssd-session-recording.5.xml:94
 msgid "All users are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1596 sssd-session-recording.5.xml:67
+#: sssd.conf.5.xml:1646 sssd-session-recording.5.xml:67
 msgid ""
 "One of the following strings specifying the scope of session recording: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1630 sssd-session-recording.5.xml:101
-#, fuzzy
-#| msgid "Default: 3"
+#: sssd.conf.5.xml:1680 sssd-session-recording.5.xml:101
 msgid "Default: \"none\""
-msgstr "Dre ziouer : 3"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1635 sssd-session-recording.5.xml:106
-#, fuzzy
-#| msgid "re_expression (string)"
+#: sssd.conf.5.xml:1685 sssd-session-recording.5.xml:106
 msgid "users (string)"
-msgstr "re_expression (neudennad)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1638 sssd-session-recording.5.xml:109
+#: sssd.conf.5.xml:1688 sssd-session-recording.5.xml:109
 msgid ""
 "A comma-separated list of users which should have session recording enabled. "
 "Matches user names as returned by NSS. I.e. after the possible space "
@@ -2058,19 +2095,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1644 sssd-session-recording.5.xml:115
+#: sssd.conf.5.xml:1694 sssd-session-recording.5.xml:115
 msgid "Default: Empty. Matches no users."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1649 sssd-session-recording.5.xml:120
-#, fuzzy
-#| msgid "re_expression (string)"
+#: sssd.conf.5.xml:1699 sssd-session-recording.5.xml:120
 msgid "groups (string)"
-msgstr "re_expression (neudennad)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1652 sssd-session-recording.5.xml:123
+#: sssd.conf.5.xml:1702 sssd-session-recording.5.xml:123
 msgid ""
 "A comma-separated list of groups, members of which should have session "
 "recording enabled. Matches group names as returned by NSS. I.e. after the "
@@ -2078,7 +2113,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1658 sssd-session-recording.5.xml:129
+#: sssd.conf.5.xml:1708 sssd-session-recording.5.xml:129
 msgid ""
 "NOTE: using this option (having it set to anything) has a considerable "
 "performance cost, because each uncached request for a user requires "
@@ -2086,22 +2121,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1665 sssd-session-recording.5.xml:136
+#: sssd.conf.5.xml:1715 sssd-session-recording.5.xml:136
 msgid "Default: Empty. Matches no groups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1675
+#: sssd.conf.5.xml:1725
 msgid "DOMAIN SECTIONS"
 msgstr "RANNOÙ DOMANI"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1682
+#: sssd.conf.5.xml:1732
 msgid "domain_type (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1685
+#: sssd.conf.5.xml:1735
 msgid ""
 "Specifies whether the domain is meant to be used by POSIX-aware clients such "
 "as the Name Service Switch or by applications that do not need POSIX data to "
@@ -2110,14 +2145,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1693
+#: sssd.conf.5.xml:1743
 msgid ""
 "Allowed values for this option are <quote>posix</quote> and "
 "<quote>application</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1697
+#: sssd.conf.5.xml:1747
 msgid ""
 "POSIX domains are reachable by all services. Application domains are only "
 "reachable from the InfoPipe responder (see <citerefentry> "
@@ -2126,38 +2161,38 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1705
+#: sssd.conf.5.xml:1755
 msgid ""
 "NOTE: The application domains are currently well tested with "
 "<quote>id_provider=ldap</quote> only."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1709
+#: sssd.conf.5.xml:1759
 msgid ""
 "For an easy way to configure a non-POSIX domains, please see the "
 "<quote>Application domains</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1713
+#: sssd.conf.5.xml:1763
 msgid "Default: posix"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1719
+#: sssd.conf.5.xml:1769
 msgid "min_id,max_id (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1722
+#: sssd.conf.5.xml:1772
 msgid ""
 "UID and GID limits for the domain. If a domain contains an entry that is "
 "outside these limits, it is ignored."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1727
+#: sssd.conf.5.xml:1777
 msgid ""
 "For users, this affects the primary GID limit. The user will not be returned "
 "to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -2166,24 +2201,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1734
+#: sssd.conf.5.xml:1784
 msgid ""
 "These ID limits affect even saving entries to cache, not only returning them "
 "by name or ID."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1738
+#: sssd.conf.5.xml:1788
 msgid "Default: 1 for min_id, 0 (no limit) for max_id"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1744
+#: sssd.conf.5.xml:1794
 msgid "enumerate (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1747
+#: sssd.conf.5.xml:1797
 msgid ""
 "Determines if a domain can be enumerated, that is, whether the domain can "
 "list all the users and group it contains. Note that it is not required to "
@@ -2192,29 +2227,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1755
+#: sssd.conf.5.xml:1805
 msgid "TRUE = Users and groups are enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1758
+#: sssd.conf.5.xml:1808
 msgid "FALSE = No enumerations for this domain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1761 sssd.conf.5.xml:1983 sssd.conf.5.xml:2150
+#: sssd.conf.5.xml:1811 sssd.conf.5.xml:2033 sssd.conf.5.xml:2208
 msgid "Default: FALSE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1764
+#: sssd.conf.5.xml:1814
 msgid ""
 "Enumerating a domain requires SSSD to download and store ALL user and group "
 "entries from the remote server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1769
+#: sssd.conf.5.xml:1819
 msgid ""
 "Note: Enabling enumeration has a moderate performance impact on SSSD while "
 "enumeration is running. It may take up to several minutes after SSSD startup "
@@ -2228,14 +2263,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1784
+#: sssd.conf.5.xml:1834
 msgid ""
 "While the first enumeration is running, requests for the complete user or "
 "group lists may return no results until it completes."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1789
+#: sssd.conf.5.xml:1839
 msgid ""
 "Further, enabling enumeration may increase the time necessary to detect "
 "network disconnection, as longer timeouts are required to ensure that "
@@ -2244,39 +2279,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1797
+#: sssd.conf.5.xml:1847
 msgid ""
 "For the reasons cited above, enabling enumeration is not recommended, "
 "especially in large environments."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1805
+#: sssd.conf.5.xml:1855
 msgid "subdomain_enumerate (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1812
+#: sssd.conf.5.xml:1862
 msgid "all"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1813
+#: sssd.conf.5.xml:1863
 msgid "All discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1816
+#: sssd.conf.5.xml:1866
 msgid "none"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1817
+#: sssd.conf.5.xml:1867
 msgid "No discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1808
+#: sssd.conf.5.xml:1858
 msgid ""
 "Whether any of autodetected trusted domains should be enumerated. The "
 "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -2285,19 +2320,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1831
+#: sssd.conf.5.xml:1881
 msgid "entry_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1834
+#: sssd.conf.5.xml:1884
 msgid ""
 "How many seconds should nss_sss consider entries valid before asking the "
 "backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1838
+#: sssd.conf.5.xml:1888
 msgid ""
 "The cache expiration timestamps are stored as attributes of individual "
 "objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -2308,151 +2343,151 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1851
+#: sssd.conf.5.xml:1901
 msgid "Default: 5400"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1857
+#: sssd.conf.5.xml:1907
 msgid "entry_cache_user_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1860
+#: sssd.conf.5.xml:1910
 msgid ""
 "How many seconds should nss_sss consider user entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1864 sssd.conf.5.xml:1877 sssd.conf.5.xml:1890
-#: sssd.conf.5.xml:1903 sssd.conf.5.xml:1916 sssd.conf.5.xml:1930
-#: sssd.conf.5.xml:1944
+#: sssd.conf.5.xml:1914 sssd.conf.5.xml:1927 sssd.conf.5.xml:1940
+#: sssd.conf.5.xml:1953 sssd.conf.5.xml:1966 sssd.conf.5.xml:1980
+#: sssd.conf.5.xml:1994
 msgid "Default: entry_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1870
+#: sssd.conf.5.xml:1920
 msgid "entry_cache_group_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1873
+#: sssd.conf.5.xml:1923
 msgid ""
 "How many seconds should nss_sss consider group entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1883
+#: sssd.conf.5.xml:1933
 msgid "entry_cache_netgroup_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1886
+#: sssd.conf.5.xml:1936
 msgid ""
 "How many seconds should nss_sss consider netgroup entries valid before "
 "asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1896
+#: sssd.conf.5.xml:1946
 msgid "entry_cache_service_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1899
+#: sssd.conf.5.xml:1949
 msgid ""
 "How many seconds should nss_sss consider service entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1909
+#: sssd.conf.5.xml:1959
 msgid "entry_cache_sudo_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:1962
 msgid ""
 "How many seconds should sudo consider rules valid before asking the backend "
 "again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1922
+#: sssd.conf.5.xml:1972
 msgid "entry_cache_autofs_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1925
+#: sssd.conf.5.xml:1975
 msgid ""
 "How many seconds should the autofs service consider automounter maps valid "
 "before asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1936
+#: sssd.conf.5.xml:1986
 msgid "entry_cache_ssh_host_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1939
+#: sssd.conf.5.xml:1989
 msgid ""
 "How many seconds to keep a host ssh key after refresh. IE how long to cache "
 "the host key for."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1950
+#: sssd.conf.5.xml:2000
 msgid "refresh_expired_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1953
+#: sssd.conf.5.xml:2003
 msgid ""
 "Specifies how many seconds SSSD has to wait before triggering a background "
 "refresh task which will refresh all expired or nearly expired records."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1958
+#: sssd.conf.5.xml:2008
 msgid ""
 "The background refresh will process users, groups and netgroups in the cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1962
+#: sssd.conf.5.xml:2012
 msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1966 sssd-ldap.5.xml:746 sssd-ipa.5.xml:254
+#: sssd.conf.5.xml:2016 sssd-ldap.5.xml:746 sssd-ipa.5.xml:254
 msgid "Default: 0 (disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1972
+#: sssd.conf.5.xml:2022
 msgid "cache_credentials (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1975
+#: sssd.conf.5.xml:2025
 msgid "Determines if user credentials are also cached in the local LDB cache"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1979
+#: sssd.conf.5.xml:2029
 msgid "User credentials are stored in a SHA512 hash, not in plaintext"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1989
+#: sssd.conf.5.xml:2039
 msgid "cache_credentials_minimal_first_factor_length (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1992
+#: sssd.conf.5.xml:2042
 msgid ""
 "If 2-Factor-Authentication (2FA) is used and credentials should be saved "
 "this value determines the minimal length the first authentication factor "
@@ -2460,24 +2495,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1999
+#: sssd.conf.5.xml:2049
 msgid ""
 "This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
 "the cache which would make them easy targets for brute-force attacks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2004
+#: sssd.conf.5.xml:2054
 msgid "Default: 8"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2010
+#: sssd.conf.5.xml:2060
 msgid "account_cache_expiration (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2013
+#: sssd.conf.5.xml:2063
 msgid ""
 "Number of days entries are left in cache after last successful login before "
 "being removed during a cleanup of the cache. 0 means keep forever.  The "
@@ -2486,17 +2521,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2020
+#: sssd.conf.5.xml:2070
 msgid "Default: 0 (unlimited)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2025
+#: sssd.conf.5.xml:2075
 msgid "pwd_expiration_warning (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2036
+#: sssd.conf.5.xml:2086
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -2505,33 +2540,42 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2043
+#: sssd.conf.5.xml:2093
 msgid "Default: 7 (Kerberos), 0 (LDAP)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2049
+#: sssd.conf.5.xml:2099
 msgid "id_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2052
+#: sssd.conf.5.xml:2102
 msgid ""
 "The identification provider used for the domain.  Supported ID providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2056
-msgid "<quote>proxy</quote>: Support a legacy NSS provider"
+#: sssd.conf.5.xml:2106
+msgid "<quote>proxy</quote>: Support a legacy NSS provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2059 sssd.conf.5.xml:2196
-msgid "<quote>local</quote>: SSSD internal provider for local users"
+#: sssd.conf.5.xml:2109
+msgid ""
+"<quote>local</quote>: SSSD internal provider for local users (DEPRECATED)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2063
+#: sssd.conf.5.xml:2113
+msgid ""
+"<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-"
+"files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
+"information on how to mirror local users and groups into SSSD."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2121
 msgid ""
 "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
 "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -2539,8 +2583,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2071 sssd.conf.5.xml:2176 sssd.conf.5.xml:2231
-#: sssd.conf.5.xml:2294
+#: sssd.conf.5.xml:2129 sssd.conf.5.xml:2234 sssd.conf.5.xml:2289
+#: sssd.conf.5.xml:2352
 msgid ""
 "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
 "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -2549,8 +2593,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2080 sssd.conf.5.xml:2185 sssd.conf.5.xml:2240
-#: sssd.conf.5.xml:2303
+#: sssd.conf.5.xml:2138 sssd.conf.5.xml:2243 sssd.conf.5.xml:2298
+#: sssd.conf.5.xml:2361
 msgid ""
 "<quote>ad</quote>: Active Directory provider. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2558,19 +2602,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2091
+#: sssd.conf.5.xml:2149
 msgid "use_fully_qualified_names (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2094
+#: sssd.conf.5.xml:2152
 msgid ""
 "Use the full name and domain (as formatted by the domain's full_name_format) "
 "as the user's login name reported to NSS."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2099
+#: sssd.conf.5.xml:2157
 msgid ""
 "If set to TRUE, all requests to this domain must use fully qualified names. "
 "For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -2579,7 +2623,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2107
+#: sssd.conf.5.xml:2165
 msgid ""
 "NOTE: This option has no effect on netgroup lookups due to their tendency to "
 "include nested netgroups without qualified names. For netgroups, all domains "
@@ -2587,22 +2631,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2114
+#: sssd.conf.5.xml:2172
 msgid "Default: FALSE (TRUE if default_domain_suffix is used)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2120
+#: sssd.conf.5.xml:2178
 msgid "ignore_group_members (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2123
+#: sssd.conf.5.xml:2181
 msgid "Do not return group members for group lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2126
+#: sssd.conf.5.xml:2184
 msgid ""
 "If set to TRUE, the group membership attribute is not requested from the "
 "ldap server, and group members are not returned when processing group lookup "
@@ -2614,7 +2658,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2144
+#: sssd.conf.5.xml:2202
 msgid ""
 "Enabling this option can also make access provider checks for group "
 "membership significantly faster, especially for groups containing many "
@@ -2622,19 +2666,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2155
+#: sssd.conf.5.xml:2213
 msgid "auth_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2158
+#: sssd.conf.5.xml:2216
 msgid ""
 "The authentication provider used for the domain.  Supported auth providers "
 "are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2162 sssd.conf.5.xml:2224
+#: sssd.conf.5.xml:2220 sssd.conf.5.xml:2282
 msgid ""
 "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2642,7 +2686,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2169
+#: sssd.conf.5.xml:2227
 msgid ""
 "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2650,30 +2694,35 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2193
+#: sssd.conf.5.xml:2251
 msgid ""
 "<quote>proxy</quote> for relaying authentication to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2200
+#: sssd.conf.5.xml:2254
+msgid "<quote>local</quote>: SSSD internal provider for local users"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2258
 msgid "<quote>none</quote> disables authentication explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2203
+#: sssd.conf.5.xml:2261
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "authentication requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2209
+#: sssd.conf.5.xml:2267
 msgid "access_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2212
+#: sssd.conf.5.xml:2270
 msgid ""
 "The access control provider used for the domain.  There are two built-in "
 "access providers (in addition to any included in installed backends)  "
@@ -2681,19 +2730,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2218
+#: sssd.conf.5.xml:2276
 msgid ""
 "<quote>permit</quote> always allow access. It's the only permitted access "
 "provider for a local domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2221
+#: sssd.conf.5.xml:2279
 msgid "<quote>deny</quote> always deny access."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2248
+#: sssd.conf.5.xml:2306
 msgid ""
 "<quote>simple</quote> access control based on access or deny lists. See "
 "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -2702,7 +2751,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2255
+#: sssd.conf.5.xml:2313
 msgid ""
 "<quote>krb5</quote>: .k5login based access control.  See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
@@ -2710,29 +2759,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2262
+#: sssd.conf.5.xml:2320
 msgid "<quote>proxy</quote> for relaying access control to another PAM module."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2265
+#: sssd.conf.5.xml:2323
 msgid "Default: <quote>permit</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2270
+#: sssd.conf.5.xml:2328
 msgid "chpass_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2273
+#: sssd.conf.5.xml:2331
 msgid ""
 "The provider which should handle change password operations for the domain.  "
 "Supported change password providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2278
+#: sssd.conf.5.xml:2336
 msgid ""
 "<quote>ldap</quote> to change a password stored in a LDAP server. See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -2740,7 +2789,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2286
+#: sssd.conf.5.xml:2344
 msgid ""
 "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2748,35 +2797,35 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2311
+#: sssd.conf.5.xml:2369
 msgid ""
 "<quote>proxy</quote> for relaying password changes to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2315
+#: sssd.conf.5.xml:2373
 msgid "<quote>none</quote> disallows password changes explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2318
+#: sssd.conf.5.xml:2376
 msgid ""
 "Default: <quote>auth_provider</quote> is used if it is set and can handle "
 "change password requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2325
+#: sssd.conf.5.xml:2383
 msgid "sudo_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2328
+#: sssd.conf.5.xml:2386
 msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2332
+#: sssd.conf.5.xml:2390
 msgid ""
 "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2784,32 +2833,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2340
+#: sssd.conf.5.xml:2398
 msgid ""
 "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2344
+#: sssd.conf.5.xml:2402
 msgid ""
 "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2348
+#: sssd.conf.5.xml:2406
 msgid "<quote>none</quote> disables SUDO explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2351 sssd.conf.5.xml:2437 sssd.conf.5.xml:2507
-#: sssd.conf.5.xml:2532
+#: sssd.conf.5.xml:2409 sssd.conf.5.xml:2495 sssd.conf.5.xml:2565
+#: sssd.conf.5.xml:2590
 msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2355
+#: sssd.conf.5.xml:2413
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -2820,7 +2869,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2370
+#: sssd.conf.5.xml:2428
 msgid ""
 "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the "
 "background unless the sudo provider is explicitly disabled. Set "
@@ -2829,12 +2878,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2380
+#: sssd.conf.5.xml:2438
 msgid "selinux_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2383
+#: sssd.conf.5.xml:2441
 msgid ""
 "The provider which should handle loading of selinux settings. Note that this "
 "provider will be called right after access provider ends.  Supported selinux "
@@ -2842,7 +2891,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2389
+#: sssd.conf.5.xml:2447
 msgid ""
 "<quote>ipa</quote> to load selinux settings from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2850,31 +2899,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2397
+#: sssd.conf.5.xml:2455
 msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2400
+#: sssd.conf.5.xml:2458
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "selinux loading requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2406
+#: sssd.conf.5.xml:2464
 msgid "subdomains_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2409
+#: sssd.conf.5.xml:2467
 msgid ""
 "The provider which should handle fetching of subdomains. This value should "
 "be always the same as id_provider.  Supported subdomain providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2415
+#: sssd.conf.5.xml:2473
 msgid ""
 "<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2882,7 +2931,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2424
+#: sssd.conf.5.xml:2482
 msgid ""
 "<quote>ad</quote> to load a list of subdomains from an Active Directory "
 "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -2891,19 +2940,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2433
+#: sssd.conf.5.xml:2491
 msgid "<quote>none</quote> disallows fetching subdomains explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2443
-#, fuzzy
-#| msgid "re_expression (string)"
+#: sssd.conf.5.xml:2501
 msgid "session_provider (string)"
-msgstr "re_expression (neudennad)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2446
+#: sssd.conf.5.xml:2504
 msgid ""
 "The provider which configures and manages user session related tasks. The "
 "only user session task currently provided is the integration with Fleet "
@@ -2911,43 +2958,43 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2453
+#: sssd.conf.5.xml:2511
 msgid "<quote>ipa</quote> to allow performing user session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2457
+#: sssd.conf.5.xml:2515
 msgid ""
 "<quote>none</quote> does not perform any kind of user session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2461
+#: sssd.conf.5.xml:2519
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can perform "
 "session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2465
+#: sssd.conf.5.xml:2523
 msgid ""
 "<emphasis>NOTE:</emphasis> In order to have this feature working as expected "
 "SSSD must be running as \"root\" and not as the unprivileged user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2473
+#: sssd.conf.5.xml:2531
 msgid "autofs_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2476
+#: sssd.conf.5.xml:2534
 msgid ""
 "The autofs provider used for the domain.  Supported autofs providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2480
+#: sssd.conf.5.xml:2538
 msgid ""
 "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2955,7 +3002,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2487
+#: sssd.conf.5.xml:2545
 msgid ""
 "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
 "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2963,7 +3010,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2495
+#: sssd.conf.5.xml:2553
 msgid ""
 "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2971,24 +3018,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2504
+#: sssd.conf.5.xml:2562
 msgid "<quote>none</quote> disables autofs explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2514
+#: sssd.conf.5.xml:2572
 msgid "hostid_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2517
+#: sssd.conf.5.xml:2575
 msgid ""
 "The provider used for retrieving host identity information.  Supported "
 "hostid providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2521
+#: sssd.conf.5.xml:2579
 msgid ""
 "<quote>ipa</quote> to load host identity stored in an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2996,12 +3043,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2529
+#: sssd.conf.5.xml:2587
 msgid "<quote>none</quote> disables hostid explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2542
+#: sssd.conf.5.xml:2600
 msgid ""
 "Regular expression for this domain that describes how to parse the string "
 "containing user name and domain into these components.  The \"domain\" can "
@@ -3011,7 +3058,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2551
+#: sssd.conf.5.xml:2609
 msgid ""
 "Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
 "\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -3020,29 +3067,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2556
+#: sssd.conf.5.xml:2614
 msgid "username"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2559
+#: sssd.conf.5.xml:2617
 msgid "username@domain.name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2562
+#: sssd.conf.5.xml:2620
 msgid "domain\\username"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2565
+#: sssd.conf.5.xml:2623
 msgid ""
 "While the first two correspond to the general default the third one is "
 "introduced to allow easy integration of users from Windows domains."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2570
+#: sssd.conf.5.xml:2628
 msgid ""
 "Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
 "which translates to \"the name is everything up to the <quote>@</quote> "
@@ -3050,7 +3097,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2576
+#: sssd.conf.5.xml:2634
 msgid ""
 "PLEASE NOTE: the support for non-unique named subpatterns is not available "
 "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -3058,66 +3105,66 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2583
+#: sssd.conf.5.xml:2641
 msgid ""
 "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
 "P&lt;name&gt;) to label subpatterns."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2630
+#: sssd.conf.5.xml:2688
 msgid "Default: <quote>%1$s@%2$s</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2636
+#: sssd.conf.5.xml:2694
 msgid "lookup_family_order (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2639
+#: sssd.conf.5.xml:2697
 msgid ""
 "Provides the ability to select preferred address family to use when "
 "performing DNS lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2643
+#: sssd.conf.5.xml:2701
 msgid "Supported values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2646
+#: sssd.conf.5.xml:2704
 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2649
+#: sssd.conf.5.xml:2707
 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2652
+#: sssd.conf.5.xml:2710
 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2655
+#: sssd.conf.5.xml:2713
 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2658
+#: sssd.conf.5.xml:2716
 msgid "Default: ipv4_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2664
+#: sssd.conf.5.xml:2722
 msgid "dns_resolver_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2667
+#: sssd.conf.5.xml:2725
 msgid ""
 "Defines the amount of time (in seconds) to wait for a reply from the "
 "internal fail over service before assuming that the service is unreachable. "
@@ -3126,77 +3173,77 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2674
+#: sssd.conf.5.xml:2732
 msgid ""
 "Please see the section <quote>FAILOVER</quote> for more information about "
 "the service resolution."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2679 sssd-ldap.5.xml:1396 sssd-ldap.5.xml:1438
+#: sssd.conf.5.xml:2737 sssd-ldap.5.xml:1396 sssd-ldap.5.xml:1438
 #: sssd-ldap.5.xml:1456 sssd-krb5.5.xml:248
 msgid "Default: 6"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2685
+#: sssd.conf.5.xml:2743
 msgid "dns_discovery_domain (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2688
+#: sssd.conf.5.xml:2746
 msgid ""
 "If service discovery is used in the back end, specifies the domain part of "
 "the service discovery DNS query."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2692
+#: sssd.conf.5.xml:2750
 msgid "Default: Use the domain part of machine's hostname"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2698
+#: sssd.conf.5.xml:2756
 msgid "override_gid (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2701
+#: sssd.conf.5.xml:2759
 msgid "Override the primary GID value with the one specified."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2707
+#: sssd.conf.5.xml:2765
 msgid "case_sensitive (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2715
+#: sssd.conf.5.xml:2773
 msgid "True"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2718
+#: sssd.conf.5.xml:2776
 msgid "Case sensitive. This value is invalid for AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2724
+#: sssd.conf.5.xml:2782
 msgid "False"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2726
+#: sssd.conf.5.xml:2784
 msgid "Case insensitive."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2730
+#: sssd.conf.5.xml:2788
 msgid "Preserving"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2733
+#: sssd.conf.5.xml:2791
 msgid ""
 "Same as False (case insensitive), but does not lowercase names in the result "
 "of NSS operations. Note that name aliases (and in case of services also "
@@ -3204,7 +3251,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2710
+#: sssd.conf.5.xml:2768
 msgid ""
 "Treat user and group names as case sensitive. At the moment, this option is "
 "not supported in the local provider. Possible option values are: "
@@ -3212,17 +3259,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2745
+#: sssd.conf.5.xml:2803
 msgid "Default: True (False for AD provider)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2751
+#: sssd.conf.5.xml:2809
 msgid "subdomain_inherit (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2754
+#: sssd.conf.5.xml:2812
 msgid ""
 "Specifies a list of configuration parameters that should be inherited by a "
 "subdomain. Please note that only selected parameters can be inherited.  "
@@ -3230,34 +3277,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2760
+#: sssd.conf.5.xml:2818
 msgid "ignore_group_members"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2763
+#: sssd.conf.5.xml:2821
 msgid "ldap_purge_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2766 sssd-ldap.5.xml:1120
+#: sssd.conf.5.xml:2824 sssd-ldap.5.xml:1120
 msgid "ldap_use_tokengroups"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2769
+#: sssd.conf.5.xml:2827
 msgid "ldap_user_principal"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2772
+#: sssd.conf.5.xml:2830
 msgid ""
 "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
 "is not set explicitly)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:2778
+#: sssd.conf.5.xml:2836
 #, no-wrap
 msgid ""
 "subdomain_inherit = ldap_purge_cache_timeout\n"
@@ -3265,32 +3312,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2776 sssd-secrets.5.xml:448
+#: sssd.conf.5.xml:2834 sssd-secrets.5.xml:448
 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2785
+#: sssd.conf.5.xml:2843
 msgid "Note: This option only works with the IPA and AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2792
+#: sssd.conf.5.xml:2850
 msgid "subdomain_homedir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2803
+#: sssd.conf.5.xml:2861
 msgid "%F"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2804
+#: sssd.conf.5.xml:2862
 msgid "flat (NetBIOS) name of a subdomain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2795
+#: sssd.conf.5.xml:2853
 msgid ""
 "Use this homedir as default value for all subdomains within this domain in "
 "IPA AD trust.  See <emphasis>override_homedir</emphasis> for info about "
@@ -3300,34 +3347,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2809
+#: sssd.conf.5.xml:2867
 msgid ""
 "The value can be overridden by <emphasis>override_homedir</emphasis> option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2813
+#: sssd.conf.5.xml:2871
 msgid "Default: <filename>/home/%d/%u</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2818
+#: sssd.conf.5.xml:2876
 msgid "realmd_tags (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2821
+#: sssd.conf.5.xml:2879
 msgid ""
 "Various tags stored by the realmd configuration service for this domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2827
+#: sssd.conf.5.xml:2885
 msgid "cached_auth_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2830
+#: sssd.conf.5.xml:2888
 msgid ""
 "Specifies time in seconds since last successful online authentication for "
 "which user will be authenticated using cached credentials while SSSD is in "
@@ -3335,12 +3382,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2836
+#: sssd.conf.5.xml:2894
 msgid "Special value 0 implies that this feature is disabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2840
+#: sssd.conf.5.xml:2898
 msgid ""
 "Please note that if <quote>cached_auth_timeout</quote> is longer than "
 "<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -3348,28 +3395,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2851
-#, fuzzy
-#| msgid "filter_users, filter_groups (string)"
+#: sssd.conf.5.xml:2909
 msgid "auto_private_groups (string)"
-msgstr "filter_users, filter_groups (neudennad)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2854
+#: sssd.conf.5.xml:2912
 msgid ""
 "If this option is enabled, SSSD will automatically create user private "
 "groups based on user's UID number. The GID number is ignored in this case."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2859
+#: sssd.conf.5.xml:2917
 msgid ""
 "For POSIX subdomains, setting the option in the main domain is inherited in "
 "the subdomain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2863
+#: sssd.conf.5.xml:2921
 msgid ""
 "For ID-mapping subdomains, auto_private_groups is already enabled for the "
 "subdomains and setting it to false will not have any effect for the "
@@ -3377,7 +3422,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2868
+#: sssd.conf.5.xml:2926
 msgid ""
 "NOTE: Because the GID number and the user private group are inferred from "
 "the UID number, it is not supported to have multiple entries with the same "
@@ -3386,7 +3431,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1677
+#: sssd.conf.5.xml:1727
 msgid ""
 "These configuration options can be present in a domain configuration "
 "section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -3394,29 +3439,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2887
+#: sssd.conf.5.xml:2945
 msgid "proxy_pam_target (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2890
+#: sssd.conf.5.xml:2948
 msgid "The proxy target PAM proxies to."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2893
+#: sssd.conf.5.xml:2951
 msgid ""
 "Default: not set by default, you have to take an existing pam configuration "
 "or create a new one and add the service name here."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2901
+#: sssd.conf.5.xml:2959
 msgid "proxy_lib_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2904
+#: sssd.conf.5.xml:2962
 msgid ""
 "The name of the NSS library to use in proxy domains. The NSS functions "
 "searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -3424,12 +3469,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2914
+#: sssd.conf.5.xml:2972
 msgid "proxy_fast_alias (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2917
+#: sssd.conf.5.xml:2975
 msgid ""
 "When a user or group is looked up by name in the proxy provider, a second "
 "lookup by ID is performed to \"canonicalize\" the name in case the requested "
@@ -3438,12 +3483,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2931
+#: sssd.conf.5.xml:2989
 msgid "proxy_max_children (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2934
+#: sssd.conf.5.xml:2992
 msgid ""
 "This option specifies the number of pre-forked proxy children. It is useful "
 "for high-load SSSD environments where sssd may run out of available child "
@@ -3451,19 +3496,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2883
+#: sssd.conf.5.xml:2941
 msgid ""
 "Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
 "\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2950
+#: sssd.conf.5.xml:3008
 msgid "Application domains"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2952
+#: sssd.conf.5.xml:3010
 msgid ""
 "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</"
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to "
@@ -3480,7 +3525,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2972
+#: sssd.conf.5.xml:3030
 msgid ""
 "Please note that the application domain must still be explicitly enabled in "
 "the <quote>domains</quote> parameter so that the lookup order between the "
@@ -3488,17 +3533,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:2978
+#: sssd.conf.5.xml:3036
 msgid "Application domain parameters"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2980
+#: sssd.conf.5.xml:3038
 msgid "inherit_from (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2983
+#: sssd.conf.5.xml:3041
 msgid ""
 "The SSSD POSIX-type domain the application domain inherits all settings "
 "from. The application domain can moreover add its own settings to the "
@@ -3507,7 +3552,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2997
+#: sssd.conf.5.xml:3055
 msgid ""
 "The following example illustrates the use of an application domain. In this "
 "setup, the POSIX domain is connected to an LDAP server and is used by the OS "
@@ -3517,7 +3562,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting>
-#: sssd.conf.5.xml:3005
+#: sssd.conf.5.xml:3063
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -3537,12 +3582,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:3023
+#: sssd.conf.5.xml:3081
 msgid "The local domain section"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:3025
+#: sssd.conf.5.xml:3083
 msgid ""
 "This section contains settings for domain that stores users and groups in "
 "SSSD native database, that is, a domain that uses "
@@ -3550,73 +3595,73 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3032
+#: sssd.conf.5.xml:3090
 msgid "default_shell (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3035
+#: sssd.conf.5.xml:3093
 msgid "The default shell for users created with SSSD userspace tools."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3039
+#: sssd.conf.5.xml:3097
 msgid "Default: <filename>/bin/bash</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3044
+#: sssd.conf.5.xml:3102
 msgid "base_directory (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3047
+#: sssd.conf.5.xml:3105
 msgid ""
 "The tools append the login name to <replaceable>base_directory</replaceable> "
 "and use that as the home directory."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3052
+#: sssd.conf.5.xml:3110
 msgid "Default: <filename>/home</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3057
+#: sssd.conf.5.xml:3115
 msgid "create_homedir (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3060
+#: sssd.conf.5.xml:3118
 msgid ""
 "Indicate if a home directory should be created by default for new users.  "
 "Can be overridden on command line."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3064 sssd.conf.5.xml:3076
+#: sssd.conf.5.xml:3122 sssd.conf.5.xml:3134
 msgid "Default: TRUE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3069
+#: sssd.conf.5.xml:3127
 msgid "remove_homedir (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3072
+#: sssd.conf.5.xml:3130
 msgid ""
 "Indicate if a home directory should be removed by default for deleted "
 "users.  Can be overridden on command line."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3081
+#: sssd.conf.5.xml:3139
 msgid "homedir_umask (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3084
+#: sssd.conf.5.xml:3142
 msgid ""
 "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
 "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -3624,17 +3669,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3092
+#: sssd.conf.5.xml:3150
 msgid "Default: 077"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3097
+#: sssd.conf.5.xml:3155
 msgid "skel_dir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3100
+#: sssd.conf.5.xml:3158
 msgid ""
 "The skeleton directory, which contains files and directories to be copied in "
 "the user's home directory, when the home directory is created by "
@@ -3643,17 +3688,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3110
+#: sssd.conf.5.xml:3168
 msgid "Default: <filename>/etc/skel</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3115
+#: sssd.conf.5.xml:3173
 msgid "mail_dir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3118
+#: sssd.conf.5.xml:3176
 msgid ""
 "The mail spool directory. This is needed to manipulate the mailbox when its "
 "corresponding user account is modified or deleted.  If not specified, a "
@@ -3661,17 +3706,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3125
+#: sssd.conf.5.xml:3183
 msgid "Default: <filename>/var/mail</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3130
+#: sssd.conf.5.xml:3188
 msgid "userdel_cmd (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3133
+#: sssd.conf.5.xml:3191
 msgid ""
 "The command that is run after a user is removed.  The command us passed the "
 "username of the user being removed as the first and only parameter. The "
@@ -3679,17 +3724,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3139
+#: sssd.conf.5.xml:3197
 msgid "Default: None, no command is run"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:3149
+#: sssd.conf.5.xml:3207
 msgid "TRUSTED DOMAIN SECTION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3151
+#: sssd.conf.5.xml:3209
 msgid ""
 "Some options used in the domain section can also be used in the trusted "
 "domain section, that is, in a section called <quote>[domain/"
@@ -3700,64 +3745,64 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3158
+#: sssd.conf.5.xml:3216
 msgid "ldap_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3159
+#: sssd.conf.5.xml:3217
 msgid "ldap_user_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3160
+#: sssd.conf.5.xml:3218
 msgid "ldap_group_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3161
+#: sssd.conf.5.xml:3219
 msgid "ldap_netgroup_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3162
+#: sssd.conf.5.xml:3220
 msgid "ldap_service_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3163
+#: sssd.conf.5.xml:3221
 msgid "ad_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3164
+#: sssd.conf.5.xml:3222
 msgid "ad_backup_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3165
+#: sssd.conf.5.xml:3223
 msgid "ad_site,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3166
+#: sssd.conf.5.xml:3224
 msgid "use_fully_qualified_names"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3168
+#: sssd.conf.5.xml:3226
 msgid ""
 "For more details about these options see their individual description in the "
 "manual page."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:3174 idmap_sss.8.xml:43
+#: sssd.conf.5.xml:3232 idmap_sss.8.xml:43
 msgid "EXAMPLES"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:3180
+#: sssd.conf.5.xml:3238
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -3787,7 +3832,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3176
+#: sssd.conf.5.xml:3234
 msgid ""
 "1. The following example shows a typical SSSD config. It does not describe "
 "configuration of the domains themselves - refer to documentation on "
@@ -3796,7 +3841,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:3213
+#: sssd.conf.5.xml:3271
 #, no-wrap
 msgid ""
 "[domain/ipa.com/child.ad.com]\n"
@@ -3804,7 +3849,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3207
+#: sssd.conf.5.xml:3265
 msgid ""
 "2. The following example shows configuration of IPA AD trust where the AD "
 "forest consists of two domains in a parent-child structure.  Suppose IPA "
@@ -3852,7 +3897,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:81 sssd-ad.5.xml:112
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:81 sssd-ad.5.xml:115
 #: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44 sssd-files.5.xml:57
 #: sssd-secrets.5.xml:120 sssd-session-recording.5.xml:58 sssd-kcm.8.xml:139
 msgid "CONFIGURATION OPTIONS"
@@ -3953,7 +3998,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:662 sssd-ad.5.xml:283
+#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:662 sssd-ad.5.xml:286
 #: sss_override.8.xml:137 sss_override.8.xml:234
 msgid "Examples:"
 msgstr ""
@@ -4779,10 +4824,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:855
-#, fuzzy
-#| msgid "Default: root"
 msgid "Default: rhost"
-msgstr "Dre zoiuer : root"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:861
@@ -5146,10 +5189,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1228
-#, fuzzy
-#| msgid "full_name_format (string)"
 msgid "ldap_host_name (string)"
-msgstr "full_name_format (neudennad)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1257
@@ -5170,10 +5211,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1248
-#, fuzzy
-#| msgid "Default: 3"
 msgid "Default: fqdn"
-msgstr "Dre ziouer : 3"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1254
@@ -5182,10 +5221,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1261
-#, fuzzy
-#| msgid "Default: root"
 msgid "Default: serverHostname"
-msgstr "Dre zoiuer : root"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1267
@@ -5775,7 +5812,7 @@ msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1853 sssd-ad.5.xml:934
+#: sssd-ldap.5.xml:1853 sssd-ad.5.xml:937
 msgid "Default: 86400 (24 hours)"
 msgstr ""
 
@@ -6847,8 +6884,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd-ldap.5.xml:2816 sssd-simple.5.xml:131 sssd-ipa.5.xml:736
-#: sssd-ad.5.xml:1038 sssd-krb5.5.xml:570 sss_rpcidmapd.5.xml:98
-#: sssd-files.5.xml:71 sssd-session-recording.5.xml:144
+#: sssd-ad.5.xml:1041 sssd-krb5.5.xml:570 sss_rpcidmapd.5.xml:98
+#: sssd-files.5.xml:103 sssd-session-recording.5.xml:144
 msgid "EXAMPLE"
 msgstr ""
 
@@ -6875,8 +6912,8 @@ msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para>
 #: sssd-ldap.5.xml:2823 sssd-ldap.5.xml:2841 sssd-simple.5.xml:139
-#: sssd-ipa.5.xml:744 sssd-ad.5.xml:1046 sssd-sudo.5.xml:56 sssd-krb5.5.xml:579
-#: sssd-files.5.xml:78 sssd-session-recording.5.xml:150
+#: sssd-ipa.5.xml:744 sssd-ad.5.xml:1049 sssd-sudo.5.xml:56 sssd-krb5.5.xml:579
+#: sssd-files.5.xml:110 sssd-session-recording.5.xml:150
 #: include/ldap_id_mapping.xml:105
 msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
@@ -6911,7 +6948,7 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd-ldap.5.xml:2857 sssd_krb5_locator_plugin.8.xml:61 sssd-simple.5.xml:148
-#: sssd-ad.5.xml:1061 sssd.8.xml:230 sss_seed.8.xml:163
+#: sssd-ad.5.xml:1064 sssd.8.xml:230 sss_seed.8.xml:163
 msgid "NOTES"
 msgstr ""
 
@@ -7322,7 +7359,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:82 sssd-ad.5.xml:113
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:82 sssd-ad.5.xml:116
 msgid ""
 "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
 "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -7419,23 +7456,24 @@ msgstr ""
 msgid ""
 "The rules are processed by priority while the number '0' (zero)  indicates "
 "the highest priority. The higher the number the lower is the priority. A "
-"missing value indicates the lowest priority."
+"missing value indicates the lowest priority. The rules processing is stopped "
+"when a matched rule is found and no further rules are checked."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:50
+#: sss-certmap.5.xml:52
 msgid ""
 "Internally the priority is treated as unsigned 32bit integer, using a "
 "priority value larger than 4294967295 will cause an error."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sss-certmap.5.xml:55
+#: sss-certmap.5.xml:57
 msgid "MATCHING RULE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:57
+#: sss-certmap.5.xml:59
 msgid ""
 "The matching rule is used to select a certificate to which the mapping rule "
 "should be applied. It uses a system similar to the one used by "
@@ -7447,12 +7485,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:69
+#: sss-certmap.5.xml:71
 msgid "&lt;SUBJECT&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:72
+#: sss-certmap.5.xml:74
 msgid ""
 "With this a part or the whole subject name of the certificate can be "
 "matched. For the matching POSIX Extended Regular Expression syntax is used, "
@@ -7460,7 +7498,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:78
+#: sss-certmap.5.xml:80
 msgid ""
 "For the matching the subject name stored in the certificate in DER encoded "
 "ASN.1 is converted into a string according to RFC 4514. This means the most "
@@ -7473,172 +7511,172 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:91
+#: sss-certmap.5.xml:93
 msgid "Example: &lt;SUBJECT&gt;.*,DC=MY,DC=DOMAIN"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:96
+#: sss-certmap.5.xml:98
 msgid "&lt;ISSUER&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:99
+#: sss-certmap.5.xml:101
 msgid ""
 "With this a part or the whole issuer name of the certificate can be matched. "
 "All comments for &lt;SUBJECT&gt; apply her as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:104
+#: sss-certmap.5.xml:106
 msgid "Example: &lt;ISSUER&gt;^CN=My-CA,DC=MY,DC=DOMAIN$"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:109
+#: sss-certmap.5.xml:111
 msgid "&lt;KU&gt;key-usage"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:112
+#: sss-certmap.5.xml:114
 msgid ""
 "This option can be used to specify which key usage values the certificate "
 "should have. The following values can be used in a comma separated list:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:116
+#: sss-certmap.5.xml:118
 msgid "digitalSignature"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:117
+#: sss-certmap.5.xml:119
 msgid "nonRepudiation"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:118
+#: sss-certmap.5.xml:120
 msgid "keyEncipherment"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:119
+#: sss-certmap.5.xml:121
 msgid "dataEncipherment"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:120
+#: sss-certmap.5.xml:122
 msgid "keyAgreement"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:121
+#: sss-certmap.5.xml:123
 msgid "keyCertSign"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:122
+#: sss-certmap.5.xml:124
 msgid "cRLSign"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:123
+#: sss-certmap.5.xml:125
 msgid "encipherOnly"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:124
+#: sss-certmap.5.xml:126
 msgid "decipherOnly"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:128
+#: sss-certmap.5.xml:130
 msgid ""
 "A numerical value in the range of a 32bit unsigned integer can be used as "
 "well to cover special use cases."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:132
+#: sss-certmap.5.xml:134
 msgid "Example: &lt;KU&gt;digitalSignature,keyEncipherment"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:137
+#: sss-certmap.5.xml:139
 msgid "&lt;EKU&gt;extended-key-usage"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:140
+#: sss-certmap.5.xml:142
 msgid ""
 "This option can be used to specify which extended key usage the certificate "
 "should have. The following value can be used in a comma separated list:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:144
+#: sss-certmap.5.xml:146
 msgid "serverAuth"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:145
+#: sss-certmap.5.xml:147
 msgid "clientAuth"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:146
+#: sss-certmap.5.xml:148
 msgid "codeSigning"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:147
+#: sss-certmap.5.xml:149
 msgid "emailProtection"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:148
+#: sss-certmap.5.xml:150
 msgid "timeStamping"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:149
+#: sss-certmap.5.xml:151
 msgid "OCSPSigning"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:150
+#: sss-certmap.5.xml:152
 msgid "KPClientAuth"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:151
+#: sss-certmap.5.xml:153
 msgid "pkinit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:152
+#: sss-certmap.5.xml:154
 msgid "msScLogin"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:156
+#: sss-certmap.5.xml:158
 msgid ""
 "Extended key usages which are not listed above can be specified with their "
 "OID in dotted-decimal notation."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:160
+#: sss-certmap.5.xml:162
 msgid "Example: &lt;EKU&gt;clientAuth,1.3.6.1.5.2.3.4"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:165
+#: sss-certmap.5.xml:167
 msgid "&lt;SAN&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:168
+#: sss-certmap.5.xml:170
 msgid ""
 "To be compatible with the usage of MIT Kerberos this option will match the "
 "Kerberos principals in the PKINIT or AD NT Principal SAN as &lt;SAN:"
@@ -7646,62 +7684,62 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:173
+#: sss-certmap.5.xml:175
 msgid "Example: &lt;SAN&gt;.*@MY\\.REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:178
+#: sss-certmap.5.xml:180
 msgid "&lt;SAN:Principal&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:181
+#: sss-certmap.5.xml:183
 msgid "Match the Kerberos principals in the PKINIT or AD NT Principal SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:185
+#: sss-certmap.5.xml:187
 msgid "Example: &lt;SAN:Principal&gt;.*@MY\\.REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:190
+#: sss-certmap.5.xml:192
 msgid "&lt;SAN:ntPrincipalName&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:193
+#: sss-certmap.5.xml:195
 msgid "Match the Kerberos principals from the AD NT Principal SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:197
+#: sss-certmap.5.xml:199
 msgid "Example: &lt;SAN:ntPrincipalName&gt;.*@MY.AD.REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:202
+#: sss-certmap.5.xml:204
 msgid "&lt;SAN:pkinit&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:205
+#: sss-certmap.5.xml:207
 msgid "Match the Kerberos principals from the PKINIT SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:208
+#: sss-certmap.5.xml:210
 msgid "Example: &lt;SAN:ntPrincipalName&gt;.*@MY\\.PKINIT\\.REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:213
+#: sss-certmap.5.xml:215
 msgid "&lt;SAN:dotted-decimal-oid&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:216
+#: sss-certmap.5.xml:218
 msgid ""
 "Take the value of the otherName SAN component given by the OID in dotted-"
 "decimal notation, interpret it as string and try to match it against the "
@@ -7709,17 +7747,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:222
+#: sss-certmap.5.xml:224
 msgid "Example: &lt;SAN:1.2.3.4&gt;test"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:227
+#: sss-certmap.5.xml:229
 msgid "&lt;SAN:otherName&gt;base64-string"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:230
+#: sss-certmap.5.xml:232
 msgid ""
 "Do a binary match with the base64 encoded blob against all otherName SAN "
 "components. With this option it is possible to match against custom "
@@ -7728,145 +7766,145 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:237
+#: sss-certmap.5.xml:239
 msgid "Example: &lt;SAN:otherName&gt;MTIz"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:242
+#: sss-certmap.5.xml:244
 msgid "&lt;SAN:rfc822Name&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:245
+#: sss-certmap.5.xml:247
 msgid "Match the value of the rfc822Name SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:248
+#: sss-certmap.5.xml:250
 msgid "Example: &lt;SAN:rfc822Name&gt;.*@email\\.domain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:253
+#: sss-certmap.5.xml:255
 msgid "&lt;SAN:dNSName&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:256
+#: sss-certmap.5.xml:258
 msgid "Match the value of the dNSName SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:259
+#: sss-certmap.5.xml:261
 msgid "Example: &lt;SAN:dNSName&gt;.*\\.my\\.dns\\.domain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:264
+#: sss-certmap.5.xml:266
 msgid "&lt;SAN:x400Address&gt;base64-string"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:267
+#: sss-certmap.5.xml:269
 msgid "Binary match the value of the x400Address SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:270
+#: sss-certmap.5.xml:272
 msgid "Example: &lt;SAN:x400Address&gt;MTIz"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:275
+#: sss-certmap.5.xml:277
 msgid "&lt;SAN:directoryName&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:278
+#: sss-certmap.5.xml:280
 msgid ""
 "Match the value of the directoryName SAN. The same comments as given for &lt;"
 "ISSUER&gt; and &lt;SUBJECT&gt; apply here as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:283
+#: sss-certmap.5.xml:285
 msgid "Example: &lt;SAN:directoryName&gt;.*,DC=com"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:288
+#: sss-certmap.5.xml:290
 msgid "&lt;SAN:ediPartyName&gt;base64-string"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:291
+#: sss-certmap.5.xml:293
 msgid "Binary match the value of the ediPartyName SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:294
+#: sss-certmap.5.xml:296
 msgid "Example: &lt;SAN:ediPartyName&gt;MTIz"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:299
+#: sss-certmap.5.xml:301
 msgid "&lt;SAN:uniformResourceIdentifier&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:302
+#: sss-certmap.5.xml:304
 msgid "Match the value of the uniformResourceIdentifier SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:305
+#: sss-certmap.5.xml:307
 msgid "Example: &lt;SAN:uniformResourceIdentifier&gt;URN:.*"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:310
+#: sss-certmap.5.xml:312
 msgid "&lt;SAN:iPAddress&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:313
+#: sss-certmap.5.xml:315
 msgid "Match the value of the iPAddress SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:316
+#: sss-certmap.5.xml:318
 msgid "Example: &lt;SAN:iPAddress&gt;192\\.168\\..*"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:321
+#: sss-certmap.5.xml:323
 msgid "&lt;SAN:registeredID&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:324
+#: sss-certmap.5.xml:326
 msgid "Match the value of the registeredID SAN as dotted-decimal string."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:328
+#: sss-certmap.5.xml:330
 msgid "Example: &lt;SAN:registeredID&gt;1\\.2\\.3\\..*"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:66
+#: sss-certmap.5.xml:68
 msgid ""
 "The available options are: <placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sss-certmap.5.xml:336
+#: sss-certmap.5.xml:338
 msgid "MAPPING RULE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:338
+#: sss-certmap.5.xml:340
 msgid ""
 "The mapping rule is used to associate a certificate with one or more "
 "accounts. A Smartcard with the certificate and the matching private key can "
@@ -7874,7 +7912,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:343
+#: sss-certmap.5.xml:345
 msgid ""
 "Currently SSSD basically only supports LDAP to lookup user information (the "
 "exception is the proxy provider which is not of relevance here). Because of "
@@ -7886,7 +7924,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:353
+#: sss-certmap.5.xml:355
 msgid ""
 "In general it is recommended to use attributes from the certificate and add "
 "them to special attributes to the LDAP user object. E.g. the "
@@ -7895,7 +7933,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:359
+#: sss-certmap.5.xml:361
 msgid ""
 "This should be preferred to read user specific data from the certificate "
 "like e.g. an email address and search for it in the LDAP server. The reason "
@@ -7905,12 +7943,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:374
+#: sss-certmap.5.xml:376
 msgid "{issuer_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:377
+#: sss-certmap.5.xml:379
 msgid ""
 "This template will add the full issuer DN converted to a string according to "
 "RFC 4514. If X.500 ordering (most specific RDN comes last) an option with "
@@ -7918,40 +7956,40 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:383 sss-certmap.5.xml:409
+#: sss-certmap.5.xml:385 sss-certmap.5.xml:411
 msgid ""
 "The conversion options starting with 'ad_' will use attribute names as used "
 "by AD, e.g. 'S' instead of 'ST'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:387 sss-certmap.5.xml:413
+#: sss-certmap.5.xml:389 sss-certmap.5.xml:415
 msgid ""
 "The conversion options starting with 'nss_' will use attribute names as used "
 "by NSS."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:391 sss-certmap.5.xml:417
+#: sss-certmap.5.xml:393 sss-certmap.5.xml:419
 msgid ""
 "The default conversion option is 'nss', i.e. attribute names according to "
 "NSS and LDAP/RFC 4514 ordering."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:395
+#: sss-certmap.5.xml:397
 msgid ""
 "Example: (ipacertmapdata=X509:&lt;I&gt;{issuer_dn!ad}&lt;S&gt;{subject_dn!"
 "ad})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:400
+#: sss-certmap.5.xml:402
 msgid "{subject_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:403
+#: sss-certmap.5.xml:405
 msgid ""
 "This template will add the full subject DN converted to string according to "
 "RFC 4514. If X.500 ordering (most specific RDN comes last) an option with "
@@ -7959,19 +7997,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:421
+#: sss-certmap.5.xml:423
 msgid ""
 "Example: (ipacertmapdata=X509:&lt;I&gt;{issuer_dn!nss_x500}&lt;S&gt;"
 "{subject_dn!nss_x500})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:426
+#: sss-certmap.5.xml:428
 msgid "{cert[!(bin|base64)]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:429
+#: sss-certmap.5.xml:431
 msgid ""
 "This template will add the whole DER encoded certificate as a string to the "
 "search filter. Depending on the conversion option the binary certificate is "
@@ -7981,17 +8019,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:437
+#: sss-certmap.5.xml:439
 msgid "Example: (userCertificate;binary={cert!bin})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:442
+#: sss-certmap.5.xml:444
 msgid "{subject_principal[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:445
+#: sss-certmap.5.xml:447
 msgid ""
 "This template will add the Kerberos principal which is taken either from the "
 "SAN used by pkinit or the one used by AD. The 'short_name' component "
@@ -7999,19 +8037,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:451 sss-certmap.5.xml:479
+#: sss-certmap.5.xml:453 sss-certmap.5.xml:481
 msgid ""
 "Example: (|(userPrincipal={subject_principal})"
 "(samAccountName={subject_principal.short_name}))"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:456
+#: sss-certmap.5.xml:458
 msgid "{subject_pkinit_principal[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:459
+#: sss-certmap.5.xml:461
 msgid ""
 "This template will add the Kerberos principal which is given by the SAN used "
 "by pkinit. The 'short_name' component represents the first part of the "
@@ -8019,19 +8057,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:465
+#: sss-certmap.5.xml:467
 msgid ""
 "Example: (|(userPrincipal={subject_pkinit_principal})"
 "(uid={subject_pkinit_principal.short_name}))"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:470
+#: sss-certmap.5.xml:472
 msgid "{subject_nt_principal[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:473
+#: sss-certmap.5.xml:475
 msgid ""
 "This template will add the Kerberos principal which is given by the SAN used "
 "by AD. The 'short_name' component represent the first part of the principal "
@@ -8039,12 +8077,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:484
+#: sss-certmap.5.xml:486
 msgid "{subject_rfc822_name[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:487
+#: sss-certmap.5.xml:489
 msgid ""
 "This template will add the string which is stored in the rfc822Name "
 "component of the SAN, typically an email address. The 'short_name' component "
@@ -8052,19 +8090,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:493
+#: sss-certmap.5.xml:495
 msgid ""
 "Example: (|(mail={subject_rfc822_name})(uid={subject_rfc822_name."
 "short_name}))"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:498
+#: sss-certmap.5.xml:500
 msgid "{subject_dns_name[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:501
+#: sss-certmap.5.xml:503
 msgid ""
 "This template will add the string which is stored in the dNSName component "
 "of the SAN, typically a fully-qualified host name.  The 'short_name' "
@@ -8072,116 +8110,116 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:507
+#: sss-certmap.5.xml:509
 msgid ""
 "Example: (|(fqdn={subject_dns_name})(host={subject_dns_name.short_name}))"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:512
+#: sss-certmap.5.xml:514
 msgid "{subject_uri}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:515
+#: sss-certmap.5.xml:517
 msgid ""
 "This template will add the string which is stored in the "
 "uniformResourceIdentifier component of the SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:519
+#: sss-certmap.5.xml:521
 msgid "Example: (uri={subject_uri})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:524
+#: sss-certmap.5.xml:526
 msgid "{subject_ip_address}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:527
+#: sss-certmap.5.xml:529
 msgid ""
 "This template will add the string which is stored in the iPAddress component "
 "of the SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:531
+#: sss-certmap.5.xml:533
 msgid "Example: (ip={subject_ip_address})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:536
+#: sss-certmap.5.xml:538
 msgid "{subject_x400_address}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:539
+#: sss-certmap.5.xml:541
 msgid ""
 "This template will add the value which is stored in the x400Address "
 "component of the SAN as escaped hex sequence."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:544
+#: sss-certmap.5.xml:546
 msgid "Example: (attr:binary={subject_x400_address})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:549
+#: sss-certmap.5.xml:551
 msgid ""
 "{subject_directory_name[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:552
+#: sss-certmap.5.xml:554
 msgid ""
 "This template will add the DN string of the value which is stored in the "
 "directoryName component of the SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:556
+#: sss-certmap.5.xml:558
 msgid "Example: (orig_dn={subject_directory_name})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:561
+#: sss-certmap.5.xml:563
 msgid "{subject_ediparty_name}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:564
+#: sss-certmap.5.xml:566
 msgid ""
 "This template will add the value which is stored in the ediPartyName "
 "component of the SAN as escaped hex sequence."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:569
+#: sss-certmap.5.xml:571
 msgid "Example: (attr:binary={subject_ediparty_name})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:574
+#: sss-certmap.5.xml:576
 msgid "{subject_registered_id}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:577
+#: sss-certmap.5.xml:579
 msgid ""
 "This template will add the OID which is stored in the registeredID component "
 "of the SAN as a dotted-decimal string."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:582
+#: sss-certmap.5.xml:584
 msgid "Example: (oid={subject_registered_id})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:367
+#: sss-certmap.5.xml:369
 msgid ""
 "The templates to add certificate data to the search filter are based on "
 "Python-style formatting strings. They consist of a keyword in curly braces "
@@ -8191,12 +8229,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sss-certmap.5.xml:590
+#: sss-certmap.5.xml:592
 msgid "DOMAIN LIST"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:592
+#: sss-certmap.5.xml:594
 msgid ""
 "If the domain list is not empty users mapped to a given certificate are not "
 "only searched in the local domain but in the listed domains as well as long "
@@ -8317,7 +8355,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:863
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:866
 msgid "dyndns_update (boolean)"
 msgstr ""
 
@@ -8332,7 +8370,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:140 sssd-ad.5.xml:877
+#: sssd-ipa.5.xml:140 sssd-ad.5.xml:880
 msgid ""
 "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
 "the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -8347,12 +8385,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:157 sssd-ad.5.xml:888
+#: sssd-ipa.5.xml:157 sssd-ad.5.xml:891
 msgid "dyndns_ttl (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:160 sssd-ad.5.xml:891
+#: sssd-ipa.5.xml:160 sssd-ad.5.xml:894
 msgid ""
 "The TTL to apply to the client DNS record when updating it.  If "
 "dyndns_update is false this has no effect. This will override the TTL "
@@ -8373,12 +8411,12 @@ msgid "Default: 1200 (seconds)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:177 sssd-ad.5.xml:902
+#: sssd-ipa.5.xml:177 sssd-ad.5.xml:905
 msgid "dyndns_iface (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:180 sssd-ad.5.xml:905
+#: sssd-ipa.5.xml:180 sssd-ad.5.xml:908
 msgid ""
 "Optional. Applicable only when dyndns_update is true. Choose the interface "
 "or a list of interfaces whose IP addresses should be used for dynamic DNS "
@@ -8402,17 +8440,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:197 sssd-ad.5.xml:916
+#: sssd-ipa.5.xml:197 sssd-ad.5.xml:919
 msgid "Example: dyndns_iface = em1, vnet1, vnet2"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:203 sssd-ad.5.xml:967
+#: sssd-ipa.5.xml:203 sssd-ad.5.xml:970
 msgid "dyndns_auth (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:206 sssd-ad.5.xml:970
+#: sssd-ipa.5.xml:206 sssd-ad.5.xml:973
 msgid ""
 "Whether the nsupdate utility should use GSS-TSIG authentication for secure "
 "updates with the DNS server, insecure updates can be sent by setting this "
@@ -8420,7 +8458,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:212 sssd-ad.5.xml:976
+#: sssd-ipa.5.xml:212 sssd-ad.5.xml:979
 msgid "Default: GSS-TSIG"
 msgstr ""
 
@@ -8430,7 +8468,7 @@ msgid "ipa_enable_dns_sites (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:221 sssd-ad.5.xml:210
+#: sssd-ipa.5.xml:221 sssd-ad.5.xml:213
 msgid "Enables DNS sites - location based service discovery."
 msgstr ""
 
@@ -8447,7 +8485,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:244 sssd-ad.5.xml:922
+#: sssd-ipa.5.xml:244 sssd-ad.5.xml:925
 msgid "dyndns_refresh_interval (integer)"
 msgstr ""
 
@@ -8460,12 +8498,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:940
+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:943
 msgid "dyndns_update_ptr (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:263 sssd-ad.5.xml:943
+#: sssd-ipa.5.xml:263 sssd-ad.5.xml:946
 msgid ""
 "Whether the PTR record should also be explicitly updated when updating the "
 "client's DNS records.  Applicable only when dyndns_update is true."
@@ -8484,50 +8522,50 @@ msgid "Default: False (disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:280 sssd-ad.5.xml:954
+#: sssd-ipa.5.xml:280 sssd-ad.5.xml:957
 msgid "dyndns_force_tcp (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:283 sssd-ad.5.xml:957
+#: sssd-ipa.5.xml:283 sssd-ad.5.xml:960
 msgid ""
 "Whether the nsupdate utility should default to using TCP for communicating "
 "with the DNS server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:287 sssd-ad.5.xml:961
+#: sssd-ipa.5.xml:287 sssd-ad.5.xml:964
 msgid "Default: False (let nsupdate choose the protocol)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:293 sssd-ad.5.xml:982
+#: sssd-ipa.5.xml:293 sssd-ad.5.xml:985
 msgid "dyndns_server (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:296 sssd-ad.5.xml:985
+#: sssd-ipa.5.xml:296 sssd-ad.5.xml:988
 msgid ""
 "The DNS server to use when performing a DNS update. In most setups, it's "
 "recommended to leave this option unset."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:301 sssd-ad.5.xml:990
+#: sssd-ipa.5.xml:301 sssd-ad.5.xml:993
 msgid ""
 "Setting this option makes sense for environments where the DNS server is "
 "different from the identity server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:306 sssd-ad.5.xml:995
+#: sssd-ipa.5.xml:306 sssd-ad.5.xml:998
 msgid ""
 "Please note that this option will be only used in fallback attempt when "
 "previous attempt using autodetected settings failed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1000
+#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1003
 msgid "Default: None (let nsupdate choose the server)"
 msgstr ""
 
@@ -8638,26 +8676,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:443 sssd-ad.5.xml:1009
+#: sssd-ipa.5.xml:443 sssd-ad.5.xml:1012
 msgid "krb5_confd_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:446 sssd-ad.5.xml:1012
+#: sssd-ipa.5.xml:446 sssd-ad.5.xml:1015
 msgid ""
 "Absolute path of a directory where SSSD should place Kerberos configuration "
 "snippets."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:450 sssd-ad.5.xml:1016
+#: sssd-ipa.5.xml:450 sssd-ad.5.xml:1019
 msgid ""
 "To disable the creation of the configuration snippets set the parameter to "
 "'none'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454 sssd-ad.5.xml:1020
+#: sssd-ipa.5.xml:454 sssd-ad.5.xml:1023
 msgid ""
 "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
 msgstr ""
@@ -8676,7 +8714,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471 sssd-ipa.5.xml:501 sssd-ipa.5.xml:517 sssd-ad.5.xml:428
+#: sssd-ipa.5.xml:471 sssd-ipa.5.xml:501 sssd-ipa.5.xml:517 sssd-ad.5.xml:431
 msgid "Default: 5 (seconds)"
 msgstr ""
 
@@ -8694,10 +8732,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:485
-#, fuzzy
-#| msgid "Default: true"
 msgid "Default: 60 (minutes)"
-msgstr "Dre ziouer : true"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:491
@@ -9098,11 +9134,13 @@ msgid ""
 "POSIX attributes are not replicated to the Global Catalog, SSSD must search "
 "all the domains in the forest sequentially. Please note that the "
 "<quote>cache_first</quote> option might be also helpful in speeding up "
-"domainless searches."
+"domainless searches.  Note that if only a subset of POSIX attributes is "
+"present in the Global Catalog, the non-replicated attributes are currently "
+"not read from the LDAP port."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:105
+#: sssd-ad.5.xml:108
 msgid ""
 "Users, groups and other entities served by SSSD are always treated as case-"
 "insensitive in the AD provider for compatibility with Active Directory's "
@@ -9110,38 +9148,38 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:120
+#: sssd-ad.5.xml:123
 msgid "ad_domain (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:123
+#: sssd-ad.5.xml:126
 msgid ""
 "Specifies the name of the Active Directory domain.  This is optional. If not "
 "provided, the configuration domain name is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:128
+#: sssd-ad.5.xml:131
 msgid ""
 "For proper operation, this option should be specified as the lower-case "
 "version of the long version of the Active Directory domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:133
+#: sssd-ad.5.xml:136
 msgid ""
 "The short domain name (also known as the NetBIOS or the flat name) is "
 "autodetected by the SSSD."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:140
+#: sssd-ad.5.xml:143
 msgid "ad_enabled_domains (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:143
+#: sssd-ad.5.xml:146
 msgid ""
 "A comma-separated list of enabled Active Directory domains.  If provided, "
 "SSSD will ignore any domains not listed in this option. If left unset, all "
@@ -9149,7 +9187,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:153
+#: sssd-ad.5.xml:156
 #, no-wrap
 msgid ""
 "ad_enabled_domains = sales.example.com, eng.example.com\n"
@@ -9157,7 +9195,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:149
+#: sssd-ad.5.xml:152
 msgid ""
 "For proper operation, this option must be specified in all lower-case and as "
 "the fully qualified domain name of the Active Directory domain. For example: "
@@ -9165,19 +9203,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:157
+#: sssd-ad.5.xml:160
 msgid ""
 "The short domain name (also known as the NetBIOS or the flat name) will be "
 "autodetected by SSSD."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:167
+#: sssd-ad.5.xml:170
 msgid "ad_server, ad_backup_server (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:170
+#: sssd-ad.5.xml:173
 msgid ""
 "The comma-separated list of hostnames of the AD servers to which SSSD should "
 "connect in order of preference. For more information on failover and server "
@@ -9185,26 +9223,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:177
+#: sssd-ad.5.xml:180
 msgid ""
 "This is optional if autodiscovery is enabled.  For more information on "
 "service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:182
+#: sssd-ad.5.xml:185
 msgid ""
 "Note: Trusted domains will always auto-discover servers even if the primary "
 "server is explicitly defined in the ad_server option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:190
+#: sssd-ad.5.xml:193
 msgid "ad_hostname (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:193
+#: sssd-ad.5.xml:196
 msgid ""
 "Optional. May be set on machines where the hostname(5) does not reflect the "
 "fully qualified name used in the Active Directory domain to identify this "
@@ -9212,19 +9250,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:199
+#: sssd-ad.5.xml:202
 msgid ""
 "This field is used to determine the host principal in use in the keytab. It "
 "must match the hostname for which the keytab was issued."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:207
+#: sssd-ad.5.xml:210
 msgid "ad_enable_dns_sites (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:214
+#: sssd-ad.5.xml:217
 msgid ""
 "If true and service discovery (see Service Discovery paragraph at the bottom "
 "of the man page)  is enabled, the SSSD will first attempt to discover the "
@@ -9235,12 +9273,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:230
+#: sssd-ad.5.xml:233
 msgid "ad_access_filter (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:233
+#: sssd-ad.5.xml:236
 msgid ""
 "This option specifies LDAP access control filter that the user must match in "
 "order to be allowed access. Please note that the <quote>access_provider</"
@@ -9249,7 +9287,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:241
+#: sssd-ad.5.xml:244
 msgid ""
 "The option also supports specifying different filters per domain or forest. "
 "This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>.  "
@@ -9258,7 +9296,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:249
+#: sssd-ad.5.xml:252
 msgid ""
 "If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</"
 "quote> specifies the domain or subdomain the filter applies to.  If the "
@@ -9267,14 +9305,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:257
+#: sssd-ad.5.xml:260
 msgid ""
 "Multiple filters can be separated with the <quote>?</quote> character, "
 "similarly to how search bases work."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:262
+#: sssd-ad.5.xml:265
 msgid ""
 "Nested group membership must be searched for using a special OID "
 "<quote>:1.2.840.113556.1.4.1941:</quote> in addition to the full DOM:domain."
@@ -9287,7 +9325,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:275
+#: sssd-ad.5.xml:278
 msgid ""
 "The most specific match is always used. For example, if the option specified "
 "filter for a domain the user is a member of and a global filter, the per-"
@@ -9296,7 +9334,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ad.5.xml:286
+#: sssd-ad.5.xml:289
 #, no-wrap
 msgid ""
 "# apply filter on domain called dom1 only:\n"
@@ -9314,24 +9352,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:305
+#: sssd-ad.5.xml:308
 msgid "ad_site (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:308
+#: sssd-ad.5.xml:311
 msgid ""
 "Specify AD site to which client should try to connect.  If this option is "
 "not provided, the AD site will be auto-discovered."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:319
+#: sssd-ad.5.xml:322
 msgid "ad_enable_gc (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:322
+#: sssd-ad.5.xml:325
 msgid ""
 "By default, the SSSD connects to the Global Catalog first to retrieve users "
 "from trusted domains and uses the LDAP port to retrieve group memberships or "
@@ -9340,7 +9378,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:330
+#: sssd-ad.5.xml:333
 msgid ""
 "Please note that disabling Global Catalog support does not disable "
 "retrieving users from trusted domains. The SSSD would connect to the LDAP "
@@ -9349,12 +9387,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:344
+#: sssd-ad.5.xml:347
 msgid "ad_gpo_access_control (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:347
+#: sssd-ad.5.xml:350
 msgid ""
 "This option specifies the operation mode for GPO-based access control "
 "functionality: whether it operates in disabled mode, enforcing mode, or "
@@ -9364,14 +9402,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:356
+#: sssd-ad.5.xml:359
 msgid ""
 "GPO-based access control functionality uses GPO policy settings to determine "
 "whether or not a particular user is allowed to logon to a particular host."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:362
+#: sssd-ad.5.xml:365
 msgid ""
 "NOTE: The current version of SSSD does not support host (computer) entries "
 "in the GPO 'Security Filtering' list. Only user and group entries are "
@@ -9379,7 +9417,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:369
+#: sssd-ad.5.xml:372
 msgid ""
 "NOTE: If the operation mode is set to enforcing, it is possible that users "
 "that were previously allowed logon access will now be denied logon access "
@@ -9392,23 +9430,23 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:382
+#: sssd-ad.5.xml:385
 msgid "There are three supported values for this option:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:386
+#: sssd-ad.5.xml:389
 msgid ""
 "disabled: GPO-based access control rules are neither evaluated nor enforced."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:392
+#: sssd-ad.5.xml:395
 msgid "enforcing: GPO-based access control rules are evaluated and enforced."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:398
+#: sssd-ad.5.xml:401
 msgid ""
 "permissive: GPO-based access control rules are evaluated, but not enforced.  "
 "Instead, a syslog message will be emitted indicating that the user would "
@@ -9416,22 +9454,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:409
+#: sssd-ad.5.xml:412
 msgid "Default: permissive"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:412
+#: sssd-ad.5.xml:415
 msgid "Default: enforcing"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:418
+#: sssd-ad.5.xml:421
 msgid "ad_gpo_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:421
+#: sssd-ad.5.xml:424
 msgid ""
 "The amount of time between lookups of GPO policy files against the AD "
 "server. This will reduce the latency and load on the AD server if there are "
@@ -9439,12 +9477,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:434
+#: sssd-ad.5.xml:437
 msgid "ad_gpo_map_interactive (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:437
+#: sssd-ad.5.xml:440
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the InteractiveLogonRight and "
@@ -9452,14 +9490,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:443
+#: sssd-ad.5.xml:446
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Allow "
 "log on locally\" and \"Deny log on locally\"."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:457
+#: sssd-ad.5.xml:460
 #, no-wrap
 msgid ""
 "ad_gpo_map_interactive = +my_pam_service, -login\n"
@@ -9467,7 +9505,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:448
+#: sssd-ad.5.xml:451
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -9479,78 +9517,78 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:461 sssd-ad.5.xml:557 sssd-ad.5.xml:603 sssd-ad.5.xml:648
-#: sssd-ad.5.xml:714
+#: sssd-ad.5.xml:464 sssd-ad.5.xml:560 sssd-ad.5.xml:606 sssd-ad.5.xml:651
+#: sssd-ad.5.xml:717
 msgid "Default: the default set of PAM service names includes:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:465
+#: sssd-ad.5.xml:468
 msgid "login"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:470
+#: sssd-ad.5.xml:473
 msgid "su"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:475
+#: sssd-ad.5.xml:478
 msgid "su-l"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:480
+#: sssd-ad.5.xml:483
 msgid "gdm-fingerprint"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:485
+#: sssd-ad.5.xml:488
 msgid "gdm-password"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:490
+#: sssd-ad.5.xml:493
 msgid "gdm-smartcard"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:495
+#: sssd-ad.5.xml:498
 msgid "kdm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:500
+#: sssd-ad.5.xml:503
 msgid "lightdm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:505
+#: sssd-ad.5.xml:508
 msgid "lxdm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:510
+#: sssd-ad.5.xml:513
 msgid "sddm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:515
+#: sssd-ad.5.xml:518
 msgid "unity"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:520
+#: sssd-ad.5.xml:523
 msgid "xdm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:529
+#: sssd-ad.5.xml:532
 msgid "ad_gpo_map_remote_interactive (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:532
+#: sssd-ad.5.xml:535
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the RemoteInteractiveLogonRight and "
@@ -9558,7 +9596,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:538
+#: sssd-ad.5.xml:541
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Allow "
 "log on through Remote Desktop Services\" and \"Deny log on through Remote "
@@ -9566,7 +9604,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:553
+#: sssd-ad.5.xml:556
 #, no-wrap
 msgid ""
 "ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n"
@@ -9574,7 +9612,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:544
+#: sssd-ad.5.xml:547
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -9586,22 +9624,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:561
+#: sssd-ad.5.xml:564
 msgid "sshd"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:566
+#: sssd-ad.5.xml:569
 msgid "cockpit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:575
+#: sssd-ad.5.xml:578
 msgid "ad_gpo_map_network (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:578
+#: sssd-ad.5.xml:581
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the NetworkLogonRight and "
@@ -9609,7 +9647,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:584
+#: sssd-ad.5.xml:587
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Access "
 "this computer from the network\" and \"Deny access to this computer from the "
@@ -9617,7 +9655,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:599
+#: sssd-ad.5.xml:602
 #, no-wrap
 msgid ""
 "ad_gpo_map_network = +my_pam_service, -ftp\n"
@@ -9625,7 +9663,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:590
+#: sssd-ad.5.xml:593
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -9637,22 +9675,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:607
+#: sssd-ad.5.xml:610
 msgid "ftp"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:612
+#: sssd-ad.5.xml:615
 msgid "samba"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:621
+#: sssd-ad.5.xml:624
 msgid "ad_gpo_map_batch (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:624
+#: sssd-ad.5.xml:627
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the BatchLogonRight and DenyBatchLogonRight "
@@ -9660,14 +9698,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:630
+#: sssd-ad.5.xml:633
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Allow "
 "log on as a batch job\" and \"Deny log on as a batch job\"."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:644
+#: sssd-ad.5.xml:647
 #, no-wrap
 msgid ""
 "ad_gpo_map_batch = +my_pam_service, -crond\n"
@@ -9675,7 +9713,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:635
+#: sssd-ad.5.xml:638
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -9687,17 +9725,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:652
+#: sssd-ad.5.xml:655
 msgid "crond"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:661
+#: sssd-ad.5.xml:664
 msgid "ad_gpo_map_service (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:664
+#: sssd-ad.5.xml:667
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the ServiceLogonRight and "
@@ -9705,14 +9743,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:670
+#: sssd-ad.5.xml:673
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Allow "
 "log on as a service\" and \"Deny log on as a service\"."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:683
+#: sssd-ad.5.xml:686
 #, no-wrap
 msgid ""
 "ad_gpo_map_service = +my_pam_service\n"
@@ -9720,7 +9758,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:675 sssd-ad.5.xml:750
+#: sssd-ad.5.xml:678 sssd-ad.5.xml:753
 msgid ""
 "It is possible to add a PAM service name to the default set by using <quote>"
 "+service_name</quote>.  Since the default set is empty, it is not possible "
@@ -9731,19 +9769,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:693
+#: sssd-ad.5.xml:696
 msgid "ad_gpo_map_permit (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:696
+#: sssd-ad.5.xml:699
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access is "
 "always granted, regardless of any GPO Logon Rights."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:710
+#: sssd-ad.5.xml:713
 #, no-wrap
 msgid ""
 "ad_gpo_map_permit = +my_pam_service, -sudo\n"
@@ -9751,7 +9789,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:701
+#: sssd-ad.5.xml:704
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -9763,39 +9801,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:718
+#: sssd-ad.5.xml:721
 msgid "polkit-1"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:723
+#: sssd-ad.5.xml:726
 msgid "sudo"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:728
+#: sssd-ad.5.xml:731
 msgid "sudo-i"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:733
+#: sssd-ad.5.xml:736
 msgid "systemd-user"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:742
+#: sssd-ad.5.xml:745
 msgid "ad_gpo_map_deny (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:745
+#: sssd-ad.5.xml:748
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access is "
 "always denied, regardless of any GPO Logon Rights."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:758
+#: sssd-ad.5.xml:761
 #, no-wrap
 msgid ""
 "ad_gpo_map_deny = +my_pam_service\n"
@@ -9803,12 +9841,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:768
+#: sssd-ad.5.xml:771
 msgid "ad_gpo_default_right (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:771
+#: sssd-ad.5.xml:774
 msgid ""
 "This option defines how access control is evaluated for PAM service names "
 "that are not explicitly listed in one of the ad_gpo_map_* options. This "
@@ -9821,57 +9859,57 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:784
+#: sssd-ad.5.xml:787
 msgid "Supported values for this option include:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:788
+#: sssd-ad.5.xml:791
 msgid "interactive"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:793
+#: sssd-ad.5.xml:796
 msgid "remote_interactive"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:798
+#: sssd-ad.5.xml:801
 msgid "network"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:803
+#: sssd-ad.5.xml:806
 msgid "batch"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:808
+#: sssd-ad.5.xml:811
 msgid "service"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:813
+#: sssd-ad.5.xml:816
 msgid "permit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:818
+#: sssd-ad.5.xml:821
 msgid "deny"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:824
+#: sssd-ad.5.xml:827
 msgid "Default: deny"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:830
+#: sssd-ad.5.xml:833
 msgid "ad_maximum_machine_account_password_age (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:833
+#: sssd-ad.5.xml:836
 msgid ""
 "SSSD will check once a day if the machine account password is older than the "
 "given age in days and try to renew it. A value of 0 will disable the renewal "
@@ -9879,17 +9917,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:839
+#: sssd-ad.5.xml:842
 msgid "Default: 30 days"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:845
+#: sssd-ad.5.xml:848
 msgid "ad_machine_account_password_renewal_opts (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:848
+#: sssd-ad.5.xml:851
 msgid ""
 "This option should only be used to test the machine account renewal task. "
 "The option expects 2 integers separated by a colon (':'). The first integer "
@@ -9899,12 +9937,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:857
+#: sssd-ad.5.xml:860
 msgid "Default: 86400:750 (24h and 15m)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:866
+#: sssd-ad.5.xml:869
 msgid ""
 "Optional. This option tells SSSD to automatically update the Active "
 "Directory DNS server with the IP address of this client. The update is "
@@ -9915,19 +9953,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:896
+#: sssd-ad.5.xml:899
 msgid "Default: 3600 (seconds)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:912
+#: sssd-ad.5.xml:915
 msgid ""
 "Default: Use the IP addresses of the interface which is used for AD LDAP "
 "connection"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:925
+#: sssd-ad.5.xml:928
 msgid ""
 "How often should the back end perform periodic DNS update in addition to the "
 "automatic update performed when the back end goes online.  This option is "
@@ -9937,12 +9975,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:948 sss_rpcidmapd.5.xml:76
+#: sssd-ad.5.xml:951 sss_rpcidmapd.5.xml:76
 msgid "Default: True"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:1040
+#: sssd-ad.5.xml:1043
 msgid ""
 "The following example assumes that SSSD is correctly configured and example."
 "com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -9950,7 +9988,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:1047
+#: sssd-ad.5.xml:1050
 #, no-wrap
 msgid ""
 "[domain/EXAMPLE]\n"
@@ -9965,7 +10003,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:1067
+#: sssd-ad.5.xml:1070
 #, no-wrap
 msgid ""
 "access_provider = ldap\n"
@@ -9974,7 +10012,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:1063
+#: sssd-ad.5.xml:1066
 msgid ""
 "The AD access control provider checks if the account is expired.  It has the "
 "same effect as the following configuration of the LDAP provider: "
@@ -9982,7 +10020,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:1073
+#: sssd-ad.5.xml:1076
 msgid ""
 "However, unless the <quote>ad</quote> access control provider is explicitly "
 "configured, the default access provider is <quote>permit</quote>. Please "
@@ -9992,15 +10030,15 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:1081
+#: sssd-ad.5.xml:1084
 msgid ""
 "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
 "attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
 "are included in the default Active Directory schema."
 msgstr ""
 
-#. type: Content of: <reference><refentry><refmeta><refentrytitle>
-#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 sssd-session-recording.5.xml:10
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16
 msgid "sssd-sudo"
 msgstr ""
 
@@ -10310,14 +10348,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sssd.8.xml:101
-#, fuzzy
-#| msgid ""
-#| "<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
-#| "replaceable>"
 msgid "<option>--logger=</option><replaceable>value</replaceable>"
 msgstr ""
-"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
-"replaceable>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd.8.xml:105
@@ -10515,7 +10547,7 @@ msgid "The password to obfuscate will be read from standard input."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:70
+#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:127
 #: sss_ssh_knownhostsproxy.1.xml:78
 msgid ""
 "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
@@ -12532,19 +12564,99 @@ msgid ""
 "\" id=\"0\"/>"
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sss_ssh_authorizedkeys.1.xml:65
+msgid "KEYS FROM CERTIFICATES"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:67
+msgid ""
+"In addition to the public SSH keys for user <replaceable>USER</replaceable> "
+"<command>sss_ssh_authorizedkeys</command> can return public SSH keys derived "
+"from the public key of a X.509 certificate as well."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:73
+msgid ""
+"To enable this the <quote>ssh_use_certificate_keys</quote> option must be "
+"set to true (default) in the [ssh] section of <filename>sssd.conf</"
+"filename>. If the user entry contains certificates (see "
+"<quote>ldap_user_certificate</quote> in <citerefentry><refentrytitle>sssd-"
+"ldap</refentrytitle> <manvolnum>5</manvolnum></citerefentry> for details) or "
+"there is a certificate in an override entry for the user (see "
+"<citerefentry><refentrytitle>sss_override</refentrytitle> <manvolnum>8</"
+"manvolnum></citerefentry> or <citerefentry><refentrytitle>sssd-ipa</"
+"refentrytitle> <manvolnum>5</manvolnum></citerefentry> for details) and the "
+"certificate is valid SSSD will extract the public key from the certificate "
+"and convert it into the format expected by sshd."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:90
+msgid "Besides <quote>ssh_use_certificate_keys</quote> the options"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+#: sss_ssh_authorizedkeys.1.xml:92
+msgid "ca_db"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+#: sss_ssh_authorizedkeys.1.xml:93
+msgid "p11_child_timeout"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+#: sss_ssh_authorizedkeys.1.xml:94
+msgid "certificate_verification"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:96
+msgid ""
+"can be used to control how the certificates are validated (see "
+"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry> for details)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:101
+msgid ""
+"The validation is the benefit of using X.509 certificates instead of SSH "
+"keys directly because e.g. it gives a better control of the lifetime of the "
+"keys. When the ssh client is configured to use the private keys from a "
+"Smartcard with the help of a PKCS#11 shared library (see "
+"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></"
+"citerefentry> for details) it might be irritating that authentication is "
+"still working even if the related X.509 certificate on the Smartcard is "
+"already expired because neither <command>ssh</command> nor <command>sshd</"
+"command> will look at the certificate at all."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:114
+msgid ""
+"It has to be noted that the derived public SSH key can still be added to the "
+"<filename>authorized_keys</filename> file of the user to bypass the "
+"certificate validation if the <command>sshd</command> configuration permits "
+"this."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_authorizedkeys.1.xml:75
+#: sss_ssh_authorizedkeys.1.xml:132
 msgid ""
 "Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_authorizedkeys.1.xml:84 sss_ssh_knownhostsproxy.1.xml:92
+#: sss_ssh_authorizedkeys.1.xml:141 sss_ssh_knownhostsproxy.1.xml:92
 msgid "EXIT STATUS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:86 sss_ssh_knownhostsproxy.1.xml:94
+#: sss_ssh_authorizedkeys.1.xml:143 sss_ssh_knownhostsproxy.1.xml:94
 msgid ""
 "In case of success, an exit value of 0 is returned. Otherwise, 1 is returned."
 msgstr ""
@@ -12745,25 +12857,69 @@ msgid ""
 "manvolnum> </citerefentry>."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-files.5.xml:69
+#, fuzzy
+#| msgid "re_expression (string)"
+msgid "passwd_files (string)"
+msgstr "re_expression (neudennad)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:72
+msgid ""
+"Comma-separated list of one or multiple password filenames to be read and "
+"enumerated by the files provider, inotify monitor watches will be set on "
+"each file to detect changes dynamically."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:78
+#, fuzzy
+#| msgid "Default: true"
+msgid "Default: /etc/passwd"
+msgstr "Dre ziouer : true"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-files.5.xml:84
+#, fuzzy
+#| msgid "re_expression (string)"
+msgid "group_files (string)"
+msgstr "re_expression (neudennad)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:87
+msgid ""
+"Comma-separated list of one or multiple group filenames to be read and "
+"enumerated by the files provider, inotify monitor watches will be set on "
+"each file to detect changes dynamically."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:93
+#, fuzzy
+#| msgid "Default: true"
+msgid "Default: /etc/group"
+msgstr "Dre ziouer : true"
+
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-files.5.xml:59
 msgid ""
-"The files provider has no specific options of its own, however, generic SSSD "
-"domain options can be set where applicable.  Refer to the section "
-"<quote>DOMAIN SECTIONS</quote> of the <citerefentry> <refentrytitle>sssd."
-"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page "
-"for details on the configuration of an SSSD domain."
+"In addition to the options listed below, generic SSSD domain options can be "
+"set where applicable.  Refer to the section <quote>DOMAIN SECTIONS</quote> "
+"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> manual page for details on the configuration of "
+"an SSSD domain.  <placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-files.5.xml:73
+#: sssd-files.5.xml:105
 msgid ""
 "The following example assumes that SSSD is correctly configured and files is "
 "one of the domains in the <replaceable>[sssd]</replaceable> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-files.5.xml:79
+#: sssd-files.5.xml:111
 #, no-wrap
 msgid ""
 "[domain/files]\n"
@@ -13532,7 +13688,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-session-recording.5.xml:16
+#: sssd-session-recording.5.xml:10 sssd-session-recording.5.xml:16
 msgid "sssd-session-recording"
 msgstr ""
 
@@ -14383,7 +14539,7 @@ msgstr ""
 #: include/failover.xml:100
 msgid ""
 "For LDAP-based providers, the resolve operation is performed as part of an "
-"LDAP connection operation. Thefore, also the <quote>ldap_opt_timeout></"
+"LDAP connection operation. Therefore, also the <quote>ldap_opt_timeout></"
 "quote> timeout should be set to a larger value than "
 "<quote>dns_resolver_timeout</quote> which in turn should be set to a larger "
 "value than <quote>dns_resolver_op_timeout</quote>."
@@ -15221,6 +15377,23 @@ msgstr ""
 msgid "ldap_use_tokengroups = true"
 msgstr ""
 
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ad_modified_defaults.xml:63
+msgid "ldap_sasl_authid = sAMAccountName@REALM (typically SHORTNAME$@REALM)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ad_modified_defaults.xml:66
+msgid ""
+"The AD provider looks for a different principal than the LDAP provider by "
+"default, because in an Active Directory environment the principals are "
+"divided into two groups - User Principals and Service Principals. Only User "
+"Principal can be used to obtain a TGT and by default, computer object's "
+"principal is constructed from its sAMAccountName and the AD realm. The well-"
+"known host/hostname@REALM principal is a Service Principal and thus cannot "
+"be used to get a TGT with."
+msgstr ""
+
 #. type: Content of: <refsect1><para>
 #: include/ipa_modified_defaults.xml:4
 msgid ""
diff --git a/src/man/po/ca.po b/src/man/po/ca.po
index f11109b..a4144dd 100644
--- a/src/man/po/ca.po
+++ b/src/man/po/ca.po
@@ -12,10 +12,10 @@
 # Robert Antoni Buj Gelonch <rbuj@fedoraproject.org>, 2015. #zanata
 msgid ""
 msgstr ""
-"Project-Id-Version: sssd-docs 1.15.3\n"
+"Project-Id-Version: sssd-docs 1.16.1\n"
 "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2018-03-09 12:30+0100\n"
-"PO-Revision-Date: 2015-10-18 04:13-0400\n"
+"POT-Creation-Date: 2018-06-08 21:00+0200\n"
+"PO-Revision-Date: 2015-10-18 04:13+0000\n"
 "Last-Translator: Robert Antoni Buj Gelonch <rbuj@fedoraproject.org>\n"
 "Language-Team: Catalan (http://www.transifex.com/projects/p/sssd/language/"
 "ca/)\n"
@@ -24,7 +24,7 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
-"X-Generator: Zanata 3.9.6\n"
+"X-Generator: Zanata 4.4.5\n"
 
 #. type: Content of: <reference><title>
 #: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
@@ -99,7 +99,7 @@ msgstr ""
 #: sss_groupmod.8.xml:39 pam_sss.8.xml:64 sssd.8.xml:42 sss_obfuscate.8.xml:58
 #: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
 #: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
-#: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:66
+#: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:123
 #: sss_ssh_knownhostsproxy.1.xml:62
 msgid "OPTIONS"
 msgstr "OPCIONS"
@@ -214,8 +214,12 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd.conf.5.xml:41
+#, fuzzy
+#| msgid ""
+#| "A line comment starts with a hash sign (<quote>#</quote>) or a semicolon "
+#| "(<quote>;</quote>).  Inline comments are not supported."
 msgid ""
-"A line comment starts with a hash sign (<quote>#</quote>) or a semicolon "
+"A comment line starts with a hash sign (<quote>#</quote>) or a semicolon "
 "(<quote>;</quote>).  Inline comments are not supported."
 msgstr ""
 "Una línia de comentari comença amb un signe de coixinet (<quote>#</quote>) o "
@@ -335,11 +339,12 @@ msgstr ""
 "opció."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:133 sssd.conf.5.xml:543 sssd.conf.5.xml:837
-#: sssd.conf.5.xml:1474 sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1937
-#: sssd-ldap.5.xml:1999 sssd-ldap.5.xml:2565 sssd-ldap.5.xml:2630
-#: sssd-ldap.5.xml:2648 sssd-ad.5.xml:224 sssd-ad.5.xml:338 sssd-ad.5.xml:882
-#: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
+#: sssd.conf.5.xml:133 sssd.conf.5.xml:543 sssd.conf.5.xml:839
+#: sssd.conf.5.xml:1491 sssd.conf.5.xml:1521 sssd-ldap.5.xml:1840
+#: sssd-ldap.5.xml:1937 sssd-ldap.5.xml:1999 sssd-ldap.5.xml:2565
+#: sssd-ldap.5.xml:2630 sssd-ldap.5.xml:2648 sssd-ad.5.xml:227
+#: sssd-ad.5.xml:341 sssd-ad.5.xml:885 sssd-krb5.5.xml:499
+#: sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
 msgid "Default: true"
 msgstr "Per defecte: true"
 
@@ -359,8 +364,8 @@ msgstr ""
 "aleshores s'ignora aquesta opció."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:146 sssd.conf.5.xml:540 sssd.conf.5.xml:721
-#: sssd.conf.5.xml:1407 sssd.conf.5.xml:2925 sssd-ldap.5.xml:708
+#: sssd.conf.5.xml:146 sssd.conf.5.xml:540 sssd.conf.5.xml:722
+#: sssd.conf.5.xml:1424 sssd.conf.5.xml:2983 sssd-ldap.5.xml:708
 #: sssd-ldap.5.xml:1714 sssd-ldap.5.xml:1733 sssd-ldap.5.xml:1909
 #: sssd-ldap.5.xml:2335 sssd-ipa.5.xml:151 sssd-ipa.5.xml:238
 #: sssd-ipa.5.xml:559 sssd-krb5.5.xml:266 sssd-krb5.5.xml:300
@@ -394,7 +399,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:169 sssd.conf.5.xml:1359 sssd.conf.5.xml:2941
+#: sssd.conf.5.xml:169 sssd.conf.5.xml:1376 sssd.conf.5.xml:2999
 #: sssd-ldap.5.xml:1585 include/ldap_id_mapping.xml:264
 msgid "Default: 10"
 msgstr "Per defecte: 10"
@@ -410,7 +415,7 @@ msgid "The [sssd] section"
 msgstr "La secció [sssd]"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:191 sssd.conf.5.xml:3030
+#: sssd.conf.5.xml:191 sssd.conf.5.xml:3088
 msgid "Section parameters"
 msgstr "Paràmetres de la secció"
 
@@ -464,12 +469,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231 sssd.conf.5.xml:613
+#: sssd.conf.5.xml:231 sssd.conf.5.xml:614
 msgid "reconnection_retries (integer)"
 msgstr "reconnection_retries (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:234 sssd.conf.5.xml:616
+#: sssd.conf.5.xml:234 sssd.conf.5.xml:617
 msgid ""
 "Number of times services should attempt to reconnect in the event of a Data "
 "Provider crash or restart before they give up"
@@ -479,7 +484,7 @@ msgstr ""
 "vençuts"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:239 sssd.conf.5.xml:621
+#: sssd.conf.5.xml:239 sssd.conf.5.xml:622
 msgid "Default: 3"
 msgstr "Per defecte: 3"
 
@@ -499,7 +504,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:259 sssd.conf.5.xml:2539
+#: sssd.conf.5.xml:259 sssd.conf.5.xml:2597
 msgid "re_expression (string)"
 msgstr "re_expression (cadena)"
 
@@ -521,12 +526,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:276 sssd.conf.5.xml:2590
+#: sssd.conf.5.xml:276 sssd.conf.5.xml:2648
 msgid "full_name_format (string)"
 msgstr "full_name_format (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:279 sssd.conf.5.xml:2593
+#: sssd.conf.5.xml:279 sssd.conf.5.xml:2651
 msgid ""
 "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
 "manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -537,40 +542,40 @@ msgstr ""
 "compondre un FQN des dels components del nom d'usuari i del nom del domini."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:290 sssd.conf.5.xml:2604
+#: sssd.conf.5.xml:290 sssd.conf.5.xml:2662
 msgid "%1$s"
 msgstr "%1$s"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:291 sssd.conf.5.xml:2605
+#: sssd.conf.5.xml:291 sssd.conf.5.xml:2663
 msgid "user name"
 msgstr "nom d'usuari"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:294 sssd.conf.5.xml:2608
+#: sssd.conf.5.xml:294 sssd.conf.5.xml:2666
 msgid "%2$s"
 msgstr "%2$s"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:297 sssd.conf.5.xml:2611
+#: sssd.conf.5.xml:297 sssd.conf.5.xml:2669
 msgid "domain name as specified in the SSSD config file."
 msgstr ""
 "el nom del domini tal com s'especifica al fitxer de configuració de l'SSSD."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:303 sssd.conf.5.xml:2617
+#: sssd.conf.5.xml:303 sssd.conf.5.xml:2675
 msgid "%3$s"
 msgstr "%3$s"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:306 sssd.conf.5.xml:2620
+#: sssd.conf.5.xml:306 sssd.conf.5.xml:2678
 msgid ""
 "domain flat name. Mostly usable for Active Directory domains, both directly "
 "configured or discovered via IPA trusts."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:287 sssd.conf.5.xml:2601
+#: sssd.conf.5.xml:287 sssd.conf.5.xml:2659
 msgid ""
 "The following expansions are supported: <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
@@ -728,9 +733,9 @@ msgstr ""
 "d'aquesta opció juntament amb use_fully_qualified_names establert a False."
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:418 sssd.conf.5.xml:1163 sssd-ldap.5.xml:679
+#: sssd.conf.5.xml:418 sssd.conf.5.xml:1165 sssd-ldap.5.xml:679
 #: sssd-ldap.5.xml:1319 sssd-ldap.5.xml:1673 sssd-ldap.5.xml:1685
-#: sssd-ldap.5.xml:1767 sssd-ad.5.xml:687 sssd-ad.5.xml:762 sssd.8.xml:126
+#: sssd-ldap.5.xml:1767 sssd-ad.5.xml:690 sssd-ad.5.xml:765 sssd.8.xml:126
 #: sssd-krb5.5.xml:410 sssd-krb5.5.xml:556 sssd-secrets.5.xml:339
 #: sssd-secrets.5.xml:377 sssd-secrets.5.xml:390 sssd-secrets.5.xml:404
 #: sssd-secrets.5.xml:415 include/ldap_id_mapping.xml:205
@@ -908,21 +913,22 @@ msgstr ""
 #: sssd.conf.5.xml:563
 msgid ""
 "Please, note that when this option is set the output format of all commands "
-"is always fully-qualified even when using short names for input.  In case "
-"the administrator wants the output not fully-qualified, the full_name_format "
-"option can be used as shown below: <quote>full_name_format=%1$s</quote> "
-"However, keep in mind that during login, login applications often "
-"canonicalize the username by calling <citerefentry> <refentrytitle>getpwnam</"
-"refentrytitle> <manvolnum>3</manvolnum> </citerefentry> which, if a "
-"shortname is returned for a qualified input (while trying to reach a user "
-"which exists in multiple domains) might re-route the login attempt into the "
-"domain which users shortnames, making this workaround totally not "
-"recommended in cases where usernames may overlap between domains."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587 sssd.conf.5.xml:1371 sssd.conf.5.xml:2991
-#: sssd-ad.5.xml:161 sssd-ad.5.xml:299 sssd-ad.5.xml:313
+"is always fully-qualified even when using short names for input, for all "
+"users but the ones managed by the files provider.  In case the administrator "
+"wants the output not fully-qualified, the full_name_format option can be "
+"used as shown below: <quote>full_name_format=%1$s</quote> However, keep in "
+"mind that during login, login applications often canonicalize the username "
+"by calling <citerefentry> <refentrytitle>getpwnam</refentrytitle> "
+"<manvolnum>3</manvolnum> </citerefentry> which, if a shortname is returned "
+"for a qualified input (while trying to reach a user which exists in multiple "
+"domains) might re-route the login attempt into the domain which uses "
+"shortnames, making this workaround totally not recommended in cases where "
+"usernames may overlap between domains."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:588 sssd.conf.5.xml:1388 sssd.conf.5.xml:3049
+#: sssd-ad.5.xml:164 sssd-ad.5.xml:302 sssd-ad.5.xml:316
 msgid "Default: Not set"
 msgstr "Per defecte: Sense establir"
 
@@ -944,12 +950,12 @@ msgstr ""
 "type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:598
+#: sssd.conf.5.xml:599
 msgid "SERVICES SECTIONS"
 msgstr "SECCIONS DELS SERVEIS"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:600
+#: sssd.conf.5.xml:601
 msgid ""
 "Settings that can be used to configure different services are described in "
 "this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -962,22 +968,22 @@ msgstr ""
 "quote>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:607
+#: sssd.conf.5.xml:608
 msgid "General service configuration options"
 msgstr "Opcions de configuració del servei general"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:609
+#: sssd.conf.5.xml:610
 msgid "These options can be used to configure any service."
 msgstr "Es poden utilitzar aquestes opcions per configurar qualsevol servei."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:626
+#: sssd.conf.5.xml:627
 msgid "fd_limit"
 msgstr "fd_limit"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:629
+#: sssd.conf.5.xml:630
 msgid ""
 "This option specifies the maximum number of file descriptors that may be "
 "opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -987,17 +993,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:638
+#: sssd.conf.5.xml:639
 msgid "Default: 8192 (or limits.conf \"hard\" limit)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:643
+#: sssd.conf.5.xml:644
 msgid "client_idle_timeout"
 msgstr "client_idle_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:646
+#: sssd.conf.5.xml:647
 msgid ""
 "This option specifies the number of seconds that a client of an SSSD process "
 "can hold onto a file descriptor without communicating on it. This value is "
@@ -1007,18 +1013,18 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:655 sssd.conf.5.xml:687 sssd.conf.5.xml:968
-#: sssd.conf.5.xml:1229 sssd-ldap.5.xml:1412
+#: sssd.conf.5.xml:656 sssd.conf.5.xml:688 sssd.conf.5.xml:970
+#: sssd.conf.5.xml:1231 sssd-ldap.5.xml:1412
 msgid "Default: 60"
 msgstr "Per defecte: 60"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:660
+#: sssd.conf.5.xml:661
 msgid "offline_timeout (integer)"
 msgstr "offline_timeout (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:663
+#: sssd.conf.5.xml:664
 msgid ""
 "When SSSD switches to offline mode the amount of time before it tries to go "
 "back online will increase based upon the time spent disconnected.  This "
@@ -1026,24 +1032,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:670
+#: sssd.conf.5.xml:671
 msgid "offline_timeout + random_offset"
 msgstr "offline_timeout + random_offset"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:673
+#: sssd.conf.5.xml:674
 msgid ""
 "The random offset can increment up to 30 seconds.  After each unsuccessful "
 "attempt to go online, the new interval is recalculated by the following:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:678
+#: sssd.conf.5.xml:679
 msgid "new_interval = old_interval*2 + random_offset"
 msgstr "new_interval = old_interval*2 + random_offset"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:681
+#: sssd.conf.5.xml:682
 msgid ""
 "Note that the maximum length of each interval is currently limited to one "
 "hour. If the calculated length of new_interval is greater than an hour, it "
@@ -1051,12 +1057,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:692
+#: sssd.conf.5.xml:693
 msgid "responder_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:695
+#: sssd.conf.5.xml:696
 msgid ""
 "This option specifies the number of seconds that an SSSD responder process "
 "can be up without being used. This value is limited in order to avoid "
@@ -1068,30 +1074,30 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:709 sssd.conf.5.xml:981 sssd.conf.5.xml:1566
+#: sssd.conf.5.xml:710 sssd.conf.5.xml:983 sssd.conf.5.xml:1616
 #: sssd-ldap.5.xml:722
 msgid "Default: 300"
 msgstr "Per defecte: 300"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:714
+#: sssd.conf.5.xml:715
 msgid "cache_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:717
+#: sssd.conf.5.xml:718
 msgid ""
 "This option specifies whether the responder should query all caches before "
 "querying the Data Providers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:729
+#: sssd.conf.5.xml:730
 msgid "NSS configuration options"
 msgstr "Opcions de configuració de l'NSS"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:731
+#: sssd.conf.5.xml:732
 msgid ""
 "These options can be used to configure the Name Service Switch (NSS) service."
 msgstr ""
@@ -1099,12 +1105,12 @@ msgstr ""
 "Service Switch)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:736
+#: sssd.conf.5.xml:737
 msgid "enum_cache_timeout (integer)"
 msgstr "enum_cache_timeout (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:739
+#: sssd.conf.5.xml:740
 msgid ""
 "How many seconds should nss_sss cache enumerations (requests for info about "
 "all users)"
@@ -1113,17 +1119,17 @@ msgstr ""
 "(peticions d'informació sobre tots els usuaris)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:743
+#: sssd.conf.5.xml:744
 msgid "Default: 120"
 msgstr "Per defecte: 120"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:748
+#: sssd.conf.5.xml:749
 msgid "entry_cache_nowait_percentage (integer)"
 msgstr "entry_cache_nowait_percentage (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:751
+#: sssd.conf.5.xml:752
 msgid ""
 "The entry cache can be set to automatically update entries in the background "
 "if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -1134,7 +1140,7 @@ msgstr ""
 "valor entry_cache_timeout per al domini."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:757
+#: sssd.conf.5.xml:758
 msgid ""
 "For example, if the domain's entry_cache_timeout is set to 30s and "
 "entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -1150,7 +1156,7 @@ msgstr ""
 "peticions que esperen per a una actualització de la memòria cau."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:767
+#: sssd.conf.5.xml:768
 msgid ""
 "Valid values for this option are 0-99 and represent a percentage of the "
 "entry_cache_timeout for each domain. For performance reasons, this "
@@ -1163,17 +1169,17 @@ msgstr ""
 "(0 desactiva aquesta característica)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:775 sssd.conf.5.xml:1428
+#: sssd.conf.5.xml:776 sssd.conf.5.xml:1445
 msgid "Default: 50"
 msgstr "Per defecte: 50"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:780
+#: sssd.conf.5.xml:781
 msgid "entry_negative_timeout (integer)"
 msgstr "entry_negative_timeout (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:784
 msgid ""
 "Specifies for how many seconds nss_sss should cache negative cache hits "
 "(that is, queries for invalid database entries, like nonexistent ones)  "
@@ -1185,34 +1191,37 @@ msgstr ""
 "altra vegada."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:789 sssd.conf.5.xml:1452
+#: sssd.conf.5.xml:790 sssd.conf.5.xml:1469
 msgid "Default: 15"
 msgstr "Per defecte: 15"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:794
+#: sssd.conf.5.xml:795
 msgid "local_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:797
+#: sssd.conf.5.xml:798
 msgid ""
 "Specifies for how many seconds nss_sss should keep local users and groups in "
-"negative cache before trying to look it up in the back end again."
+"negative cache before trying to look it up in the back end again. Setting "
+"the option to 0 disables this feature."
 msgstr ""
 
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:802 sssd.conf.5.xml:1217 sssd.conf.5.xml:2846 sssd.8.xml:79
-msgid "Default: 0"
-msgstr "Per defecte: 0"
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:804
+#, fuzzy
+#| msgid "Default: 86400 (24 hours)"
+msgid "Default: 14400 (4 hours)"
+msgstr "Per defecte: 86400 (24 hores)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:807
+#: sssd.conf.5.xml:809
 msgid "filter_users, filter_groups (string)"
 msgstr "filter_users, filter_groups (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:810
+#: sssd.conf.5.xml:812
 msgid ""
 "Exclude certain users or groups from being fetched from the sss NSS "
 "database. This is particularly useful for system accounts. This option can "
@@ -1221,7 +1230,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:817
+#: sssd.conf.5.xml:819
 msgid ""
 "NOTE: The filter_groups option doesn't affect inheritance of nested group "
 "members, since filtering happens after they are propagated for returning via "
@@ -1230,17 +1239,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:825
+#: sssd.conf.5.xml:827
 msgid "Default: root"
 msgstr "Per defecte: root"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:830
+#: sssd.conf.5.xml:832
 msgid "filter_users_in_groups (bool)"
 msgstr "filter_users_in_groups (booleà)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:833
+#: sssd.conf.5.xml:835
 msgid ""
 "If you want filtered user still be group members set this option to false."
 msgstr ""
@@ -1248,12 +1257,12 @@ msgstr ""
 "aquesta opció a false."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:844
+#: sssd.conf.5.xml:846
 msgid "fallback_homedir (string)"
 msgstr "fallback_homedir (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:849
 msgid ""
 "Set a default template for a user's home directory if one is not specified "
 "explicitly by the domain's data provider."
@@ -1262,7 +1271,7 @@ msgstr ""
 "si no se n'especifica cap explícitament amb el proveïdor de dades del domini."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:852
+#: sssd.conf.5.xml:854
 msgid ""
 "The available values for this option are the same as for override_homedir."
 msgstr ""
@@ -1270,7 +1279,7 @@ msgstr ""
 "override_homedir."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:858
+#: sssd.conf.5.xml:860
 #, no-wrap
 msgid ""
 "fallback_homedir = /home/%u\n"
@@ -1280,25 +1289,25 @@ msgstr ""
 "                            "
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:856 sssd.conf.5.xml:1296 sssd.conf.5.xml:1315
+#: sssd.conf.5.xml:858 sssd.conf.5.xml:1298 sssd.conf.5.xml:1317
 #: sssd-krb5.5.xml:539 include/override_homedir.xml:59
 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr "exemple: <placeholder type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:862
+#: sssd.conf.5.xml:864
 msgid "Default: not set (no substitution for unset home directories)"
 msgstr ""
 "Per defecte: sense establir (cap substitució per als directoris inicials no "
 "establerts)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:870
 msgid "override_shell (string)"
 msgstr "override_shell (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:873
 msgid ""
 "Override the login shell for all users. This option supersedes any other "
 "shell options if it takes effect and can be set either in the [nss] section "
@@ -1309,18 +1318,18 @@ msgstr ""
 "pot configurar ja sigui en la secció [nss] o per cada domini."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:877
+#: sssd.conf.5.xml:879
 msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
 msgstr ""
 "Per defecte: sense establir (SSSD utilitzarà el valor recuperat del LDAP)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:883
+#: sssd.conf.5.xml:885
 msgid "allowed_shells (string)"
 msgstr "allowed_shells (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:886
+#: sssd.conf.5.xml:888
 msgid ""
 "Restrict user shell to one of the listed values. The order of evaluation is:"
 msgstr ""
@@ -1328,31 +1337,31 @@ msgstr ""
 "d'avaluació és:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:889
+#: sssd.conf.5.xml:891
 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
 msgstr "1. Si el shell està present al <quote>/etc/shells</quote>, s'utilitza."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:895
 msgid ""
 "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
 "quote>, use the value of the shell_fallback parameter."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:898
+#: sssd.conf.5.xml:900
 msgid ""
 "3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
 "shells</quote>, a nologin shell is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:903
+#: sssd.conf.5.xml:905
 msgid "The wildcard (*) can be used to allow any shell."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:906
+#: sssd.conf.5.xml:908
 msgid ""
 "The (*) is useful if you want to use shell_fallback in case that user's "
 "shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -1360,112 +1369,112 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:913
+#: sssd.conf.5.xml:915
 msgid "An empty string for shell is passed as-is to libc."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:918
 msgid ""
 "The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
 "that a restart of the SSSD is required in case a new shell is installed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:920
+#: sssd.conf.5.xml:922
 msgid "Default: Not set. The user shell is automatically used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:925
+#: sssd.conf.5.xml:927
 msgid "vetoed_shells (string)"
 msgstr "vetoed_shells (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:928
+#: sssd.conf.5.xml:930
 msgid "Replace any instance of these shells with the shell_fallback"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:933
+#: sssd.conf.5.xml:935
 msgid "shell_fallback (string)"
 msgstr "shell_fallback (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:936
+#: sssd.conf.5.xml:938
 msgid ""
 "The default shell to use if an allowed shell is not installed on the machine."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
+#: sssd.conf.5.xml:942
 msgid "Default: /bin/sh"
 msgstr "Per defecte: /bin/sh"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:945
+#: sssd.conf.5.xml:947
 msgid "default_shell"
 msgstr "default_shell"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:950
 msgid ""
 "The default shell to use if the provider does not return one during lookup. "
 "This option can be specified globally in the [nss] section or per-domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:956
 msgid ""
 "Default: not set (Return NULL if no shell is specified and rely on libc to "
 "substitute something sensible when necessary, usually /bin/sh)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:961 sssd.conf.5.xml:1222
+#: sssd.conf.5.xml:963 sssd.conf.5.xml:1224
 msgid "get_domains_timeout (int)"
 msgstr "get_domains_timeout (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:964 sssd.conf.5.xml:1225
+#: sssd.conf.5.xml:966 sssd.conf.5.xml:1227
 msgid ""
 "Specifies time in seconds for which the list of subdomains will be "
 "considered valid."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:973
+#: sssd.conf.5.xml:975
 msgid "memcache_timeout (int)"
 msgstr "memcache_timeout (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:976
+#: sssd.conf.5.xml:978
 msgid ""
 "Specifies time in seconds for which records in the in-memory cache will be "
 "valid. Setting this option to zero will disable the in-memory cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:984
+#: sssd.conf.5.xml:986
 msgid ""
 "WARNING: Disabling the in-memory cache will have significant negative impact "
 "on SSSD's performance and should only be used for testing."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:990
+#: sssd.conf.5.xml:992
 msgid ""
 "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
 "client applications will not use the fast in-memory cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:998 sssd-ifp.5.xml:74
+#: sssd.conf.5.xml:1000 sssd-ifp.5.xml:74
 msgid "user_attributes (string)"
 msgstr "user_attributes (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1001
+#: sssd.conf.5.xml:1003
 msgid ""
 "Some of the additional NSS responder requests can return more attributes "
 "than just the POSIX ones defined by the NSS interface. The list of "
@@ -1476,48 +1485,48 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1014
+#: sssd.conf.5.xml:1016
 msgid ""
 "To make configuration more easy the NSS responder will check the InfoPipe "
 "option if it is not set for the NSS responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1019
+#: sssd.conf.5.xml:1021
 msgid "Default: not set, fallback to InfoPipe option"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1026
 msgid "pwfield (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1029
 msgid ""
 "The value that NSS operations that return users or groups will return for "
 "the <quote>password</quote> field."
 msgstr ""
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:1032 include/override_homedir.xml:56
+#: sssd.conf.5.xml:1034 include/override_homedir.xml:56
 msgid "This option can also be set per-domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1035
+#: sssd.conf.5.xml:1037
 msgid ""
 "Default: <quote>*</quote> (remote domains)  or <quote>x</quote> (the files "
 "domain)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1043
+#: sssd.conf.5.xml:1045
 msgid "PAM configuration options"
 msgstr "Opcions de configuració del PAM"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1047
 msgid ""
 "These options can be used to configure the Pluggable Authentication Module "
 "(PAM) service."
@@ -1526,12 +1535,12 @@ msgstr ""
 "(Pluggable Authentication Module)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1050
+#: sssd.conf.5.xml:1052
 msgid "offline_credentials_expiration (integer)"
 msgstr "offline_credentials_expiration (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1053
+#: sssd.conf.5.xml:1055
 msgid ""
 "If the authentication provider is offline, how long should we allow cached "
 "logins (in days since the last successful online login)."
@@ -1541,17 +1550,17 @@ msgstr ""
 "de sessió)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1058 sssd.conf.5.xml:1071
+#: sssd.conf.5.xml:1060 sssd.conf.5.xml:1073
 msgid "Default: 0 (No limit)"
 msgstr "Per defecte: 0 (sense límit)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1064
+#: sssd.conf.5.xml:1066
 msgid "offline_failed_login_attempts (integer)"
 msgstr "offline_failed_login_attempts (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1067
+#: sssd.conf.5.xml:1069
 msgid ""
 "If the authentication provider is offline, how many failed login attempts "
 "are allowed."
@@ -1560,12 +1569,12 @@ msgstr ""
 "fallits es permet."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1077
+#: sssd.conf.5.xml:1079
 msgid "offline_failed_login_delay (integer)"
 msgstr "offline_failed_login_delay (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1080
+#: sssd.conf.5.xml:1082
 msgid ""
 "The time in minutes which has to pass after offline_failed_login_attempts "
 "has been reached before a new login attempt is possible."
@@ -1575,7 +1584,7 @@ msgstr ""
 "possible."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1085
+#: sssd.conf.5.xml:1087
 msgid ""
 "If set to 0 the user cannot authenticate offline if "
 "offline_failed_login_attempts has been reached. Only a successful online "
@@ -1583,17 +1592,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1091 sssd.conf.5.xml:1189
+#: sssd.conf.5.xml:1093 sssd.conf.5.xml:1191
 msgid "Default: 5"
 msgstr "Per defecte: 5"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1097
+#: sssd.conf.5.xml:1099
 msgid "pam_verbosity (integer)"
 msgstr "pam_verbosity (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1100
+#: sssd.conf.5.xml:1102
 msgid ""
 "Controls what kind of messages are shown to the user during authentication. "
 "The higher the number to more messages are displayed."
@@ -1602,43 +1611,43 @@ msgstr ""
 "l'autenticació. Com més gran sigui el nombre més missatges es mostren."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1105
+#: sssd.conf.5.xml:1107
 msgid "Currently sssd supports the following values:"
 msgstr "L'sssd actualment admet els següents valors:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1108
+#: sssd.conf.5.xml:1110
 msgid "<emphasis>0</emphasis>: do not show any message"
 msgstr "<emphasis>0</emphasis>: no mostris cap missatge"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1111
+#: sssd.conf.5.xml:1113
 msgid "<emphasis>1</emphasis>: show only important messages"
 msgstr "<emphasis>1</emphasis>: Mostra només missatges importants"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1115
+#: sssd.conf.5.xml:1117
 msgid "<emphasis>2</emphasis>: show informational messages"
 msgstr "<emphasis>2</emphasis>: Mostra missatges informatius"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1118
+#: sssd.conf.5.xml:1120
 msgid "<emphasis>3</emphasis>: show all messages and debug information"
 msgstr ""
 "<emphasis>3</emphasis>: Mostra tots els missatges i informació de depuració"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1122 sssd.8.xml:63
+#: sssd.conf.5.xml:1124 sssd.8.xml:63
 msgid "Default: 1"
 msgstr "Per defecte: 1"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1128
+#: sssd.conf.5.xml:1130
 msgid "pam_response_filter (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1131
+#: sssd.conf.5.xml:1133
 msgid ""
 "A comma separated list of strings which allows to remove (filter) data sent "
 "by the PAM responder to pam_sss PAM module. There are different kind of "
@@ -1647,61 +1656,61 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1139
+#: sssd.conf.5.xml:1141
 msgid ""
 "While messages already can be controlled with the help of the pam_verbosity "
 "option this option allows to filter out other kind of responses as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1148
 msgid "ENV"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1147
+#: sssd.conf.5.xml:1149
 msgid "Do not send any environment variables to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1150
+#: sssd.conf.5.xml:1152
 msgid "ENV:var_name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1151
+#: sssd.conf.5.xml:1153
 msgid "Do not send environment variable var_name to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1155
+#: sssd.conf.5.xml:1157
 msgid "ENV:var_name:service"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1156
+#: sssd.conf.5.xml:1158
 msgid "Do not send environment variable var_name to service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1144
+#: sssd.conf.5.xml:1146
 msgid ""
 "Currently the following filters are supported: <placeholder type="
 "\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1166
+#: sssd.conf.5.xml:1168
 msgid "Example: ENV:KRB5CCNAME:sudo-i"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1174
 msgid "pam_id_timeout (integer)"
 msgstr "pam_id_timeout (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1175
+#: sssd.conf.5.xml:1177
 msgid ""
 "For any PAM request while SSSD is online, the SSSD will attempt to "
 "immediately update the cached identity information for the user in order to "
@@ -1713,7 +1722,7 @@ msgstr ""
 "l'última informació."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1181
+#: sssd.conf.5.xml:1183
 msgid ""
 "A complete PAM conversation may perform multiple PAM requests, such as "
 "account management and session opening. This option controls (on a per-"
@@ -1727,17 +1736,17 @@ msgstr ""
 "excessives al proveïdor d'identitat."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1195
+#: sssd.conf.5.xml:1197
 msgid "pam_pwd_expiration_warning (integer)"
 msgstr "pam_pwd_expiration_warning (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1198 sssd.conf.5.xml:2028
+#: sssd.conf.5.xml:1200 sssd.conf.5.xml:2078
 msgid "Display a warning N days before the password expires."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1201
+#: sssd.conf.5.xml:1203
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -1745,26 +1754,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1207 sssd.conf.5.xml:2031
+#: sssd.conf.5.xml:1209 sssd.conf.5.xml:2081
 msgid ""
 "If zero is set, then this filter is not applied, i.e. if the expiration "
 "warning was received from backend server, it will automatically be displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1212
+#: sssd.conf.5.xml:1214
 msgid ""
 "This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
 "emphasis> for a particular domain."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1219 sssd.conf.5.xml:2904 sssd.8.xml:79
+msgid "Default: 0"
+msgstr "Per defecte: 0"
+
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1234
+#: sssd.conf.5.xml:1236
 msgid "pam_trusted_users (string)"
 msgstr "pam_trusted_users (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1237
+#: sssd.conf.5.xml:1239
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to run PAM conversations against trusted domains.  Users not "
@@ -1774,74 +1788,74 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1247
+#: sssd.conf.5.xml:1249
 msgid "Default: All users are considered trusted by default"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1251
+#: sssd.conf.5.xml:1253
 msgid ""
 "Please note that UID 0 is always allowed to access the PAM responder even in "
 "case it is not in the pam_trusted_users list."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1258
+#: sssd.conf.5.xml:1260
 msgid "pam_public_domains (string)"
 msgstr "pam_public_domains (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1261
+#: sssd.conf.5.xml:1263
 msgid ""
 "Specifies the comma-separated list of domain names that are accessible even "
 "to untrusted users."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1265
+#: sssd.conf.5.xml:1267
 msgid "Two special values for pam_public_domains option are defined:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1269
+#: sssd.conf.5.xml:1271
 msgid ""
 "all (Untrusted users are allowed to access all domains in PAM responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1273
+#: sssd.conf.5.xml:1275
 msgid ""
 "none (Untrusted users are not allowed to access any domains PAM in "
 "responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1277 sssd.conf.5.xml:1302 sssd.conf.5.xml:1321
-#: sssd.conf.5.xml:1825 sssd.conf.5.xml:2782 sssd-ldap.5.xml:1968
+#: sssd.conf.5.xml:1279 sssd.conf.5.xml:1304 sssd.conf.5.xml:1323
+#: sssd.conf.5.xml:1875 sssd.conf.5.xml:2840 sssd-ldap.5.xml:1968
 msgid "Default: none"
 msgstr "Per defecte: none"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1282
+#: sssd.conf.5.xml:1284
 msgid "pam_account_expired_message (string)"
 msgstr "pam_account_expired_message (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1285
+#: sssd.conf.5.xml:1287
 msgid ""
 "Allows a custom expiration message to be set, replacing the default "
 "'Permission denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1290
+#: sssd.conf.5.xml:1292
 msgid ""
 "Note: Please be aware that message is only printed for the SSH service "
 "unless pam_verbosity is set to 3 (show all messages and debug information)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1298
+#: sssd.conf.5.xml:1300
 #, no-wrap
 msgid ""
 "pam_account_expired_message = Account expired, please contact help desk.\n"
@@ -1849,19 +1863,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1307
+#: sssd.conf.5.xml:1309
 msgid "pam_account_locked_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1310
+#: sssd.conf.5.xml:1312
 msgid ""
 "Allows a custom lockout message to be set, replacing the default 'Permission "
 "denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1317
+#: sssd.conf.5.xml:1319
 #, no-wrap
 msgid ""
 "pam_account_locked_message = Account locked, please contact help desk.\n"
@@ -1869,12 +1883,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1326
+#: sssd.conf.5.xml:1328
 msgid "pam_cert_auth (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1329
+#: sssd.conf.5.xml:1331
 msgid ""
 "Enable certificate based Smartcard authentication.  Since this requires "
 "additional communication with the Smartcard which will delay the "
@@ -1882,58 +1896,82 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1335 sssd.conf.5.xml:2875 sssd-ldap.5.xml:1087
+#: sssd.conf.5.xml:1337 sssd.conf.5.xml:2933 sssd-ldap.5.xml:1087
 #: sssd-ldap.5.xml:1114 sssd-ldap.5.xml:1514 sssd-ldap.5.xml:1535
 #: sssd-ldap.5.xml:2041 include/ldap_id_mapping.xml:244
 msgid "Default: False"
 msgstr "Per defecte: False"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1340
+#: sssd.conf.5.xml:1342
 msgid "pam_cert_db_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1343
+#: sssd.conf.5.xml:1345
 msgid ""
 "The path to the certificate database which contain the PKCS#11 modules to "
 "access the Smartcard."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1347
-msgid "Default: /etc/pki/nssdb (NSS version)"
+#: sssd.conf.5.xml:1349 sssd.conf.5.xml:1534
+#, fuzzy
+#| msgid "Default: 3"
+msgid "Default:"
+msgstr "Per defecte: 3"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:1351 sssd.conf.5.xml:1536
+msgid "/etc/pki/nssdb (NSS version, path to a NSS database)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:1354 sssd.conf.5.xml:1539
+msgid ""
+"/etc/sssd/pki/sssd_auth_ca_db.pem (OpenSSL version, path to a file with "
+"trusted CA certificates in PEM format)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1361 sssd.conf.5.xml:1546
+msgid "This man page was generated for the NSS version."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1364 sssd.conf.5.xml:1549
+msgid "This man page was generated for the OpenSSL version."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1352
+#: sssd.conf.5.xml:1369
 msgid "p11_child_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1355
+#: sssd.conf.5.xml:1372
 msgid "How many seconds will pam_sss wait for p11_child to finish."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1364
+#: sssd.conf.5.xml:1381
 msgid "pam_app_services (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1367
+#: sssd.conf.5.xml:1384
 msgid ""
 "Which PAM services are permitted to contact domains of type "
 "<quote>application</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1380
+#: sssd.conf.5.xml:1397
 msgid "SUDO configuration options"
 msgstr "Opcions de configuració de SUDO"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1382
+#: sssd.conf.5.xml:1399
 msgid ""
 "These options can be used to configure the sudo service.  The detailed "
 "instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -1951,26 +1989,24 @@ msgstr ""
 "manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1399
+#: sssd.conf.5.xml:1416
 msgid "sudo_timed (bool)"
 msgstr "sudo_timed (booleà)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1402
+#: sssd.conf.5.xml:1419
 msgid ""
 "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
 "that implement time-dependent sudoers entries."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1414
-#, fuzzy
-#| msgid "ldap_deref_threshold (integer)"
+#: sssd.conf.5.xml:1431
 msgid "sudo_threshold (integer)"
-msgstr "ldap_deref_threshold (enter)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1417
+#: sssd.conf.5.xml:1434
 msgid ""
 "Maximum number of expired rules that can be refreshed at once. If number of "
 "expired rules is below threshold, those rules are refreshed with "
@@ -1980,23 +2016,23 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1436
+#: sssd.conf.5.xml:1453
 msgid "AUTOFS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1438
+#: sssd.conf.5.xml:1455
 msgid "These options can be used to configure the autofs service."
 msgstr ""
 "Es poden utilitzar aquestes opcions per configurar el servei de l'autofs."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1442
+#: sssd.conf.5.xml:1459
 msgid "autofs_negative_timeout (integer)"
 msgstr "autofs_negative_timeout (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1445
+#: sssd.conf.5.xml:1462
 msgid ""
 "Specifies for how many seconds should the autofs responder negative cache "
 "hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -2004,68 +2040,89 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1461
+#: sssd.conf.5.xml:1478
 msgid "SSH configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1463
+#: sssd.conf.5.xml:1480
 msgid "These options can be used to configure the SSH service."
 msgstr "Es poden utilitzar aquestes opcions per configurar el servei de l'SSH."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1467
+#: sssd.conf.5.xml:1484
 msgid "ssh_hash_known_hosts (bool)"
 msgstr "ssh_hash_known_hosts (booleà)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1470
+#: sssd.conf.5.xml:1487
 msgid ""
 "Whether or not to hash host names and addresses in the managed known_hosts "
 "file."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1479
+#: sssd.conf.5.xml:1496
 msgid "ssh_known_hosts_timeout (integer)"
 msgstr "ssh_known_hosts_timeout (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1482
+#: sssd.conf.5.xml:1499
 msgid ""
 "How many seconds to keep a host in the managed known_hosts file after its "
 "host keys were requested."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1486
+#: sssd.conf.5.xml:1503
 msgid "Default: 180"
 msgstr "Per defecte: 180"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1491
+#: sssd.conf.5.xml:1508
+#, fuzzy
+#| msgid "ldap_user_certificate (string)"
+msgid "ssh_use_certificate_keys (bool)"
+msgstr "ldap_user_certificate (cadena)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1511
+#, fuzzy
+#| msgid ""
+#| "The skeleton directory, which contains files and directories to be copied "
+#| "in the user's home directory, when the home directory is created by "
+#| "<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</"
+#| "manvolnum> </citerefentry>"
+msgid ""
+"If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh "
+"keys derived from the public key of X.509 certificates stored in the user "
+"entry as well. See <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</"
+"refentrytitle> <manvolnum>1</manvolnum> </citerefentry> for details."
+msgstr ""
+"El directori esquemàtic que conté els fitxers i els directoris per copiar al "
+"directori inicial, quan el directori inicial de l'usuari es crea amb "
+"<citerefentry><refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</"
+"manvolnum></citerefentry>"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1526
 msgid "ca_db (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1494
+#: sssd.conf.5.xml:1529
 msgid ""
 "Path to a storage of trusted CA certificates. The option is used to validate "
 "user certificates before deriving public ssh keys from them."
 msgstr ""
 
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1499
-msgid "Default: /etc/pki/nssdb"
-msgstr ""
-
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1507
+#: sssd.conf.5.xml:1557
 msgid "PAC responder configuration options"
 msgstr "Opcions de configuració del contestador del PAC."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1509
+#: sssd.conf.5.xml:1559
 msgid ""
 "The PAC responder works together with the authorization data plugin for MIT "
 "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -2076,7 +2133,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1518
+#: sssd.conf.5.xml:1568
 msgid ""
 "If the remote user does not exist in the cache, it is created. The UID is "
 "determined with the help of the SID, trusted domains will have UPGs and the "
@@ -2087,25 +2144,25 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1526
+#: sssd.conf.5.xml:1576
 msgid ""
 "If there are SIDs of groups from domains sssd knows about, the user will be "
 "added to those groups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1532
+#: sssd.conf.5.xml:1582
 msgid "These options can be used to configure the PAC responder."
 msgstr ""
 "Es poden utilitzar aquestes opcions per configurar el contestador del PAC."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1536 sssd-ifp.5.xml:50
+#: sssd.conf.5.xml:1586 sssd-ifp.5.xml:50
 msgid "allowed_uids (string)"
 msgstr "allowed_uids (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1539
+#: sssd.conf.5.xml:1589
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -2113,12 +2170,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1545
+#: sssd.conf.5.xml:1595
 msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1549
+#: sssd.conf.5.xml:1599
 msgid ""
 "Please note that although the UID 0 is used as the default it will be "
 "overwritten with this option. If you still want to allow the root user to "
@@ -2127,34 +2184,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1558
+#: sssd.conf.5.xml:1608
 msgid "pac_lifetime (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1561
+#: sssd.conf.5.xml:1611
 msgid ""
 "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
 "data can be used to determine the group memberships of a user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1574
-#, fuzzy
-#| msgid "PAC responder configuration options"
+#: sssd.conf.5.xml:1624
 msgid "Session recording configuration options"
-msgstr "Opcions de configuració del contestador del PAC."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1576
-#, fuzzy
-#| msgid ""
-#| "This manual page describes the configuration of the IPA provider for "
-#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</"
-#| "manvolnum> </citerefentry>.  For a detailed syntax reference, refer to "
-#| "the <quote>FILE FORMAT</quote> section of the <citerefentry> "
-#| "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-#| "citerefentry> manual page."
+#: sssd.conf.5.xml:1626
 msgid ""
 "Session recording works in conjunction with <citerefentry> "
 "<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </"
@@ -2162,98 +2209,68 @@ msgid ""
 "they log in on a text terminal.  See also <citerefentry> <refentrytitle>sssd-"
 "session-recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
 msgstr ""
-"En aquesta pàgina del manual es descriu la configuració del proveïdor IPA "
-"per a <citerefentry><refentrytitle>sssd</refentrytitle> <manvolnum>8</"
-"manvolnum></citerefentry>.  Per una referència detallada sintaxi, aneu a la "
-"secció de <quote>FORMAT DE FITXER</quote> de la pàgina del manual "
-"<citerefentry>d'<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum></citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1589
-#, fuzzy
-#| msgid "These options can be used to configure any service."
+#: sssd.conf.5.xml:1639
 msgid "These options can be used to configure session recording."
-msgstr "Es poden utilitzar aquestes opcions per configurar qualsevol servei."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1593 sssd-session-recording.5.xml:64
-#, fuzzy
-#| msgid "user (string)"
+#: sssd.conf.5.xml:1643 sssd-session-recording.5.xml:64
 msgid "scope (string)"
-msgstr "user (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1600 sssd-session-recording.5.xml:71
-#, fuzzy
-#| msgid "none"
+#: sssd.conf.5.xml:1650 sssd-session-recording.5.xml:71
 msgid "\"none\""
-msgstr "none"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1603 sssd-session-recording.5.xml:74
+#: sssd.conf.5.xml:1653 sssd-session-recording.5.xml:74
 msgid "No users are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1608 sssd-session-recording.5.xml:79
+#: sssd.conf.5.xml:1658 sssd-session-recording.5.xml:79
 msgid "\"some\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1611 sssd-session-recording.5.xml:82
-#, fuzzy
-#| msgid ""
-#| "Append this user to groups specified by the <replaceable>GROUPS</"
-#| "replaceable> parameter.  The <replaceable>GROUPS</replaceable> parameter "
-#| "is a comma separated list of group names."
+#: sssd.conf.5.xml:1661 sssd-session-recording.5.xml:82
 msgid ""
 "Users/groups specified by <replaceable>users</replaceable> and "
 "<replaceable>groups</replaceable> options are recorded."
 msgstr ""
-"Annexa aquest usuari als grups que s'especifiquen amb el paràmetre dels "
-"<replaceable>GRUPS</replaceable>. El paràmetre dels <replaceable>GRUPS</"
-"replaceable> és una llista delimitada per comes dels noms dels grups."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1620 sssd-session-recording.5.xml:91
+#: sssd.conf.5.xml:1670 sssd-session-recording.5.xml:91
 msgid "\"all\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1623 sssd-session-recording.5.xml:94
+#: sssd.conf.5.xml:1673 sssd-session-recording.5.xml:94
 msgid "All users are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1596 sssd-session-recording.5.xml:67
-#, fuzzy
-#| msgid ""
-#| "The following expansions are supported: <placeholder type=\"variablelist"
-#| "\" id=\"0\"/>"
+#: sssd.conf.5.xml:1646 sssd-session-recording.5.xml:67
 msgid ""
 "One of the following strings specifying the scope of session recording: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
-"S'admeten les següents ampliacions: <placeholder type=\"variablelist\" id="
-"\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1630 sssd-session-recording.5.xml:101
-#, fuzzy
-#| msgid "Default: none"
+#: sssd.conf.5.xml:1680 sssd-session-recording.5.xml:101
 msgid "Default: \"none\""
-msgstr "Per defecte: none"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1635 sssd-session-recording.5.xml:106
-#, fuzzy
-#| msgid "user (string)"
+#: sssd.conf.5.xml:1685 sssd-session-recording.5.xml:106
 msgid "users (string)"
-msgstr "user (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1638 sssd-session-recording.5.xml:109
+#: sssd.conf.5.xml:1688 sssd-session-recording.5.xml:109
 msgid ""
 "A comma-separated list of users which should have session recording enabled. "
 "Matches user names as returned by NSS. I.e. after the possible space "
@@ -2261,21 +2278,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1644 sssd-session-recording.5.xml:115
-#, fuzzy
-#| msgid "Default: empty, i.e. ldap_uri is used."
+#: sssd.conf.5.xml:1694 sssd-session-recording.5.xml:115
 msgid "Default: Empty. Matches no users."
-msgstr "Per defecte: buit, és a dir, s'utilitza ldap_uri."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1649 sssd-session-recording.5.xml:120
-#, fuzzy
-#| msgid "user (string)"
+#: sssd.conf.5.xml:1699 sssd-session-recording.5.xml:120
 msgid "groups (string)"
-msgstr "user (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1652 sssd-session-recording.5.xml:123
+#: sssd.conf.5.xml:1702 sssd-session-recording.5.xml:123
 msgid ""
 "A comma-separated list of groups, members of which should have session "
 "recording enabled. Matches group names as returned by NSS. I.e. after the "
@@ -2283,7 +2296,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1658 sssd-session-recording.5.xml:129
+#: sssd.conf.5.xml:1708 sssd-session-recording.5.xml:129
 msgid ""
 "NOTE: using this option (having it set to anything) has a considerable "
 "performance cost, because each uncached request for a user requires "
@@ -2291,22 +2304,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1665 sssd-session-recording.5.xml:136
+#: sssd.conf.5.xml:1715 sssd-session-recording.5.xml:136
 msgid "Default: Empty. Matches no groups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1675
+#: sssd.conf.5.xml:1725
 msgid "DOMAIN SECTIONS"
 msgstr "SECCIONS DE DOMINI"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1682
+#: sssd.conf.5.xml:1732
 msgid "domain_type (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1685
+#: sssd.conf.5.xml:1735
 msgid ""
 "Specifies whether the domain is meant to be used by POSIX-aware clients such "
 "as the Name Service Switch or by applications that do not need POSIX data to "
@@ -2315,14 +2328,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1693
+#: sssd.conf.5.xml:1743
 msgid ""
 "Allowed values for this option are <quote>posix</quote> and "
 "<quote>application</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1697
+#: sssd.conf.5.xml:1747
 msgid ""
 "POSIX domains are reachable by all services. Application domains are only "
 "reachable from the InfoPipe responder (see <citerefentry> "
@@ -2331,31 +2344,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1705
+#: sssd.conf.5.xml:1755
 msgid ""
 "NOTE: The application domains are currently well tested with "
 "<quote>id_provider=ldap</quote> only."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1709
+#: sssd.conf.5.xml:1759
 msgid ""
 "For an easy way to configure a non-POSIX domains, please see the "
 "<quote>Application domains</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1713
+#: sssd.conf.5.xml:1763
 msgid "Default: posix"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1719
+#: sssd.conf.5.xml:1769
 msgid "min_id,max_id (integer)"
 msgstr "min_id, max_id (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1722
+#: sssd.conf.5.xml:1772
 msgid ""
 "UID and GID limits for the domain. If a domain contains an entry that is "
 "outside these limits, it is ignored."
@@ -2364,7 +2377,7 @@ msgstr ""
 "fora d'aquests límits, s'ignora."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1727
+#: sssd.conf.5.xml:1777
 msgid ""
 "For users, this affects the primary GID limit. The user will not be returned "
 "to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -2377,24 +2390,24 @@ msgstr ""
 "com s'esperava."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1734
+#: sssd.conf.5.xml:1784
 msgid ""
 "These ID limits affect even saving entries to cache, not only returning them "
 "by name or ID."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1738
+#: sssd.conf.5.xml:1788
 msgid "Default: 1 for min_id, 0 (no limit) for max_id"
 msgstr "Per defecte: 1 per a min_id, 0 (sense límit) per a max_id"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1744
+#: sssd.conf.5.xml:1794
 msgid "enumerate (bool)"
 msgstr "enumerate (booleà)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1747
+#: sssd.conf.5.xml:1797
 msgid ""
 "Determines if a domain can be enumerated, that is, whether the domain can "
 "list all the users and group it contains. Note that it is not required to "
@@ -2403,29 +2416,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1755
+#: sssd.conf.5.xml:1805
 msgid "TRUE = Users and groups are enumerated"
 msgstr "TRUE = Els usuaris i grups s'enumeren"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1758
+#: sssd.conf.5.xml:1808
 msgid "FALSE = No enumerations for this domain"
 msgstr "FALSE = Cap enumeració per a aquest domini"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1761 sssd.conf.5.xml:1983 sssd.conf.5.xml:2150
+#: sssd.conf.5.xml:1811 sssd.conf.5.xml:2033 sssd.conf.5.xml:2208
 msgid "Default: FALSE"
 msgstr "Per defecte: FALSE"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1764
+#: sssd.conf.5.xml:1814
 msgid ""
 "Enumerating a domain requires SSSD to download and store ALL user and group "
 "entries from the remote server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1769
+#: sssd.conf.5.xml:1819
 msgid ""
 "Note: Enabling enumeration has a moderate performance impact on SSSD while "
 "enumeration is running. It may take up to several minutes after SSSD startup "
@@ -2439,7 +2452,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1784
+#: sssd.conf.5.xml:1834
 msgid ""
 "While the first enumeration is running, requests for the complete user or "
 "group lists may return no results until it completes."
@@ -2449,7 +2462,7 @@ msgstr ""
 "finalitzi."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1789
+#: sssd.conf.5.xml:1839
 msgid ""
 "Further, enabling enumeration may increase the time necessary to detect "
 "network disconnection, as longer timeouts are required to ensure that "
@@ -2463,39 +2476,39 @@ msgstr ""
 "ús."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1797
+#: sssd.conf.5.xml:1847
 msgid ""
 "For the reasons cited above, enabling enumeration is not recommended, "
 "especially in large environments."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1805
+#: sssd.conf.5.xml:1855
 msgid "subdomain_enumerate (string)"
 msgstr "subdomain_enumerate (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1812
+#: sssd.conf.5.xml:1862
 msgid "all"
 msgstr "all"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1813
+#: sssd.conf.5.xml:1863
 msgid "All discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1816
+#: sssd.conf.5.xml:1866
 msgid "none"
 msgstr "none"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1817
+#: sssd.conf.5.xml:1867
 msgid "No discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1808
+#: sssd.conf.5.xml:1858
 msgid ""
 "Whether any of autodetected trusted domains should be enumerated. The "
 "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -2504,12 +2517,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1831
+#: sssd.conf.5.xml:1881
 msgid "entry_cache_timeout (integer)"
 msgstr "entry_cache_timeout (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1834
+#: sssd.conf.5.xml:1884
 msgid ""
 "How many seconds should nss_sss consider entries valid before asking the "
 "backend again"
@@ -2518,7 +2531,7 @@ msgstr ""
 "demanar al rerefons una altra vegada"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1838
+#: sssd.conf.5.xml:1888
 msgid ""
 "The cache expiration timestamps are stored as attributes of individual "
 "objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -2529,153 +2542,153 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1851
+#: sssd.conf.5.xml:1901
 msgid "Default: 5400"
 msgstr "Per defecte: 5400"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1857
+#: sssd.conf.5.xml:1907
 msgid "entry_cache_user_timeout (integer)"
 msgstr "entry_cache_user_timeout (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1860
+#: sssd.conf.5.xml:1910
 msgid ""
 "How many seconds should nss_sss consider user entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1864 sssd.conf.5.xml:1877 sssd.conf.5.xml:1890
-#: sssd.conf.5.xml:1903 sssd.conf.5.xml:1916 sssd.conf.5.xml:1930
-#: sssd.conf.5.xml:1944
+#: sssd.conf.5.xml:1914 sssd.conf.5.xml:1927 sssd.conf.5.xml:1940
+#: sssd.conf.5.xml:1953 sssd.conf.5.xml:1966 sssd.conf.5.xml:1980
+#: sssd.conf.5.xml:1994
 msgid "Default: entry_cache_timeout"
 msgstr "Per defecte: entry_cache_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1870
+#: sssd.conf.5.xml:1920
 msgid "entry_cache_group_timeout (integer)"
 msgstr "entry_cache_group_timeout (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1873
+#: sssd.conf.5.xml:1923
 msgid ""
 "How many seconds should nss_sss consider group entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1883
+#: sssd.conf.5.xml:1933
 msgid "entry_cache_netgroup_timeout (integer)"
 msgstr "entry_cache_netgroup_timeout (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1886
+#: sssd.conf.5.xml:1936
 msgid ""
 "How many seconds should nss_sss consider netgroup entries valid before "
 "asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1896
+#: sssd.conf.5.xml:1946
 msgid "entry_cache_service_timeout (integer)"
 msgstr "entry_cache_service_timeout (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1899
+#: sssd.conf.5.xml:1949
 msgid ""
 "How many seconds should nss_sss consider service entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1909
+#: sssd.conf.5.xml:1959
 msgid "entry_cache_sudo_timeout (integer)"
 msgstr "entry_cache_sudo_timeout (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:1962
 msgid ""
 "How many seconds should sudo consider rules valid before asking the backend "
 "again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1922
+#: sssd.conf.5.xml:1972
 msgid "entry_cache_autofs_timeout (integer)"
 msgstr "entry_cache_autofs_timeout (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1925
+#: sssd.conf.5.xml:1975
 msgid ""
 "How many seconds should the autofs service consider automounter maps valid "
 "before asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1936
+#: sssd.conf.5.xml:1986
 msgid "entry_cache_ssh_host_timeout (integer)"
 msgstr "entry_cache_ssh_host_timeout (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1939
+#: sssd.conf.5.xml:1989
 msgid ""
 "How many seconds to keep a host ssh key after refresh. IE how long to cache "
 "the host key for."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1950
+#: sssd.conf.5.xml:2000
 msgid "refresh_expired_interval (integer)"
 msgstr "refresh_expired_interval (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1953
+#: sssd.conf.5.xml:2003
 msgid ""
 "Specifies how many seconds SSSD has to wait before triggering a background "
 "refresh task which will refresh all expired or nearly expired records."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1958
+#: sssd.conf.5.xml:2008
 msgid ""
 "The background refresh will process users, groups and netgroups in the cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1962
+#: sssd.conf.5.xml:2012
 msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1966 sssd-ldap.5.xml:746 sssd-ipa.5.xml:254
+#: sssd.conf.5.xml:2016 sssd-ldap.5.xml:746 sssd-ipa.5.xml:254
 msgid "Default: 0 (disabled)"
 msgstr "Per defecte: 0 (inhabilitat)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1972
+#: sssd.conf.5.xml:2022
 msgid "cache_credentials (bool)"
 msgstr "cache_credentials (booleà)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1975
+#: sssd.conf.5.xml:2025
 msgid "Determines if user credentials are also cached in the local LDB cache"
 msgstr ""
 "Determina si les credencials d'usuari també són emmagatzemades en la memòria "
 "cau local de LDB"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1979
+#: sssd.conf.5.xml:2029
 msgid "User credentials are stored in a SHA512 hash, not in plaintext"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1989
+#: sssd.conf.5.xml:2039
 msgid "cache_credentials_minimal_first_factor_length (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1992
+#: sssd.conf.5.xml:2042
 msgid ""
 "If 2-Factor-Authentication (2FA) is used and credentials should be saved "
 "this value determines the minimal length the first authentication factor "
@@ -2683,24 +2696,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1999
+#: sssd.conf.5.xml:2049
 msgid ""
 "This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
 "the cache which would make them easy targets for brute-force attacks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2004
+#: sssd.conf.5.xml:2054
 msgid "Default: 8"
 msgstr "Per defecte: 8"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2010
+#: sssd.conf.5.xml:2060
 msgid "account_cache_expiration (integer)"
 msgstr "account_cache_expiration (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2013
+#: sssd.conf.5.xml:2063
 msgid ""
 "Number of days entries are left in cache after last successful login before "
 "being removed during a cleanup of the cache. 0 means keep forever.  The "
@@ -2713,17 +2726,17 @@ msgstr ""
 "ha de ser superior o igual que offline_credentials_expiration."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2020
+#: sssd.conf.5.xml:2070
 msgid "Default: 0 (unlimited)"
 msgstr "Per defecte: 0 (sense límit)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2025
+#: sssd.conf.5.xml:2075
 msgid "pwd_expiration_warning (integer)"
 msgstr "pwd_expiration_warning (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2036
+#: sssd.conf.5.xml:2086
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -2732,33 +2745,50 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2043
+#: sssd.conf.5.xml:2093
 msgid "Default: 7 (Kerberos), 0 (LDAP)"
 msgstr "Per defecte: 7 (Kerberos), 0 (LDAP)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2049
+#: sssd.conf.5.xml:2099
 msgid "id_provider (string)"
 msgstr "id_provider (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2052
+#: sssd.conf.5.xml:2102
 msgid ""
 "The identification provider used for the domain.  Supported ID providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2056
-msgid "<quote>proxy</quote>: Support a legacy NSS provider"
+#: sssd.conf.5.xml:2106
+msgid "<quote>proxy</quote>: Support a legacy NSS provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2059 sssd.conf.5.xml:2196
-msgid "<quote>local</quote>: SSSD internal provider for local users"
+#: sssd.conf.5.xml:2109
+msgid ""
+"<quote>local</quote>: SSSD internal provider for local users (DEPRECATED)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2063
+#: sssd.conf.5.xml:2113
+#, fuzzy
+#| msgid ""
+#| "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
+#| "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
+#| "citerefentry> for more information on configuring LDAP."
+msgid ""
+"<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-"
+"files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
+"information on how to mirror local users and groups into SSSD."
+msgstr ""
+"<quote>ldap</quote> per autenticació nativa LDAP. Vegeu "
+"<citerefentry><refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry> per a més informació sobre configuració d'LDAP."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2121
 msgid ""
 "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
 "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -2766,8 +2796,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2071 sssd.conf.5.xml:2176 sssd.conf.5.xml:2231
-#: sssd.conf.5.xml:2294
+#: sssd.conf.5.xml:2129 sssd.conf.5.xml:2234 sssd.conf.5.xml:2289
+#: sssd.conf.5.xml:2352
 msgid ""
 "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
 "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -2776,8 +2806,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2080 sssd.conf.5.xml:2185 sssd.conf.5.xml:2240
-#: sssd.conf.5.xml:2303
+#: sssd.conf.5.xml:2138 sssd.conf.5.xml:2243 sssd.conf.5.xml:2298
+#: sssd.conf.5.xml:2361
 msgid ""
 "<quote>ad</quote>: Active Directory provider. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2785,19 +2815,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2091
+#: sssd.conf.5.xml:2149
 msgid "use_fully_qualified_names (bool)"
 msgstr "use_fully_qualified_names (booleà)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2094
+#: sssd.conf.5.xml:2152
 msgid ""
 "Use the full name and domain (as formatted by the domain's full_name_format) "
 "as the user's login name reported to NSS."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2099
+#: sssd.conf.5.xml:2157
 msgid ""
 "If set to TRUE, all requests to this domain must use fully qualified names. "
 "For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -2810,7 +2840,7 @@ msgstr ""
 "l'usuari mentre que <command>getent passwd test@LOCAL</command> sí."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2107
+#: sssd.conf.5.xml:2165
 msgid ""
 "NOTE: This option has no effect on netgroup lookups due to their tendency to "
 "include nested netgroups without qualified names. For netgroups, all domains "
@@ -2818,22 +2848,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2114
+#: sssd.conf.5.xml:2172
 msgid "Default: FALSE (TRUE if default_domain_suffix is used)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2120
+#: sssd.conf.5.xml:2178
 msgid "ignore_group_members (bool)"
 msgstr "ignore_group_members (booleà)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2123
+#: sssd.conf.5.xml:2181
 msgid "Do not return group members for group lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2126
+#: sssd.conf.5.xml:2184
 msgid ""
 "If set to TRUE, the group membership attribute is not requested from the "
 "ldap server, and group members are not returned when processing group lookup "
@@ -2845,7 +2875,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2144
+#: sssd.conf.5.xml:2202
 msgid ""
 "Enabling this option can also make access provider checks for group "
 "membership significantly faster, especially for groups containing many "
@@ -2853,12 +2883,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2155
+#: sssd.conf.5.xml:2213
 msgid "auth_provider (string)"
 msgstr "auth_provider (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2158
+#: sssd.conf.5.xml:2216
 msgid ""
 "The authentication provider used for the domain.  Supported auth providers "
 "are:"
@@ -2867,7 +2897,7 @@ msgstr ""
 "d'autenticació suportats són:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2162 sssd.conf.5.xml:2224
+#: sssd.conf.5.xml:2220 sssd.conf.5.xml:2282
 msgid ""
 "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2878,7 +2908,7 @@ msgstr ""
 "manvolnum></citerefentry> per a més informació sobre configuració d'LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2169
+#: sssd.conf.5.xml:2227
 msgid ""
 "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2889,7 +2919,7 @@ msgstr ""
 "manvolnum></citerefentry> per a més informació sobre configurar Kerberos."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2193
+#: sssd.conf.5.xml:2251
 msgid ""
 "<quote>proxy</quote> for relaying authentication to some other PAM target."
 msgstr ""
@@ -2897,12 +2927,17 @@ msgstr ""
 "de PAM."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2200
+#: sssd.conf.5.xml:2254
+msgid "<quote>local</quote>: SSSD internal provider for local users"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2258
 msgid "<quote>none</quote> disables authentication explicitly."
 msgstr "<quote>none</quote> impossibilita l'autenticació explícitament."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2203
+#: sssd.conf.5.xml:2261
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "authentication requests."
@@ -2911,12 +2946,12 @@ msgstr ""
 "gestionar les sol·licituds d'autenticació."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2209
+#: sssd.conf.5.xml:2267
 msgid "access_provider (string)"
 msgstr "access_provider (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2212
+#: sssd.conf.5.xml:2270
 msgid ""
 "The access control provider used for the domain.  There are two built-in "
 "access providers (in addition to any included in installed backends)  "
@@ -2927,19 +2962,19 @@ msgstr ""
 "instal·lats) Els proveïdors especials interns són:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2218
+#: sssd.conf.5.xml:2276
 msgid ""
 "<quote>permit</quote> always allow access. It's the only permitted access "
 "provider for a local domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2221
+#: sssd.conf.5.xml:2279
 msgid "<quote>deny</quote> always deny access."
 msgstr "<quote>deny</quote> sempre denega l'accés."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2248
+#: sssd.conf.5.xml:2306
 msgid ""
 "<quote>simple</quote> access control based on access or deny lists. See "
 "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -2952,7 +2987,7 @@ msgstr ""
 "configuració del mòdul d'accés simple."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2255
+#: sssd.conf.5.xml:2313
 msgid ""
 "<quote>krb5</quote>: .k5login based access control.  See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
@@ -2960,22 +2995,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2262
+#: sssd.conf.5.xml:2320
 msgid "<quote>proxy</quote> for relaying access control to another PAM module."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2265
+#: sssd.conf.5.xml:2323
 msgid "Default: <quote>permit</quote>"
 msgstr "Per defecte: <quote>permit</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2270
+#: sssd.conf.5.xml:2328
 msgid "chpass_provider (string)"
 msgstr "chpass_provider (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2273
+#: sssd.conf.5.xml:2331
 msgid ""
 "The provider which should handle change password operations for the domain.  "
 "Supported change password providers are:"
@@ -2984,7 +3019,7 @@ msgstr ""
 "al domini.  Els proveïdors de canvi de contrasenya compatibles són:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2278
+#: sssd.conf.5.xml:2336
 msgid ""
 "<quote>ldap</quote> to change a password stored in a LDAP server. See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -2992,7 +3027,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2286
+#: sssd.conf.5.xml:2344
 msgid ""
 "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3003,7 +3038,7 @@ msgstr ""
 "manvolnum></citerefentry> per a més informació sobre configurar Kerberos."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2311
+#: sssd.conf.5.xml:2369
 msgid ""
 "<quote>proxy</quote> for relaying password changes to some other PAM target."
 msgstr ""
@@ -3011,12 +3046,12 @@ msgstr ""
 "objectiu PAM."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2315
+#: sssd.conf.5.xml:2373
 msgid "<quote>none</quote> disallows password changes explicitly."
 msgstr "<quote>none</quote> rebutja els canvis de contrasenya explícitament."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2318
+#: sssd.conf.5.xml:2376
 msgid ""
 "Default: <quote>auth_provider</quote> is used if it is set and can handle "
 "change password requests."
@@ -3025,17 +3060,17 @@ msgstr ""
 "gestionar peticions de canvi de contrasenya."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2325
+#: sssd.conf.5.xml:2383
 msgid "sudo_provider (string)"
 msgstr "sudo_provider (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2328
+#: sssd.conf.5.xml:2386
 msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2332
+#: sssd.conf.5.xml:2390
 msgid ""
 "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3043,32 +3078,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2340
+#: sssd.conf.5.xml:2398
 msgid ""
 "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2344
+#: sssd.conf.5.xml:2402
 msgid ""
 "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2348
+#: sssd.conf.5.xml:2406
 msgid "<quote>none</quote> disables SUDO explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2351 sssd.conf.5.xml:2437 sssd.conf.5.xml:2507
-#: sssd.conf.5.xml:2532
+#: sssd.conf.5.xml:2409 sssd.conf.5.xml:2495 sssd.conf.5.xml:2565
+#: sssd.conf.5.xml:2590
 msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2355
+#: sssd.conf.5.xml:2413
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -3079,7 +3114,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2370
+#: sssd.conf.5.xml:2428
 msgid ""
 "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the "
 "background unless the sudo provider is explicitly disabled. Set "
@@ -3088,12 +3123,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2380
+#: sssd.conf.5.xml:2438
 msgid "selinux_provider (string)"
 msgstr "selinux_provider (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2383
+#: sssd.conf.5.xml:2441
 msgid ""
 "The provider which should handle loading of selinux settings. Note that this "
 "provider will be called right after access provider ends.  Supported selinux "
@@ -3101,7 +3136,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2389
+#: sssd.conf.5.xml:2447
 msgid ""
 "<quote>ipa</quote> to load selinux settings from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -3109,31 +3144,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2397
+#: sssd.conf.5.xml:2455
 msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2400
+#: sssd.conf.5.xml:2458
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "selinux loading requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2406
+#: sssd.conf.5.xml:2464
 msgid "subdomains_provider (string)"
 msgstr "subdomains_provider (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2409
+#: sssd.conf.5.xml:2467
 msgid ""
 "The provider which should handle fetching of subdomains. This value should "
 "be always the same as id_provider.  Supported subdomain providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2415
+#: sssd.conf.5.xml:2473
 msgid ""
 "<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -3141,7 +3176,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2424
+#: sssd.conf.5.xml:2482
 msgid ""
 "<quote>ad</quote> to load a list of subdomains from an Active Directory "
 "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -3150,19 +3185,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2433
+#: sssd.conf.5.xml:2491
 msgid "<quote>none</quote> disallows fetching subdomains explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2443
-#, fuzzy
-#| msgid "selinux_provider (string)"
+#: sssd.conf.5.xml:2501
 msgid "session_provider (string)"
-msgstr "selinux_provider (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2446
+#: sssd.conf.5.xml:2504
 msgid ""
 "The provider which configures and manages user session related tasks. The "
 "only user session task currently provided is the integration with Fleet "
@@ -3170,49 +3203,43 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2453
+#: sssd.conf.5.xml:2511
 msgid "<quote>ipa</quote> to allow performing user session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2457
+#: sssd.conf.5.xml:2515
 msgid ""
 "<quote>none</quote> does not perform any kind of user session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2461
-#, fuzzy
-#| msgid ""
-#| "Default: <quote>id_provider</quote> is used if it is set and can handle "
-#| "authentication requests."
+#: sssd.conf.5.xml:2519
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can perform "
 "session related tasks."
 msgstr ""
-"Per defecte: <quote>id_provider</quote> s'utilitza si s'ha establert i pot "
-"gestionar les sol·licituds d'autenticació."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2465
+#: sssd.conf.5.xml:2523
 msgid ""
 "<emphasis>NOTE:</emphasis> In order to have this feature working as expected "
 "SSSD must be running as \"root\" and not as the unprivileged user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2473
+#: sssd.conf.5.xml:2531
 msgid "autofs_provider (string)"
 msgstr "autofs_provider (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2476
+#: sssd.conf.5.xml:2534
 msgid ""
 "The autofs provider used for the domain.  Supported autofs providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2480
+#: sssd.conf.5.xml:2538
 msgid ""
 "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3220,7 +3247,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2487
+#: sssd.conf.5.xml:2545
 msgid ""
 "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
 "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3228,7 +3255,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2495
+#: sssd.conf.5.xml:2553
 msgid ""
 "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3236,24 +3263,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2504
+#: sssd.conf.5.xml:2562
 msgid "<quote>none</quote> disables autofs explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2514
+#: sssd.conf.5.xml:2572
 msgid "hostid_provider (string)"
 msgstr "hostid_provider (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2517
+#: sssd.conf.5.xml:2575
 msgid ""
 "The provider used for retrieving host identity information.  Supported "
 "hostid providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2521
+#: sssd.conf.5.xml:2579
 msgid ""
 "<quote>ipa</quote> to load host identity stored in an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -3261,12 +3288,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2529
+#: sssd.conf.5.xml:2587
 msgid "<quote>none</quote> disables hostid explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2542
+#: sssd.conf.5.xml:2600
 msgid ""
 "Regular expression for this domain that describes how to parse the string "
 "containing user name and domain into these components.  The \"domain\" can "
@@ -3276,7 +3303,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2551
+#: sssd.conf.5.xml:2609
 msgid ""
 "Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
 "\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -3285,29 +3312,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2556
+#: sssd.conf.5.xml:2614
 msgid "username"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2559
+#: sssd.conf.5.xml:2617
 msgid "username@domain.name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2562
+#: sssd.conf.5.xml:2620
 msgid "domain\\username"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2565
+#: sssd.conf.5.xml:2623
 msgid ""
 "While the first two correspond to the general default the third one is "
 "introduced to allow easy integration of users from Windows domains."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2570
+#: sssd.conf.5.xml:2628
 msgid ""
 "Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
 "which translates to \"the name is everything up to the <quote>@</quote> "
@@ -3318,7 +3345,7 @@ msgstr ""
 "quote> , el domini és tot el que hi ha després\""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2576
+#: sssd.conf.5.xml:2634
 msgid ""
 "PLEASE NOTE: the support for non-unique named subpatterns is not available "
 "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -3326,7 +3353,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2583
+#: sssd.conf.5.xml:2641
 msgid ""
 "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
 "P&lt;name&gt;) to label subpatterns."
@@ -3335,17 +3362,17 @@ msgstr ""
 "sintaxi Python (?P &lt;name&gt;) a l'etiqueta subpatterns."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2630
+#: sssd.conf.5.xml:2688
 msgid "Default: <quote>%1$s@%2$s</quote>."
 msgstr "Per defecte: <quote>%1$s@%2$s</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2636
+#: sssd.conf.5.xml:2694
 msgid "lookup_family_order (string)"
 msgstr "lookup_family_order (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2639
+#: sssd.conf.5.xml:2697
 msgid ""
 "Provides the ability to select preferred address family to use when "
 "performing DNS lookups."
@@ -3354,77 +3381,69 @@ msgstr ""
 "realitzar cerques de DNS."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2643
+#: sssd.conf.5.xml:2701
 msgid "Supported values:"
 msgstr "Valors admesos:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2646
+#: sssd.conf.5.xml:2704
 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
 msgstr "ipv4_first: Intenta resoldre l'adreça IPv4, si falla, intenta IPv6"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2649
+#: sssd.conf.5.xml:2707
 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
 msgstr "ipv4_only: Intenta resoldre només noms màquina a adreces IPv4."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2652
+#: sssd.conf.5.xml:2710
 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
 msgstr "ipv6_first: Intenta resoldre l'adreça IPv6, si falla, intenta IPv4"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2655
+#: sssd.conf.5.xml:2713
 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
 msgstr "ipv6_only: Intenta resoldre només noms màquina a adreces IPv6."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2658
+#: sssd.conf.5.xml:2716
 msgid "Default: ipv4_first"
 msgstr "Per defecte: ipv4_first"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2664
+#: sssd.conf.5.xml:2722
 msgid "dns_resolver_timeout (integer)"
 msgstr "dns_resolver_timeout (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2667
-#, fuzzy
-#| msgid ""
-#| "Defines the amount of time (in seconds) to wait for a reply from the DNS "
-#| "resolver before assuming that it is unreachable. If this timeout is "
-#| "reached, the domain will continue to operate in offline mode."
+#: sssd.conf.5.xml:2725
 msgid ""
 "Defines the amount of time (in seconds) to wait for a reply from the "
 "internal fail over service before assuming that the service is unreachable. "
 "If this timeout is reached, the domain will continue to operate in offline "
 "mode."
 msgstr ""
-"Defineix la quantitat de temps (en segons) per esperar per una resposta de "
-"la resolució de DNS abans d'assumir que és inaccessible. Si s'arriba a "
-"aquest temps d'espera, el domini seguirà operant en el mode fora de línia."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2674
+#: sssd.conf.5.xml:2732
 msgid ""
 "Please see the section <quote>FAILOVER</quote> for more information about "
 "the service resolution."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2679 sssd-ldap.5.xml:1396 sssd-ldap.5.xml:1438
+#: sssd.conf.5.xml:2737 sssd-ldap.5.xml:1396 sssd-ldap.5.xml:1438
 #: sssd-ldap.5.xml:1456 sssd-krb5.5.xml:248
 msgid "Default: 6"
 msgstr "Per defecte: 6"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2685
+#: sssd.conf.5.xml:2743
 msgid "dns_discovery_domain (string)"
 msgstr "dns_discovery_domain (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2688
+#: sssd.conf.5.xml:2746
 msgid ""
 "If service discovery is used in the back end, specifies the domain part of "
 "the service discovery DNS query."
@@ -3433,52 +3452,52 @@ msgstr ""
 "del domini de la consulta DNS del servei de descobriment."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2692
+#: sssd.conf.5.xml:2750
 msgid "Default: Use the domain part of machine's hostname"
 msgstr "Per defecte: Utilitza la part del domini del nom de màquina"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2698
+#: sssd.conf.5.xml:2756
 msgid "override_gid (integer)"
 msgstr "override_gid (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2701
+#: sssd.conf.5.xml:2759
 msgid "Override the primary GID value with the one specified."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2707
+#: sssd.conf.5.xml:2765
 msgid "case_sensitive (string)"
 msgstr "case_sensitive (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2715
+#: sssd.conf.5.xml:2773
 msgid "True"
 msgstr "True"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2718
+#: sssd.conf.5.xml:2776
 msgid "Case sensitive. This value is invalid for AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2724
+#: sssd.conf.5.xml:2782
 msgid "False"
 msgstr "False"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2726
+#: sssd.conf.5.xml:2784
 msgid "Case insensitive."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2730
+#: sssd.conf.5.xml:2788
 msgid "Preserving"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2733
+#: sssd.conf.5.xml:2791
 msgid ""
 "Same as False (case insensitive), but does not lowercase names in the result "
 "of NSS operations. Note that name aliases (and in case of services also "
@@ -3486,7 +3505,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2710
+#: sssd.conf.5.xml:2768
 msgid ""
 "Treat user and group names as case sensitive. At the moment, this option is "
 "not supported in the local provider. Possible option values are: "
@@ -3494,17 +3513,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2745
+#: sssd.conf.5.xml:2803
 msgid "Default: True (False for AD provider)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2751
+#: sssd.conf.5.xml:2809
 msgid "subdomain_inherit (string)"
 msgstr "subdomain_inherit (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2754
+#: sssd.conf.5.xml:2812
 msgid ""
 "Specifies a list of configuration parameters that should be inherited by a "
 "subdomain. Please note that only selected parameters can be inherited.  "
@@ -3512,34 +3531,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2760
+#: sssd.conf.5.xml:2818
 msgid "ignore_group_members"
 msgstr "ignore_group_members"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2763
+#: sssd.conf.5.xml:2821
 msgid "ldap_purge_cache_timeout"
 msgstr "ldap_purge_cache_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2766 sssd-ldap.5.xml:1120
+#: sssd.conf.5.xml:2824 sssd-ldap.5.xml:1120
 msgid "ldap_use_tokengroups"
 msgstr "ldap_use_tokengroups"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2769
+#: sssd.conf.5.xml:2827
 msgid "ldap_user_principal"
 msgstr "ldap_user_principal"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2772
+#: sssd.conf.5.xml:2830
 msgid ""
 "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
 "is not set explicitly)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:2778
+#: sssd.conf.5.xml:2836
 #, no-wrap
 msgid ""
 "subdomain_inherit = ldap_purge_cache_timeout\n"
@@ -3549,32 +3568,32 @@ msgstr ""
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2776 sssd-secrets.5.xml:448
+#: sssd.conf.5.xml:2834 sssd-secrets.5.xml:448
 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr "Exemple: <placeholder type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2785
+#: sssd.conf.5.xml:2843
 msgid "Note: This option only works with the IPA and AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2792
+#: sssd.conf.5.xml:2850
 msgid "subdomain_homedir (string)"
 msgstr "subdomain_homedir (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2803
+#: sssd.conf.5.xml:2861
 msgid "%F"
 msgstr "%F"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2804
+#: sssd.conf.5.xml:2862
 msgid "flat (NetBIOS) name of a subdomain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2795
+#: sssd.conf.5.xml:2853
 msgid ""
 "Use this homedir as default value for all subdomains within this domain in "
 "IPA AD trust.  See <emphasis>override_homedir</emphasis> for info about "
@@ -3584,34 +3603,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2809
+#: sssd.conf.5.xml:2867
 msgid ""
 "The value can be overridden by <emphasis>override_homedir</emphasis> option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2813
+#: sssd.conf.5.xml:2871
 msgid "Default: <filename>/home/%d/%u</filename>"
 msgstr "Per defecte: <filename>/home/%d/%u</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2818
+#: sssd.conf.5.xml:2876
 msgid "realmd_tags (string)"
 msgstr "realmd_tags (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2821
+#: sssd.conf.5.xml:2879
 msgid ""
 "Various tags stored by the realmd configuration service for this domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2827
+#: sssd.conf.5.xml:2885
 msgid "cached_auth_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2830
+#: sssd.conf.5.xml:2888
 msgid ""
 "Specifies time in seconds since last successful online authentication for "
 "which user will be authenticated using cached credentials while SSSD is in "
@@ -3619,12 +3638,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2836
+#: sssd.conf.5.xml:2894
 msgid "Special value 0 implies that this feature is disabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2840
+#: sssd.conf.5.xml:2898
 msgid ""
 "Please note that if <quote>cached_auth_timeout</quote> is longer than "
 "<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -3632,28 +3651,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2851
-#, fuzzy
-#| msgid "autofs_provider (string)"
+#: sssd.conf.5.xml:2909
 msgid "auto_private_groups (string)"
-msgstr "autofs_provider (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2854
+#: sssd.conf.5.xml:2912
 msgid ""
 "If this option is enabled, SSSD will automatically create user private "
 "groups based on user's UID number. The GID number is ignored in this case."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2859
+#: sssd.conf.5.xml:2917
 msgid ""
 "For POSIX subdomains, setting the option in the main domain is inherited in "
 "the subdomain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2863
+#: sssd.conf.5.xml:2921
 msgid ""
 "For ID-mapping subdomains, auto_private_groups is already enabled for the "
 "subdomains and setting it to false will not have any effect for the "
@@ -3661,7 +3678,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2868
+#: sssd.conf.5.xml:2926
 msgid ""
 "NOTE: Because the GID number and the user private group are inferred from "
 "the UID number, it is not supported to have multiple entries with the same "
@@ -3670,7 +3687,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1677
+#: sssd.conf.5.xml:1727
 msgid ""
 "These configuration options can be present in a domain configuration "
 "section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -3681,17 +3698,17 @@ msgstr ""
 "replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2887
+#: sssd.conf.5.xml:2945
 msgid "proxy_pam_target (string)"
 msgstr "proxy_pam_target (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2890
+#: sssd.conf.5.xml:2948
 msgid "The proxy target PAM proxies to."
 msgstr "El servidor intermediari on reenvia PAM."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2893
+#: sssd.conf.5.xml:2951
 msgid ""
 "Default: not set by default, you have to take an existing pam configuration "
 "or create a new one and add the service name here."
@@ -3700,12 +3717,12 @@ msgstr ""
 "de pam existent o crear-ne una de nova i afegir aquí el nom del servei."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2901
+#: sssd.conf.5.xml:2959
 msgid "proxy_lib_name (string)"
 msgstr "proxy_lib_name (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2904
+#: sssd.conf.5.xml:2962
 msgid ""
 "The name of the NSS library to use in proxy domains. The NSS functions "
 "searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -3716,12 +3733,12 @@ msgstr ""
 "format _nss_$(libName)_$(function), per exemple _nss_files_getpwent."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2914
+#: sssd.conf.5.xml:2972
 msgid "proxy_fast_alias (boolean)"
 msgstr "proxy_fast_alias (booleà)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2917
+#: sssd.conf.5.xml:2975
 msgid ""
 "When a user or group is looked up by name in the proxy provider, a second "
 "lookup by ID is performed to \"canonicalize\" the name in case the requested "
@@ -3730,12 +3747,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2931
+#: sssd.conf.5.xml:2989
 msgid "proxy_max_children (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2934
+#: sssd.conf.5.xml:2992
 msgid ""
 "This option specifies the number of pre-forked proxy children. It is useful "
 "for high-load SSSD environments where sssd may run out of available child "
@@ -3743,7 +3760,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2883
+#: sssd.conf.5.xml:2941
 msgid ""
 "Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
 "\"0\"/>"
@@ -3752,12 +3769,12 @@ msgstr ""
 "\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2950
+#: sssd.conf.5.xml:3008
 msgid "Application domains"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2952
+#: sssd.conf.5.xml:3010
 msgid ""
 "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</"
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to "
@@ -3774,7 +3791,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2972
+#: sssd.conf.5.xml:3030
 msgid ""
 "Please note that the application domain must still be explicitly enabled in "
 "the <quote>domains</quote> parameter so that the lookup order between the "
@@ -3782,17 +3799,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:2978
+#: sssd.conf.5.xml:3036
 msgid "Application domain parameters"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2980
+#: sssd.conf.5.xml:3038
 msgid "inherit_from (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2983
+#: sssd.conf.5.xml:3041
 msgid ""
 "The SSSD POSIX-type domain the application domain inherits all settings "
 "from. The application domain can moreover add its own settings to the "
@@ -3801,7 +3818,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2997
+#: sssd.conf.5.xml:3055
 msgid ""
 "The following example illustrates the use of an application domain. In this "
 "setup, the POSIX domain is connected to an LDAP server and is used by the OS "
@@ -3811,7 +3828,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting>
-#: sssd.conf.5.xml:3005
+#: sssd.conf.5.xml:3063
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -3831,12 +3848,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:3023
+#: sssd.conf.5.xml:3081
 msgid "The local domain section"
 msgstr "La secció del domini local"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:3025
+#: sssd.conf.5.xml:3083
 msgid ""
 "This section contains settings for domain that stores users and groups in "
 "SSSD native database, that is, a domain that uses "
@@ -3847,29 +3864,29 @@ msgstr ""
 "<replaceable>id_provider = local</replaceable>."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3032
+#: sssd.conf.5.xml:3090
 msgid "default_shell (string)"
 msgstr "default_shell (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3035
+#: sssd.conf.5.xml:3093
 msgid "The default shell for users created with SSSD userspace tools."
 msgstr ""
 "El shell predeterminat per als usuaris que es creen amb eines de l'espai "
 "d'usuari de l'SSSD."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3039
+#: sssd.conf.5.xml:3097
 msgid "Default: <filename>/bin/bash</filename>"
 msgstr "Per defecte: <filename>/bin/bash</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3044
+#: sssd.conf.5.xml:3102
 msgid "base_directory (string)"
 msgstr "base_directory (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3047
+#: sssd.conf.5.xml:3105
 msgid ""
 "The tools append the login name to <replaceable>base_directory</replaceable> "
 "and use that as the home directory."
@@ -3878,46 +3895,46 @@ msgstr ""
 "replaceable> i utilitzen aquest com el directori inicial."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3052
+#: sssd.conf.5.xml:3110
 msgid "Default: <filename>/home</filename>"
 msgstr "Per defecte: <filename>/home</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3057
+#: sssd.conf.5.xml:3115
 msgid "create_homedir (bool)"
 msgstr "create_homedir (booleà)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3060
+#: sssd.conf.5.xml:3118
 msgid ""
 "Indicate if a home directory should be created by default for new users.  "
 "Can be overridden on command line."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3064 sssd.conf.5.xml:3076
+#: sssd.conf.5.xml:3122 sssd.conf.5.xml:3134
 msgid "Default: TRUE"
 msgstr "Per defecte: TRUE"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3069
+#: sssd.conf.5.xml:3127
 msgid "remove_homedir (bool)"
 msgstr "remove_homedir (booleà)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3072
+#: sssd.conf.5.xml:3130
 msgid ""
 "Indicate if a home directory should be removed by default for deleted "
 "users.  Can be overridden on command line."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3081
+#: sssd.conf.5.xml:3139
 msgid "homedir_umask (integer)"
 msgstr "homedir_umask (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3084
+#: sssd.conf.5.xml:3142
 msgid ""
 "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
 "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -3928,17 +3945,17 @@ msgstr ""
 "defecte en un directori inicial acabat de crear."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3092
+#: sssd.conf.5.xml:3150
 msgid "Default: 077"
 msgstr "Per defecte: 077"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3097
+#: sssd.conf.5.xml:3155
 msgid "skel_dir (string)"
 msgstr "skel_dir (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3100
+#: sssd.conf.5.xml:3158
 msgid ""
 "The skeleton directory, which contains files and directories to be copied in "
 "the user's home directory, when the home directory is created by "
@@ -3951,17 +3968,17 @@ msgstr ""
 "manvolnum></citerefentry>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3110
+#: sssd.conf.5.xml:3168
 msgid "Default: <filename>/etc/skel</filename>"
 msgstr "Per defecte: <filename>/etc/skel</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3115
+#: sssd.conf.5.xml:3173
 msgid "mail_dir (string)"
 msgstr "mail_dir (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3118
+#: sssd.conf.5.xml:3176
 msgid ""
 "The mail spool directory. This is needed to manipulate the mailbox when its "
 "corresponding user account is modified or deleted.  If not specified, a "
@@ -3972,17 +3989,17 @@ msgstr ""
 "suprimit.  Si no s'especifica, s'utilitzarà un valor per defecte."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3125
+#: sssd.conf.5.xml:3183
 msgid "Default: <filename>/var/mail</filename>"
 msgstr "Per defecte: <filename>/var/correu</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3130
+#: sssd.conf.5.xml:3188
 msgid "userdel_cmd (string)"
 msgstr "userdel_cmd (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3133
+#: sssd.conf.5.xml:3191
 msgid ""
 "The command that is run after a user is removed.  The command us passed the "
 "username of the user being removed as the first and only parameter. The "
@@ -3993,17 +4010,17 @@ msgstr ""
 "té en compte."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3139
+#: sssd.conf.5.xml:3197
 msgid "Default: None, no command is run"
 msgstr "Per defecte: Cap, no s'executa cap comanda"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:3149
+#: sssd.conf.5.xml:3207
 msgid "TRUSTED DOMAIN SECTION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3151
+#: sssd.conf.5.xml:3209
 msgid ""
 "Some options used in the domain section can also be used in the trusted "
 "domain section, that is, in a section called <quote>[domain/"
@@ -4014,64 +4031,64 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3158
+#: sssd.conf.5.xml:3216
 msgid "ldap_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3159
+#: sssd.conf.5.xml:3217
 msgid "ldap_user_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3160
+#: sssd.conf.5.xml:3218
 msgid "ldap_group_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3161
+#: sssd.conf.5.xml:3219
 msgid "ldap_netgroup_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3162
+#: sssd.conf.5.xml:3220
 msgid "ldap_service_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3163
+#: sssd.conf.5.xml:3221
 msgid "ad_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3164
+#: sssd.conf.5.xml:3222
 msgid "ad_backup_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3165
+#: sssd.conf.5.xml:3223
 msgid "ad_site,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3166
+#: sssd.conf.5.xml:3224
 msgid "use_fully_qualified_names"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3168
+#: sssd.conf.5.xml:3226
 msgid ""
 "For more details about these options see their individual description in the "
 "manual page."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:3174 idmap_sss.8.xml:43
+#: sssd.conf.5.xml:3232 idmap_sss.8.xml:43
 msgid "EXAMPLES"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:3180
+#: sssd.conf.5.xml:3238
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -4125,26 +4142,16 @@ msgstr ""
 "enumerate = False\n"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3176
-#, fuzzy
-#| msgid ""
-#| "The following example shows a typical SSSD config. It does not describe "
-#| "configuration of the domains themselves - refer to documentation on "
-#| "configuring domains for more details.  <placeholder type=\"programlisting"
-#| "\" id=\"0\"/>"
+#: sssd.conf.5.xml:3234
 msgid ""
 "1. The following example shows a typical SSSD config. It does not describe "
 "configuration of the domains themselves - refer to documentation on "
 "configuring domains for more details.  <placeholder type=\"programlisting\" "
 "id=\"0\"/>"
 msgstr ""
-"En el següent exemple es mostra una configuració típica de l'SSSD. No es "
-"descriu la configuració dels mateixos dominis - referiu-vos a la "
-"documentació sobre la configuració dels dominis per a més detalls. "
-"<placeholder type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:3213
+#: sssd.conf.5.xml:3271
 #, no-wrap
 msgid ""
 "[domain/ipa.com/child.ad.com]\n"
@@ -4152,7 +4159,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3207
+#: sssd.conf.5.xml:3265
 msgid ""
 "2. The following example shows configuration of IPA AD trust where the AD "
 "forest consists of two domains in a parent-child structure.  Suppose IPA "
@@ -4213,7 +4220,7 @@ msgstr ""
 "informació sobre l'ús d'LDAP com un proveïdor d'accés."
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:81 sssd-ad.5.xml:112
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:81 sssd-ad.5.xml:115
 #: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44 sssd-files.5.xml:57
 #: sssd-secrets.5.xml:120 sssd-session-recording.5.xml:58 sssd-kcm.8.xml:139
 msgid "CONFIGURATION OPTIONS"
@@ -4317,7 +4324,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:662 sssd-ad.5.xml:283
+#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:662 sssd-ad.5.xml:286
 #: sss_override.8.xml:137 sss_override.8.xml:234
 msgid "Examples:"
 msgstr "Exemples:"
@@ -5168,39 +5175,23 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:833
-#, fuzzy
-#| msgid "ldap_user_authorized_host (string)"
 msgid "ldap_user_authorized_rhost (string)"
-msgstr "ldap_user_authorized_host (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:836
-#, fuzzy
-#| msgid ""
-#| "If access_provider=ldap and ldap_access_order=authorized_service, SSSD "
-#| "will use the presence of the authorizedService attribute in the user's "
-#| "LDAP entry to determine access privilege."
 msgid ""
 "If access_provider=ldap and ldap_access_order=rhost, SSSD will use the "
 "presence of the rhost attribute in the user's LDAP entry to determine access "
 "privilege. Similarly to host verification process."
 msgstr ""
-"Si access_provider=ldap i ldap_access_order=authorized_service, l'SSSD farà "
-"servir la presència de l'atribut authorizedService a l'entrada LDAP de "
-"l'usuari per determinar els privilegis d'accés."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:843
-#, fuzzy
-#| msgid ""
-#| "An explicit deny (!svc) is resolved first. Second, SSSD searches for "
-#| "explicit allow (svc) and finally for allow_all (*)."
 msgid ""
 "An explicit deny (!rhost) is resolved first. Second, SSSD searches for "
 "explicit allow (rhost) and finally for allow_all (*)."
 msgstr ""
-"Una denegació explícita (!svc) es resol en primer lloc. En segon lloc, "
-"l'SSSD cerca autoritzacions explícites (svc) i, finalment, allow_all (*)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:848
@@ -5212,10 +5203,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:855
-#, fuzzy
-#| msgid "Default: root"
 msgid "Default: rhost"
-msgstr "Per defecte: root"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:861
@@ -5229,10 +5218,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:868
-#, fuzzy
-#| msgid "Default: nsContainer"
 msgid "Default: userCertificate;binary"
-msgstr "Per defecte: nsContainer"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:874
@@ -5571,17 +5558,13 @@ msgstr "ldap_netgroup_modify_timestamp (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1216
-#, fuzzy
-#| msgid "ldap_user_object_class (string)"
 msgid "ldap_host_object_class (string)"
-msgstr "ldap_user_object_class (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1219
-#, fuzzy
-#| msgid "The object class of a user entry in LDAP."
 msgid "The object class of a host entry in LDAP."
-msgstr "La classe d'objecte d'una entrada d'usuari a LDAP."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1222 sssd-ldap.5.xml:1331
@@ -5590,75 +5573,55 @@ msgstr "Per defecte: ipService"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1228
-#, fuzzy
-#| msgid "ad_hostname (string)"
 msgid "ldap_host_name (string)"
-msgstr "ad_hostname (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1257
-#, fuzzy
-#| msgid "The LDAP attribute that corresponds to the group name."
 msgid "The LDAP attribute that corresponds to the host's name."
-msgstr "L'atribut LDAP que es correspon amb el nom del grup."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1241
-#, fuzzy
-#| msgid "ldap_pwdlockout_dn (string)"
 msgid "ldap_host_fqdn (string)"
-msgstr "ldap_pwdlockout_dn (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1244
-#, fuzzy
-#| msgid "The LDAP attribute that corresponds to the user's full name."
 msgid ""
 "The LDAP attribute that corresponds to the host's fully-qualified domain "
 "name."
-msgstr "L'atribut LDAP que correspon al nom complet de l'usuari."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1248
-#, fuzzy
-#| msgid "Default: cn"
 msgid "Default: fqdn"
-msgstr "Per defecte: cn"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1254
-#, fuzzy
-#| msgid "ldap_dns_service_name (string)"
 msgid "ldap_host_serverhostname (string)"
-msgstr "ldap_dns_service_name (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1261
-#, fuzzy
-#| msgid "Default: sudoHost"
 msgid "Default: serverHostname"
-msgstr "Per defecte: sudoHost"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1267
-#, fuzzy
-#| msgid "ldap_user_member_of (string)"
 msgid "ldap_host_member_of (string)"
-msgstr "ldap_user_member_of (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1270
-#, fuzzy
-#| msgid "The LDAP attribute that lists the user's group memberships."
 msgid "The LDAP attribute that lists the host's group memberships."
-msgstr "L'atribut LDAP que llista la pertanença a grups de l'usuari."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1280
-#, fuzzy
-#| msgid "ipa_host_search_base (string)"
 msgid "ldap_host_search_base (string)"
-msgstr "ipa_host_search_base (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1283
@@ -5680,33 +5643,23 @@ msgstr "Per defecte: el valor de <emphasis>ldap_search_base</emphasis>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1299
-#, fuzzy
-#| msgid "ldap_user_ssh_public_key (string)"
 msgid "ldap_host_ssh_public_key (string)"
-msgstr "ldap_user_ssh_public_key (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1302
-#, fuzzy
-#| msgid ""
-#| "The LDAP attribute that contains the path to the user's default shell."
 msgid "The LDAP attribute that contains the host's SSH public keys."
-msgstr "L'atribut LDAP que conté el camí al shell per defecte de l'usuari."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1312
-#, fuzzy
-#| msgid "ldap_user_uuid (string)"
 msgid "ldap_host_uuid (string)"
-msgstr "ldap_user_uuid (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1315
-#, fuzzy
-#| msgid ""
-#| "The LDAP attribute that contains the name of the user's home directory."
 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP host object."
-msgstr "L'atribut LDAP que conté el nom del directori inicial de l'usuari."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1325
@@ -6282,7 +6235,7 @@ msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
 msgstr "Especifica el temps de vida en segons de la TGT si s'utilitza GSSAPI."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1853 sssd-ad.5.xml:934
+#: sssd-ldap.5.xml:1853 sssd-ad.5.xml:937
 msgid "Default: 86400 (24 hours)"
 msgstr "Per defecte: 86400 (24 hores)"
 
@@ -6738,16 +6691,10 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:2237
-#, fuzzy
-#| msgid ""
-#| "<emphasis>authorized_service</emphasis>: use the authorizedService "
-#| "attribute to determine access"
 msgid ""
 "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
 "remote host can access"
 msgstr ""
-"<emphasis>authorized_service</emphasis>: utilitza l'atribut "
-"authorizedService per determinar l'accés"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:2241
@@ -6884,10 +6831,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:2341 sssd-ifp.5.xml:136
-#, fuzzy
-#| msgid "ldap_opt_timeout (integer)"
 msgid "wildcard_limit (integer)"
-msgstr "ldap_opt_timeout (enter)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:2344
@@ -7420,8 +7365,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd-ldap.5.xml:2816 sssd-simple.5.xml:131 sssd-ipa.5.xml:736
-#: sssd-ad.5.xml:1038 sssd-krb5.5.xml:570 sss_rpcidmapd.5.xml:98
-#: sssd-files.5.xml:71 sssd-session-recording.5.xml:144
+#: sssd-ad.5.xml:1041 sssd-krb5.5.xml:570 sss_rpcidmapd.5.xml:98
+#: sssd-files.5.xml:103 sssd-session-recording.5.xml:144
 msgid "EXAMPLE"
 msgstr "EXEMPLE"
 
@@ -7451,8 +7396,8 @@ msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para>
 #: sssd-ldap.5.xml:2823 sssd-ldap.5.xml:2841 sssd-simple.5.xml:139
-#: sssd-ipa.5.xml:744 sssd-ad.5.xml:1046 sssd-sudo.5.xml:56 sssd-krb5.5.xml:579
-#: sssd-files.5.xml:78 sssd-session-recording.5.xml:150
+#: sssd-ipa.5.xml:744 sssd-ad.5.xml:1049 sssd-sudo.5.xml:56 sssd-krb5.5.xml:579
+#: sssd-files.5.xml:110 sssd-session-recording.5.xml:150
 #: include/ldap_id_mapping.xml:105
 msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
@@ -7487,7 +7432,7 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd-ldap.5.xml:2857 sssd_krb5_locator_plugin.8.xml:61 sssd-simple.5.xml:148
-#: sssd-ad.5.xml:1061 sssd.8.xml:230 sss_seed.8.xml:163
+#: sssd-ad.5.xml:1064 sssd.8.xml:230 sss_seed.8.xml:163
 msgid "NOTES"
 msgstr "NOTES"
 
@@ -7979,7 +7924,7 @@ msgstr ""
 "s'avaluen els grups locals."
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:82 sssd-ad.5.xml:113
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:82 sssd-ad.5.xml:116
 msgid ""
 "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
 "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -8096,23 +8041,24 @@ msgstr ""
 msgid ""
 "The rules are processed by priority while the number '0' (zero)  indicates "
 "the highest priority. The higher the number the lower is the priority. A "
-"missing value indicates the lowest priority."
+"missing value indicates the lowest priority. The rules processing is stopped "
+"when a matched rule is found and no further rules are checked."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:50
+#: sss-certmap.5.xml:52
 msgid ""
 "Internally the priority is treated as unsigned 32bit integer, using a "
 "priority value larger than 4294967295 will cause an error."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sss-certmap.5.xml:55
+#: sss-certmap.5.xml:57
 msgid "MATCHING RULE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:57
+#: sss-certmap.5.xml:59
 msgid ""
 "The matching rule is used to select a certificate to which the mapping rule "
 "should be applied. It uses a system similar to the one used by "
@@ -8124,12 +8070,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:69
+#: sss-certmap.5.xml:71
 msgid "&lt;SUBJECT&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:72
+#: sss-certmap.5.xml:74
 msgid ""
 "With this a part or the whole subject name of the certificate can be "
 "matched. For the matching POSIX Extended Regular Expression syntax is used, "
@@ -8137,7 +8083,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:78
+#: sss-certmap.5.xml:80
 msgid ""
 "For the matching the subject name stored in the certificate in DER encoded "
 "ASN.1 is converted into a string according to RFC 4514. This means the most "
@@ -8150,172 +8096,172 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:91
+#: sss-certmap.5.xml:93
 msgid "Example: &lt;SUBJECT&gt;.*,DC=MY,DC=DOMAIN"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:96
+#: sss-certmap.5.xml:98
 msgid "&lt;ISSUER&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:99
+#: sss-certmap.5.xml:101
 msgid ""
 "With this a part or the whole issuer name of the certificate can be matched. "
 "All comments for &lt;SUBJECT&gt; apply her as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:104
+#: sss-certmap.5.xml:106
 msgid "Example: &lt;ISSUER&gt;^CN=My-CA,DC=MY,DC=DOMAIN$"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:109
+#: sss-certmap.5.xml:111
 msgid "&lt;KU&gt;key-usage"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:112
+#: sss-certmap.5.xml:114
 msgid ""
 "This option can be used to specify which key usage values the certificate "
 "should have. The following values can be used in a comma separated list:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:116
+#: sss-certmap.5.xml:118
 msgid "digitalSignature"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:117
+#: sss-certmap.5.xml:119
 msgid "nonRepudiation"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:118
+#: sss-certmap.5.xml:120
 msgid "keyEncipherment"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:119
+#: sss-certmap.5.xml:121
 msgid "dataEncipherment"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:120
+#: sss-certmap.5.xml:122
 msgid "keyAgreement"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:121
+#: sss-certmap.5.xml:123
 msgid "keyCertSign"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:122
+#: sss-certmap.5.xml:124
 msgid "cRLSign"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:123
+#: sss-certmap.5.xml:125
 msgid "encipherOnly"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:124
+#: sss-certmap.5.xml:126
 msgid "decipherOnly"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:128
+#: sss-certmap.5.xml:130
 msgid ""
 "A numerical value in the range of a 32bit unsigned integer can be used as "
 "well to cover special use cases."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:132
+#: sss-certmap.5.xml:134
 msgid "Example: &lt;KU&gt;digitalSignature,keyEncipherment"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:137
+#: sss-certmap.5.xml:139
 msgid "&lt;EKU&gt;extended-key-usage"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:140
+#: sss-certmap.5.xml:142
 msgid ""
 "This option can be used to specify which extended key usage the certificate "
 "should have. The following value can be used in a comma separated list:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:144
+#: sss-certmap.5.xml:146
 msgid "serverAuth"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:145
+#: sss-certmap.5.xml:147
 msgid "clientAuth"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:146
+#: sss-certmap.5.xml:148
 msgid "codeSigning"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:147
+#: sss-certmap.5.xml:149
 msgid "emailProtection"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:148
+#: sss-certmap.5.xml:150
 msgid "timeStamping"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:149
+#: sss-certmap.5.xml:151
 msgid "OCSPSigning"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:150
+#: sss-certmap.5.xml:152
 msgid "KPClientAuth"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:151
+#: sss-certmap.5.xml:153
 msgid "pkinit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:152
+#: sss-certmap.5.xml:154
 msgid "msScLogin"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:156
+#: sss-certmap.5.xml:158
 msgid ""
 "Extended key usages which are not listed above can be specified with their "
 "OID in dotted-decimal notation."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:160
+#: sss-certmap.5.xml:162
 msgid "Example: &lt;EKU&gt;clientAuth,1.3.6.1.5.2.3.4"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:165
+#: sss-certmap.5.xml:167
 msgid "&lt;SAN&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:168
+#: sss-certmap.5.xml:170
 msgid ""
 "To be compatible with the usage of MIT Kerberos this option will match the "
 "Kerberos principals in the PKINIT or AD NT Principal SAN as &lt;SAN:"
@@ -8323,62 +8269,62 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:173
+#: sss-certmap.5.xml:175
 msgid "Example: &lt;SAN&gt;.*@MY\\.REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:178
+#: sss-certmap.5.xml:180
 msgid "&lt;SAN:Principal&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:181
+#: sss-certmap.5.xml:183
 msgid "Match the Kerberos principals in the PKINIT or AD NT Principal SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:185
+#: sss-certmap.5.xml:187
 msgid "Example: &lt;SAN:Principal&gt;.*@MY\\.REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:190
+#: sss-certmap.5.xml:192
 msgid "&lt;SAN:ntPrincipalName&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:193
+#: sss-certmap.5.xml:195
 msgid "Match the Kerberos principals from the AD NT Principal SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:197
+#: sss-certmap.5.xml:199
 msgid "Example: &lt;SAN:ntPrincipalName&gt;.*@MY.AD.REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:202
+#: sss-certmap.5.xml:204
 msgid "&lt;SAN:pkinit&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:205
+#: sss-certmap.5.xml:207
 msgid "Match the Kerberos principals from the PKINIT SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:208
+#: sss-certmap.5.xml:210
 msgid "Example: &lt;SAN:ntPrincipalName&gt;.*@MY\\.PKINIT\\.REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:213
+#: sss-certmap.5.xml:215
 msgid "&lt;SAN:dotted-decimal-oid&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:216
+#: sss-certmap.5.xml:218
 msgid ""
 "Take the value of the otherName SAN component given by the OID in dotted-"
 "decimal notation, interpret it as string and try to match it against the "
@@ -8386,17 +8332,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:222
+#: sss-certmap.5.xml:224
 msgid "Example: &lt;SAN:1.2.3.4&gt;test"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:227
+#: sss-certmap.5.xml:229
 msgid "&lt;SAN:otherName&gt;base64-string"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:230
+#: sss-certmap.5.xml:232
 msgid ""
 "Do a binary match with the base64 encoded blob against all otherName SAN "
 "components. With this option it is possible to match against custom "
@@ -8405,145 +8351,145 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:237
+#: sss-certmap.5.xml:239
 msgid "Example: &lt;SAN:otherName&gt;MTIz"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:242
+#: sss-certmap.5.xml:244
 msgid "&lt;SAN:rfc822Name&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:245
+#: sss-certmap.5.xml:247
 msgid "Match the value of the rfc822Name SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:248
+#: sss-certmap.5.xml:250
 msgid "Example: &lt;SAN:rfc822Name&gt;.*@email\\.domain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:253
+#: sss-certmap.5.xml:255
 msgid "&lt;SAN:dNSName&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:256
+#: sss-certmap.5.xml:258
 msgid "Match the value of the dNSName SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:259
+#: sss-certmap.5.xml:261
 msgid "Example: &lt;SAN:dNSName&gt;.*\\.my\\.dns\\.domain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:264
+#: sss-certmap.5.xml:266
 msgid "&lt;SAN:x400Address&gt;base64-string"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:267
+#: sss-certmap.5.xml:269
 msgid "Binary match the value of the x400Address SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:270
+#: sss-certmap.5.xml:272
 msgid "Example: &lt;SAN:x400Address&gt;MTIz"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:275
+#: sss-certmap.5.xml:277
 msgid "&lt;SAN:directoryName&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:278
+#: sss-certmap.5.xml:280
 msgid ""
 "Match the value of the directoryName SAN. The same comments as given for &lt;"
 "ISSUER&gt; and &lt;SUBJECT&gt; apply here as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:283
+#: sss-certmap.5.xml:285
 msgid "Example: &lt;SAN:directoryName&gt;.*,DC=com"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:288
+#: sss-certmap.5.xml:290
 msgid "&lt;SAN:ediPartyName&gt;base64-string"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:291
+#: sss-certmap.5.xml:293
 msgid "Binary match the value of the ediPartyName SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:294
+#: sss-certmap.5.xml:296
 msgid "Example: &lt;SAN:ediPartyName&gt;MTIz"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:299
+#: sss-certmap.5.xml:301
 msgid "&lt;SAN:uniformResourceIdentifier&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:302
+#: sss-certmap.5.xml:304
 msgid "Match the value of the uniformResourceIdentifier SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:305
+#: sss-certmap.5.xml:307
 msgid "Example: &lt;SAN:uniformResourceIdentifier&gt;URN:.*"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:310
+#: sss-certmap.5.xml:312
 msgid "&lt;SAN:iPAddress&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:313
+#: sss-certmap.5.xml:315
 msgid "Match the value of the iPAddress SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:316
+#: sss-certmap.5.xml:318
 msgid "Example: &lt;SAN:iPAddress&gt;192\\.168\\..*"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:321
+#: sss-certmap.5.xml:323
 msgid "&lt;SAN:registeredID&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:324
+#: sss-certmap.5.xml:326
 msgid "Match the value of the registeredID SAN as dotted-decimal string."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:328
+#: sss-certmap.5.xml:330
 msgid "Example: &lt;SAN:registeredID&gt;1\\.2\\.3\\..*"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:66
+#: sss-certmap.5.xml:68
 msgid ""
 "The available options are: <placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sss-certmap.5.xml:336
+#: sss-certmap.5.xml:338
 msgid "MAPPING RULE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:338
+#: sss-certmap.5.xml:340
 msgid ""
 "The mapping rule is used to associate a certificate with one or more "
 "accounts. A Smartcard with the certificate and the matching private key can "
@@ -8551,7 +8497,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:343
+#: sss-certmap.5.xml:345
 msgid ""
 "Currently SSSD basically only supports LDAP to lookup user information (the "
 "exception is the proxy provider which is not of relevance here). Because of "
@@ -8563,7 +8509,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:353
+#: sss-certmap.5.xml:355
 msgid ""
 "In general it is recommended to use attributes from the certificate and add "
 "them to special attributes to the LDAP user object. E.g. the "
@@ -8572,7 +8518,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:359
+#: sss-certmap.5.xml:361
 msgid ""
 "This should be preferred to read user specific data from the certificate "
 "like e.g. an email address and search for it in the LDAP server. The reason "
@@ -8582,12 +8528,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:374
+#: sss-certmap.5.xml:376
 msgid "{issuer_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:377
+#: sss-certmap.5.xml:379
 msgid ""
 "This template will add the full issuer DN converted to a string according to "
 "RFC 4514. If X.500 ordering (most specific RDN comes last) an option with "
@@ -8595,40 +8541,40 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:383 sss-certmap.5.xml:409
+#: sss-certmap.5.xml:385 sss-certmap.5.xml:411
 msgid ""
 "The conversion options starting with 'ad_' will use attribute names as used "
 "by AD, e.g. 'S' instead of 'ST'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:387 sss-certmap.5.xml:413
+#: sss-certmap.5.xml:389 sss-certmap.5.xml:415
 msgid ""
 "The conversion options starting with 'nss_' will use attribute names as used "
 "by NSS."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:391 sss-certmap.5.xml:417
+#: sss-certmap.5.xml:393 sss-certmap.5.xml:419
 msgid ""
 "The default conversion option is 'nss', i.e. attribute names according to "
 "NSS and LDAP/RFC 4514 ordering."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:395
+#: sss-certmap.5.xml:397
 msgid ""
 "Example: (ipacertmapdata=X509:&lt;I&gt;{issuer_dn!ad}&lt;S&gt;{subject_dn!"
 "ad})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:400
+#: sss-certmap.5.xml:402
 msgid "{subject_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:403
+#: sss-certmap.5.xml:405
 msgid ""
 "This template will add the full subject DN converted to string according to "
 "RFC 4514. If X.500 ordering (most specific RDN comes last) an option with "
@@ -8636,19 +8582,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:421
+#: sss-certmap.5.xml:423
 msgid ""
 "Example: (ipacertmapdata=X509:&lt;I&gt;{issuer_dn!nss_x500}&lt;S&gt;"
 "{subject_dn!nss_x500})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:426
+#: sss-certmap.5.xml:428
 msgid "{cert[!(bin|base64)]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:429
+#: sss-certmap.5.xml:431
 msgid ""
 "This template will add the whole DER encoded certificate as a string to the "
 "search filter. Depending on the conversion option the binary certificate is "
@@ -8658,17 +8604,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:437
+#: sss-certmap.5.xml:439
 msgid "Example: (userCertificate;binary={cert!bin})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:442
+#: sss-certmap.5.xml:444
 msgid "{subject_principal[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:445
+#: sss-certmap.5.xml:447
 msgid ""
 "This template will add the Kerberos principal which is taken either from the "
 "SAN used by pkinit or the one used by AD. The 'short_name' component "
@@ -8676,19 +8622,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:451 sss-certmap.5.xml:479
+#: sss-certmap.5.xml:453 sss-certmap.5.xml:481
 msgid ""
 "Example: (|(userPrincipal={subject_principal})"
 "(samAccountName={subject_principal.short_name}))"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:456
+#: sss-certmap.5.xml:458
 msgid "{subject_pkinit_principal[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:459
+#: sss-certmap.5.xml:461
 msgid ""
 "This template will add the Kerberos principal which is given by the SAN used "
 "by pkinit. The 'short_name' component represents the first part of the "
@@ -8696,19 +8642,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:465
+#: sss-certmap.5.xml:467
 msgid ""
 "Example: (|(userPrincipal={subject_pkinit_principal})"
 "(uid={subject_pkinit_principal.short_name}))"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:470
+#: sss-certmap.5.xml:472
 msgid "{subject_nt_principal[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:473
+#: sss-certmap.5.xml:475
 msgid ""
 "This template will add the Kerberos principal which is given by the SAN used "
 "by AD. The 'short_name' component represent the first part of the principal "
@@ -8716,12 +8662,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:484
+#: sss-certmap.5.xml:486
 msgid "{subject_rfc822_name[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:487
+#: sss-certmap.5.xml:489
 msgid ""
 "This template will add the string which is stored in the rfc822Name "
 "component of the SAN, typically an email address. The 'short_name' component "
@@ -8729,19 +8675,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:493
+#: sss-certmap.5.xml:495
 msgid ""
 "Example: (|(mail={subject_rfc822_name})(uid={subject_rfc822_name."
 "short_name}))"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:498
+#: sss-certmap.5.xml:500
 msgid "{subject_dns_name[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:501
+#: sss-certmap.5.xml:503
 msgid ""
 "This template will add the string which is stored in the dNSName component "
 "of the SAN, typically a fully-qualified host name.  The 'short_name' "
@@ -8749,116 +8695,116 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:507
+#: sss-certmap.5.xml:509
 msgid ""
 "Example: (|(fqdn={subject_dns_name})(host={subject_dns_name.short_name}))"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:512
+#: sss-certmap.5.xml:514
 msgid "{subject_uri}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:515
+#: sss-certmap.5.xml:517
 msgid ""
 "This template will add the string which is stored in the "
 "uniformResourceIdentifier component of the SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:519
+#: sss-certmap.5.xml:521
 msgid "Example: (uri={subject_uri})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:524
+#: sss-certmap.5.xml:526
 msgid "{subject_ip_address}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:527
+#: sss-certmap.5.xml:529
 msgid ""
 "This template will add the string which is stored in the iPAddress component "
 "of the SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:531
+#: sss-certmap.5.xml:533
 msgid "Example: (ip={subject_ip_address})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:536
+#: sss-certmap.5.xml:538
 msgid "{subject_x400_address}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:539
+#: sss-certmap.5.xml:541
 msgid ""
 "This template will add the value which is stored in the x400Address "
 "component of the SAN as escaped hex sequence."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:544
+#: sss-certmap.5.xml:546
 msgid "Example: (attr:binary={subject_x400_address})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:549
+#: sss-certmap.5.xml:551
 msgid ""
 "{subject_directory_name[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:552
+#: sss-certmap.5.xml:554
 msgid ""
 "This template will add the DN string of the value which is stored in the "
 "directoryName component of the SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:556
+#: sss-certmap.5.xml:558
 msgid "Example: (orig_dn={subject_directory_name})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:561
+#: sss-certmap.5.xml:563
 msgid "{subject_ediparty_name}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:564
+#: sss-certmap.5.xml:566
 msgid ""
 "This template will add the value which is stored in the ediPartyName "
 "component of the SAN as escaped hex sequence."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:569
+#: sss-certmap.5.xml:571
 msgid "Example: (attr:binary={subject_ediparty_name})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:574
+#: sss-certmap.5.xml:576
 msgid "{subject_registered_id}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:577
+#: sss-certmap.5.xml:579
 msgid ""
 "This template will add the OID which is stored in the registeredID component "
 "of the SAN as a dotted-decimal string."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:582
+#: sss-certmap.5.xml:584
 msgid "Example: (oid={subject_registered_id})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:367
+#: sss-certmap.5.xml:369
 msgid ""
 "The templates to add certificate data to the search filter are based on "
 "Python-style formatting strings. They consist of a keyword in curly braces "
@@ -8868,12 +8814,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sss-certmap.5.xml:590
+#: sss-certmap.5.xml:592
 msgid "DOMAIN LIST"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:592
+#: sss-certmap.5.xml:594
 msgid ""
 "If the domain list is not empty users mapped to a given certificate are not "
 "only searched in the local domain but in the listed domains as well as long "
@@ -9000,20 +8946,14 @@ msgstr "ipa_hostname (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:119
-#, fuzzy
-#| msgid ""
-#| "Optional. May be set on machines where the hostname(5) does not reflect "
-#| "the fully qualified name used in the IPA domain to identify this host."
 msgid ""
 "Optional. May be set on machines where the hostname(5) does not reflect the "
 "fully qualified name used in the IPA domain to identify this host.  The "
 "hostname must be fully qualified."
 msgstr ""
-"Opcional. Es pot definir en màquines on el hostname(5) no reflecteix el nom "
-"complet utilitzat en el domini d'IPA per identificar aquest amfitrió."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:863
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:866
 msgid "dyndns_update (boolean)"
 msgstr "dyndns_update (booleà)"
 
@@ -9028,7 +8968,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:140 sssd-ad.5.xml:877
+#: sssd-ipa.5.xml:140 sssd-ad.5.xml:880
 msgid ""
 "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
 "the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -9043,12 +8983,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:157 sssd-ad.5.xml:888
+#: sssd-ipa.5.xml:157 sssd-ad.5.xml:891
 msgid "dyndns_ttl (integer)"
 msgstr "dyndns_ttl (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:160 sssd-ad.5.xml:891
+#: sssd-ipa.5.xml:160 sssd-ad.5.xml:894
 msgid ""
 "The TTL to apply to the client DNS record when updating it.  If "
 "dyndns_update is false this has no effect. This will override the TTL "
@@ -9069,12 +9009,12 @@ msgid "Default: 1200 (seconds)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:177 sssd-ad.5.xml:902
+#: sssd-ipa.5.xml:177 sssd-ad.5.xml:905
 msgid "dyndns_iface (string)"
 msgstr "dyndns_iface (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:180 sssd-ad.5.xml:905
+#: sssd-ipa.5.xml:180 sssd-ad.5.xml:908
 msgid ""
 "Optional. Applicable only when dyndns_update is true. Choose the interface "
 "or a list of interfaces whose IP addresses should be used for dynamic DNS "
@@ -9098,17 +9038,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:197 sssd-ad.5.xml:916
+#: sssd-ipa.5.xml:197 sssd-ad.5.xml:919
 msgid "Example: dyndns_iface = em1, vnet1, vnet2"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:203 sssd-ad.5.xml:967
+#: sssd-ipa.5.xml:203 sssd-ad.5.xml:970
 msgid "dyndns_auth (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:206 sssd-ad.5.xml:970
+#: sssd-ipa.5.xml:206 sssd-ad.5.xml:973
 msgid ""
 "Whether the nsupdate utility should use GSS-TSIG authentication for secure "
 "updates with the DNS server, insecure updates can be sent by setting this "
@@ -9116,7 +9056,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:212 sssd-ad.5.xml:976
+#: sssd-ipa.5.xml:212 sssd-ad.5.xml:979
 msgid "Default: GSS-TSIG"
 msgstr ""
 
@@ -9126,7 +9066,7 @@ msgid "ipa_enable_dns_sites (boolean)"
 msgstr "ipa_enable_dns_sites (booleà)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:221 sssd-ad.5.xml:210
+#: sssd-ipa.5.xml:221 sssd-ad.5.xml:213
 msgid "Enables DNS sites - location based service discovery."
 msgstr ""
 
@@ -9143,7 +9083,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:244 sssd-ad.5.xml:922
+#: sssd-ipa.5.xml:244 sssd-ad.5.xml:925
 msgid "dyndns_refresh_interval (integer)"
 msgstr "dyndns_refresh_interval (enter)"
 
@@ -9156,12 +9096,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:940
+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:943
 msgid "dyndns_update_ptr (bool)"
 msgstr "dyndns_update_ptr (booleà)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:263 sssd-ad.5.xml:943
+#: sssd-ipa.5.xml:263 sssd-ad.5.xml:946
 msgid ""
 "Whether the PTR record should also be explicitly updated when updating the "
 "client's DNS records.  Applicable only when dyndns_update is true."
@@ -9180,59 +9120,57 @@ msgid "Default: False (disabled)"
 msgstr "Per defecte: False (inhabilitat)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:280 sssd-ad.5.xml:954
+#: sssd-ipa.5.xml:280 sssd-ad.5.xml:957
 msgid "dyndns_force_tcp (bool)"
 msgstr "dyndns_force_tcp (booleà)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:283 sssd-ad.5.xml:957
+#: sssd-ipa.5.xml:283 sssd-ad.5.xml:960
 msgid ""
 "Whether the nsupdate utility should default to using TCP for communicating "
 "with the DNS server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:287 sssd-ad.5.xml:961
+#: sssd-ipa.5.xml:287 sssd-ad.5.xml:964
 msgid "Default: False (let nsupdate choose the protocol)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:293 sssd-ad.5.xml:982
+#: sssd-ipa.5.xml:293 sssd-ad.5.xml:985
 msgid "dyndns_server (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:296 sssd-ad.5.xml:985
+#: sssd-ipa.5.xml:296 sssd-ad.5.xml:988
 msgid ""
 "The DNS server to use when performing a DNS update. In most setups, it's "
 "recommended to leave this option unset."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:301 sssd-ad.5.xml:990
+#: sssd-ipa.5.xml:301 sssd-ad.5.xml:993
 msgid ""
 "Setting this option makes sense for environments where the DNS server is "
 "different from the identity server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:306 sssd-ad.5.xml:995
+#: sssd-ipa.5.xml:306 sssd-ad.5.xml:998
 msgid ""
 "Please note that this option will be only used in fallback attempt when "
 "previous attempt using autodetected settings failed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1000
+#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1003
 msgid "Default: None (let nsupdate choose the server)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:317
-#, fuzzy
-#| msgid "ipa_views_search_base (string)"
 msgid "ipa_deskprofile_search_base (string)"
-msgstr "ipa_views_search_base (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:320
@@ -9336,36 +9274,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:443 sssd-ad.5.xml:1009
+#: sssd-ipa.5.xml:443 sssd-ad.5.xml:1012
 msgid "krb5_confd_path (string)"
 msgstr "krb5_confd_path (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:446 sssd-ad.5.xml:1012
+#: sssd-ipa.5.xml:446 sssd-ad.5.xml:1015
 msgid ""
 "Absolute path of a directory where SSSD should place Kerberos configuration "
 "snippets."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:450 sssd-ad.5.xml:1016
+#: sssd-ipa.5.xml:450 sssd-ad.5.xml:1019
 msgid ""
 "To disable the creation of the configuration snippets set the parameter to "
 "'none'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454 sssd-ad.5.xml:1020
+#: sssd-ipa.5.xml:454 sssd-ad.5.xml:1023
 msgid ""
 "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:461
-#, fuzzy
-#| msgid "ipa_hbac_refresh (integer)"
 msgid "ipa_deskprofile_refresh (integer)"
-msgstr "ipa_hbac_refresh (enter)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:464
@@ -9376,16 +9312,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471 sssd-ipa.5.xml:501 sssd-ipa.5.xml:517 sssd-ad.5.xml:428
+#: sssd-ipa.5.xml:471 sssd-ipa.5.xml:501 sssd-ipa.5.xml:517 sssd-ad.5.xml:431
 msgid "Default: 5 (seconds)"
 msgstr "Per defecte: 5 (segons)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:477
-#, fuzzy
-#| msgid "ldap_sudo_full_refresh_interval (integer)"
 msgid "ipa_deskprofile_request_interval (integer)"
-msgstr "ldap_sudo_full_refresh_interval (enter)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:480
@@ -9396,10 +9330,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:485
-#, fuzzy
-#| msgid "Default: 900 (15 minutes)"
 msgid "Default: 60 (minutes)"
-msgstr "Per defecte: 900 (15 minuts)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:491
@@ -9810,11 +9742,13 @@ msgid ""
 "POSIX attributes are not replicated to the Global Catalog, SSSD must search "
 "all the domains in the forest sequentially. Please note that the "
 "<quote>cache_first</quote> option might be also helpful in speeding up "
-"domainless searches."
+"domainless searches.  Note that if only a subset of POSIX attributes is "
+"present in the Global Catalog, the non-replicated attributes are currently "
+"not read from the LDAP port."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:105
+#: sssd-ad.5.xml:108
 msgid ""
 "Users, groups and other entities served by SSSD are always treated as case-"
 "insensitive in the AD provider for compatibility with Active Directory's "
@@ -9822,38 +9756,38 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:120
+#: sssd-ad.5.xml:123
 msgid "ad_domain (string)"
 msgstr "ad_domain (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:123
+#: sssd-ad.5.xml:126
 msgid ""
 "Specifies the name of the Active Directory domain.  This is optional. If not "
 "provided, the configuration domain name is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:128
+#: sssd-ad.5.xml:131
 msgid ""
 "For proper operation, this option should be specified as the lower-case "
 "version of the long version of the Active Directory domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:133
+#: sssd-ad.5.xml:136
 msgid ""
 "The short domain name (also known as the NetBIOS or the flat name) is "
 "autodetected by the SSSD."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:140
+#: sssd-ad.5.xml:143
 msgid "ad_enabled_domains (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:143
+#: sssd-ad.5.xml:146
 msgid ""
 "A comma-separated list of enabled Active Directory domains.  If provided, "
 "SSSD will ignore any domains not listed in this option. If left unset, all "
@@ -9861,7 +9795,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:153
+#: sssd-ad.5.xml:156
 #, no-wrap
 msgid ""
 "ad_enabled_domains = sales.example.com, eng.example.com\n"
@@ -9869,7 +9803,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:149
+#: sssd-ad.5.xml:152
 msgid ""
 "For proper operation, this option must be specified in all lower-case and as "
 "the fully qualified domain name of the Active Directory domain. For example: "
@@ -9877,19 +9811,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:157
+#: sssd-ad.5.xml:160
 msgid ""
 "The short domain name (also known as the NetBIOS or the flat name) will be "
 "autodetected by SSSD."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:167
+#: sssd-ad.5.xml:170
 msgid "ad_server, ad_backup_server (string)"
 msgstr "ad_server, ad_backup_server (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:170
+#: sssd-ad.5.xml:173
 msgid ""
 "The comma-separated list of hostnames of the AD servers to which SSSD should "
 "connect in order of preference. For more information on failover and server "
@@ -9897,26 +9831,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:177
+#: sssd-ad.5.xml:180
 msgid ""
 "This is optional if autodiscovery is enabled.  For more information on "
 "service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:182
+#: sssd-ad.5.xml:185
 msgid ""
 "Note: Trusted domains will always auto-discover servers even if the primary "
 "server is explicitly defined in the ad_server option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:190
+#: sssd-ad.5.xml:193
 msgid "ad_hostname (string)"
 msgstr "ad_hostname (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:193
+#: sssd-ad.5.xml:196
 msgid ""
 "Optional. May be set on machines where the hostname(5) does not reflect the "
 "fully qualified name used in the Active Directory domain to identify this "
@@ -9924,19 +9858,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:199
+#: sssd-ad.5.xml:202
 msgid ""
 "This field is used to determine the host principal in use in the keytab. It "
 "must match the hostname for which the keytab was issued."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:207
+#: sssd-ad.5.xml:210
 msgid "ad_enable_dns_sites (boolean)"
 msgstr "ad_enable_dns_sites (booleà)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:214
+#: sssd-ad.5.xml:217
 msgid ""
 "If true and service discovery (see Service Discovery paragraph at the bottom "
 "of the man page)  is enabled, the SSSD will first attempt to discover the "
@@ -9947,12 +9881,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:230
+#: sssd-ad.5.xml:233
 msgid "ad_access_filter (string)"
 msgstr "ad_access_filter (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:233
+#: sssd-ad.5.xml:236
 msgid ""
 "This option specifies LDAP access control filter that the user must match in "
 "order to be allowed access. Please note that the <quote>access_provider</"
@@ -9961,7 +9895,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:241
+#: sssd-ad.5.xml:244
 msgid ""
 "The option also supports specifying different filters per domain or forest. "
 "This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>.  "
@@ -9970,7 +9904,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:249
+#: sssd-ad.5.xml:252
 msgid ""
 "If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</"
 "quote> specifies the domain or subdomain the filter applies to.  If the "
@@ -9979,14 +9913,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:257
+#: sssd-ad.5.xml:260
 msgid ""
 "Multiple filters can be separated with the <quote>?</quote> character, "
 "similarly to how search bases work."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:262
+#: sssd-ad.5.xml:265
 msgid ""
 "Nested group membership must be searched for using a special OID "
 "<quote>:1.2.840.113556.1.4.1941:</quote> in addition to the full DOM:domain."
@@ -9999,7 +9933,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:275
+#: sssd-ad.5.xml:278
 msgid ""
 "The most specific match is always used. For example, if the option specified "
 "filter for a domain the user is a member of and a global filter, the per-"
@@ -10008,7 +9942,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ad.5.xml:286
+#: sssd-ad.5.xml:289
 #, no-wrap
 msgid ""
 "# apply filter on domain called dom1 only:\n"
@@ -10026,24 +9960,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:305
+#: sssd-ad.5.xml:308
 msgid "ad_site (string)"
 msgstr "ad_site (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:308
+#: sssd-ad.5.xml:311
 msgid ""
 "Specify AD site to which client should try to connect.  If this option is "
 "not provided, the AD site will be auto-discovered."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:319
+#: sssd-ad.5.xml:322
 msgid "ad_enable_gc (boolean)"
 msgstr "ad_enable_gc (booleà)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:322
+#: sssd-ad.5.xml:325
 msgid ""
 "By default, the SSSD connects to the Global Catalog first to retrieve users "
 "from trusted domains and uses the LDAP port to retrieve group memberships or "
@@ -10052,7 +9986,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:330
+#: sssd-ad.5.xml:333
 msgid ""
 "Please note that disabling Global Catalog support does not disable "
 "retrieving users from trusted domains. The SSSD would connect to the LDAP "
@@ -10061,12 +9995,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:344
+#: sssd-ad.5.xml:347
 msgid "ad_gpo_access_control (string)"
 msgstr "ad_gpo_access_control (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:347
+#: sssd-ad.5.xml:350
 msgid ""
 "This option specifies the operation mode for GPO-based access control "
 "functionality: whether it operates in disabled mode, enforcing mode, or "
@@ -10076,14 +10010,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:356
+#: sssd-ad.5.xml:359
 msgid ""
 "GPO-based access control functionality uses GPO policy settings to determine "
 "whether or not a particular user is allowed to logon to a particular host."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:362
+#: sssd-ad.5.xml:365
 msgid ""
 "NOTE: The current version of SSSD does not support host (computer) entries "
 "in the GPO 'Security Filtering' list. Only user and group entries are "
@@ -10091,7 +10025,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:369
+#: sssd-ad.5.xml:372
 msgid ""
 "NOTE: If the operation mode is set to enforcing, it is possible that users "
 "that were previously allowed logon access will now be denied logon access "
@@ -10104,23 +10038,23 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:382
+#: sssd-ad.5.xml:385
 msgid "There are three supported values for this option:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:386
+#: sssd-ad.5.xml:389
 msgid ""
 "disabled: GPO-based access control rules are neither evaluated nor enforced."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:392
+#: sssd-ad.5.xml:395
 msgid "enforcing: GPO-based access control rules are evaluated and enforced."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:398
+#: sssd-ad.5.xml:401
 msgid ""
 "permissive: GPO-based access control rules are evaluated, but not enforced.  "
 "Instead, a syslog message will be emitted indicating that the user would "
@@ -10128,22 +10062,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:409
+#: sssd-ad.5.xml:412
 msgid "Default: permissive"
 msgstr "Per defecte: permissive"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:412
+#: sssd-ad.5.xml:415
 msgid "Default: enforcing"
 msgstr "Per defecte: enforcing"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:418
+#: sssd-ad.5.xml:421
 msgid "ad_gpo_cache_timeout (integer)"
 msgstr "ad_gpo_cache_timeout (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:421
+#: sssd-ad.5.xml:424
 msgid ""
 "The amount of time between lookups of GPO policy files against the AD "
 "server. This will reduce the latency and load on the AD server if there are "
@@ -10151,12 +10085,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:434
+#: sssd-ad.5.xml:437
 msgid "ad_gpo_map_interactive (string)"
 msgstr "ad_gpo_map_interactive (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:437
+#: sssd-ad.5.xml:440
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the InteractiveLogonRight and "
@@ -10164,14 +10098,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:443
+#: sssd-ad.5.xml:446
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Allow "
 "log on locally\" and \"Deny log on locally\"."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:457
+#: sssd-ad.5.xml:460
 #, no-wrap
 msgid ""
 "ad_gpo_map_interactive = +my_pam_service, -login\n"
@@ -10181,7 +10115,7 @@ msgstr ""
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:448
+#: sssd-ad.5.xml:451
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -10193,78 +10127,78 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:461 sssd-ad.5.xml:557 sssd-ad.5.xml:603 sssd-ad.5.xml:648
-#: sssd-ad.5.xml:714
+#: sssd-ad.5.xml:464 sssd-ad.5.xml:560 sssd-ad.5.xml:606 sssd-ad.5.xml:651
+#: sssd-ad.5.xml:717
 msgid "Default: the default set of PAM service names includes:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:465
+#: sssd-ad.5.xml:468
 msgid "login"
 msgstr "login"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:470
+#: sssd-ad.5.xml:473
 msgid "su"
 msgstr "su"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:475
+#: sssd-ad.5.xml:478
 msgid "su-l"
 msgstr "su-l"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:480
+#: sssd-ad.5.xml:483
 msgid "gdm-fingerprint"
 msgstr "gdm-fingerprint"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:485
+#: sssd-ad.5.xml:488
 msgid "gdm-password"
 msgstr "gdm-password"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:490
+#: sssd-ad.5.xml:493
 msgid "gdm-smartcard"
 msgstr "gdm-smartcard"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:495
+#: sssd-ad.5.xml:498
 msgid "kdm"
 msgstr "kdm"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:500
+#: sssd-ad.5.xml:503
 msgid "lightdm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:505
+#: sssd-ad.5.xml:508
 msgid "lxdm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:510
+#: sssd-ad.5.xml:513
 msgid "sddm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:515
+#: sssd-ad.5.xml:518
 msgid "unity"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:520
+#: sssd-ad.5.xml:523
 msgid "xdm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:529
+#: sssd-ad.5.xml:532
 msgid "ad_gpo_map_remote_interactive (string)"
 msgstr "ad_gpo_map_remote_interactive (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:532
+#: sssd-ad.5.xml:535
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the RemoteInteractiveLogonRight and "
@@ -10272,7 +10206,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:538
+#: sssd-ad.5.xml:541
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Allow "
 "log on through Remote Desktop Services\" and \"Deny log on through Remote "
@@ -10280,7 +10214,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:553
+#: sssd-ad.5.xml:556
 #, no-wrap
 msgid ""
 "ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n"
@@ -10290,7 +10224,7 @@ msgstr ""
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:544
+#: sssd-ad.5.xml:547
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -10302,22 +10236,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:561
+#: sssd-ad.5.xml:564
 msgid "sshd"
 msgstr "sshd"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:566
+#: sssd-ad.5.xml:569
 msgid "cockpit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:575
+#: sssd-ad.5.xml:578
 msgid "ad_gpo_map_network (string)"
 msgstr "ad_gpo_map_network (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:578
+#: sssd-ad.5.xml:581
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the NetworkLogonRight and "
@@ -10325,7 +10259,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:584
+#: sssd-ad.5.xml:587
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Access "
 "this computer from the network\" and \"Deny access to this computer from the "
@@ -10333,7 +10267,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:599
+#: sssd-ad.5.xml:602
 #, no-wrap
 msgid ""
 "ad_gpo_map_network = +my_pam_service, -ftp\n"
@@ -10343,7 +10277,7 @@ msgstr ""
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:590
+#: sssd-ad.5.xml:593
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -10355,22 +10289,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:607
+#: sssd-ad.5.xml:610
 msgid "ftp"
 msgstr "ftp"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:612
+#: sssd-ad.5.xml:615
 msgid "samba"
 msgstr "samba"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:621
+#: sssd-ad.5.xml:624
 msgid "ad_gpo_map_batch (string)"
 msgstr "ad_gpo_map_batch (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:624
+#: sssd-ad.5.xml:627
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the BatchLogonRight and DenyBatchLogonRight "
@@ -10378,14 +10312,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:630
+#: sssd-ad.5.xml:633
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Allow "
 "log on as a batch job\" and \"Deny log on as a batch job\"."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:644
+#: sssd-ad.5.xml:647
 #, no-wrap
 msgid ""
 "ad_gpo_map_batch = +my_pam_service, -crond\n"
@@ -10395,7 +10329,7 @@ msgstr ""
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:635
+#: sssd-ad.5.xml:638
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -10407,17 +10341,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:652
+#: sssd-ad.5.xml:655
 msgid "crond"
 msgstr "crond"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:661
+#: sssd-ad.5.xml:664
 msgid "ad_gpo_map_service (string)"
 msgstr "ad_gpo_map_service (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:664
+#: sssd-ad.5.xml:667
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the ServiceLogonRight and "
@@ -10425,14 +10359,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:670
+#: sssd-ad.5.xml:673
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Allow "
 "log on as a service\" and \"Deny log on as a service\"."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:683
+#: sssd-ad.5.xml:686
 #, no-wrap
 msgid ""
 "ad_gpo_map_service = +my_pam_service\n"
@@ -10442,7 +10376,7 @@ msgstr ""
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:675 sssd-ad.5.xml:750
+#: sssd-ad.5.xml:678 sssd-ad.5.xml:753
 msgid ""
 "It is possible to add a PAM service name to the default set by using <quote>"
 "+service_name</quote>.  Since the default set is empty, it is not possible "
@@ -10453,19 +10387,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:693
+#: sssd-ad.5.xml:696
 msgid "ad_gpo_map_permit (string)"
 msgstr "ad_gpo_map_permit (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:696
+#: sssd-ad.5.xml:699
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access is "
 "always granted, regardless of any GPO Logon Rights."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:710
+#: sssd-ad.5.xml:713
 #, no-wrap
 msgid ""
 "ad_gpo_map_permit = +my_pam_service, -sudo\n"
@@ -10475,7 +10409,7 @@ msgstr ""
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:701
+#: sssd-ad.5.xml:704
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -10487,39 +10421,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:718
+#: sssd-ad.5.xml:721
 msgid "polkit-1"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:723
+#: sssd-ad.5.xml:726
 msgid "sudo"
 msgstr "sudo"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:728
+#: sssd-ad.5.xml:731
 msgid "sudo-i"
 msgstr "sudo-i"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:733
+#: sssd-ad.5.xml:736
 msgid "systemd-user"
 msgstr "systemd-user"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:742
+#: sssd-ad.5.xml:745
 msgid "ad_gpo_map_deny (string)"
 msgstr "ad_gpo_map_deny (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:745
+#: sssd-ad.5.xml:748
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access is "
 "always denied, regardless of any GPO Logon Rights."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:758
+#: sssd-ad.5.xml:761
 #, no-wrap
 msgid ""
 "ad_gpo_map_deny = +my_pam_service\n"
@@ -10529,12 +10463,12 @@ msgstr ""
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:768
+#: sssd-ad.5.xml:771
 msgid "ad_gpo_default_right (string)"
 msgstr "ad_gpo_default_right (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:771
+#: sssd-ad.5.xml:774
 msgid ""
 "This option defines how access control is evaluated for PAM service names "
 "that are not explicitly listed in one of the ad_gpo_map_* options. This "
@@ -10547,57 +10481,57 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:784
+#: sssd-ad.5.xml:787
 msgid "Supported values for this option include:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:788
+#: sssd-ad.5.xml:791
 msgid "interactive"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:793
+#: sssd-ad.5.xml:796
 msgid "remote_interactive"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:798
+#: sssd-ad.5.xml:801
 msgid "network"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:803
+#: sssd-ad.5.xml:806
 msgid "batch"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:808
+#: sssd-ad.5.xml:811
 msgid "service"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:813
+#: sssd-ad.5.xml:816
 msgid "permit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:818
+#: sssd-ad.5.xml:821
 msgid "deny"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:824
+#: sssd-ad.5.xml:827
 msgid "Default: deny"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:830
+#: sssd-ad.5.xml:833
 msgid "ad_maximum_machine_account_password_age (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:833
+#: sssd-ad.5.xml:836
 msgid ""
 "SSSD will check once a day if the machine account password is older than the "
 "given age in days and try to renew it. A value of 0 will disable the renewal "
@@ -10605,17 +10539,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:839
+#: sssd-ad.5.xml:842
 msgid "Default: 30 days"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:845
+#: sssd-ad.5.xml:848
 msgid "ad_machine_account_password_renewal_opts (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:848
+#: sssd-ad.5.xml:851
 msgid ""
 "This option should only be used to test the machine account renewal task. "
 "The option expects 2 integers separated by a colon (':'). The first integer "
@@ -10625,12 +10559,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:857
+#: sssd-ad.5.xml:860
 msgid "Default: 86400:750 (24h and 15m)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:866
+#: sssd-ad.5.xml:869
 msgid ""
 "Optional. This option tells SSSD to automatically update the Active "
 "Directory DNS server with the IP address of this client. The update is "
@@ -10641,19 +10575,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:896
+#: sssd-ad.5.xml:899
 msgid "Default: 3600 (seconds)"
 msgstr "Per defecte: 3600 (segons)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:912
+#: sssd-ad.5.xml:915
 msgid ""
 "Default: Use the IP addresses of the interface which is used for AD LDAP "
 "connection"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:925
+#: sssd-ad.5.xml:928
 msgid ""
 "How often should the back end perform periodic DNS update in addition to the "
 "automatic update performed when the back end goes online.  This option is "
@@ -10663,12 +10597,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:948 sss_rpcidmapd.5.xml:76
+#: sssd-ad.5.xml:951 sss_rpcidmapd.5.xml:76
 msgid "Default: True"
 msgstr "Per defecte: True"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:1040
+#: sssd-ad.5.xml:1043
 msgid ""
 "The following example assumes that SSSD is correctly configured and example."
 "com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -10676,7 +10610,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:1047
+#: sssd-ad.5.xml:1050
 #, no-wrap
 msgid ""
 "[domain/EXAMPLE]\n"
@@ -10700,7 +10634,7 @@ msgstr ""
 "ad_domain = exemple.com\n"
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:1067
+#: sssd-ad.5.xml:1070
 #, no-wrap
 msgid ""
 "access_provider = ldap\n"
@@ -10712,7 +10646,7 @@ msgstr ""
 "ldap_account_expire_policy = ad\n"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:1063
+#: sssd-ad.5.xml:1066
 msgid ""
 "The AD access control provider checks if the account is expired.  It has the "
 "same effect as the following configuration of the LDAP provider: "
@@ -10720,7 +10654,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:1073
+#: sssd-ad.5.xml:1076
 msgid ""
 "However, unless the <quote>ad</quote> access control provider is explicitly "
 "configured, the default access provider is <quote>permit</quote>. Please "
@@ -10730,15 +10664,15 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:1081
+#: sssd-ad.5.xml:1084
 msgid ""
 "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
 "attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
 "are included in the default Active Directory schema."
 msgstr ""
 
-#. type: Content of: <reference><refentry><refmeta><refentrytitle>
-#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 sssd-session-recording.5.xml:10
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16
 msgid "sssd-sudo"
 msgstr "sssd-sudo"
 
@@ -11082,10 +11016,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sssd.8.xml:101
-#, fuzzy
-#| msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>"
 msgid "<option>--logger=</option><replaceable>value</replaceable>"
-msgstr "<option>--debug-timestamps=</option><replaceable>mode</replaceable>"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd.8.xml:105
@@ -11097,39 +11029,24 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd.8.xml:112
-#, fuzzy
-#| msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages"
 msgid ""
 "<emphasis>stderr</emphasis>: Redirect debug messages to standard error "
 "output."
 msgstr ""
-"<emphasis>1</emphasis>: Afegeix una marca temporal als registres de depuració"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd.8.xml:116
-#, fuzzy
-#| msgid ""
-#| "Send the debug output to files instead of stderr. By default, the log "
-#| "files are stored in <filename>/var/log/sssd</filename> and there are "
-#| "separate log files for every SSSD service and domain."
 msgid ""
 "<emphasis>files</emphasis>: Redirect debug messages to the log files. By "
 "default, the log files are stored in <filename>/var/log/sssd</filename> and "
 "there are separate log files for every SSSD service and domain."
 msgstr ""
-"Envia la sortida de depuració als fitxers en comptes de l'stderr. Per "
-"defecte, els fitxers dels registres s'emmagatzemen a <filename>/var/log/"
-"sssd</filename> i hi ha fitxers dels registres que se separen per a cadascun "
-"dels serveis i dels dominis de l'SSSD."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd.8.xml:122
-#, fuzzy
-#| msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages"
 msgid ""
 "<emphasis>journald</emphasis>: Redirect debug messages to systemd-journald"
 msgstr ""
-"<emphasis>1</emphasis>: Afegeix una marca temporal als registres de depuració"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sssd.8.xml:132
@@ -11333,7 +11250,7 @@ msgid "The password to obfuscate will be read from standard input."
 msgstr "La contrasenya per ofuscar es llegirà de l'entrada estàndard."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:70
+#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:127
 #: sss_ssh_knownhostsproxy.1.xml:78
 msgid ""
 "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
@@ -12992,10 +12909,8 @@ msgstr "sss_debuglevel"
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sss_debuglevel.8.xml:16
-#, fuzzy
-#| msgid "change debug level while SSSD is running"
 msgid "[DEPRECATED] change debug level while SSSD is running"
-msgstr "canvia el nivell de depuració mentre s'està executant l'SSSD"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
 #: sss_debuglevel.8.xml:21
@@ -13596,19 +13511,109 @@ msgid ""
 "\" id=\"0\"/>"
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sss_ssh_authorizedkeys.1.xml:65
+msgid "KEYS FROM CERTIFICATES"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:67
+msgid ""
+"In addition to the public SSH keys for user <replaceable>USER</replaceable> "
+"<command>sss_ssh_authorizedkeys</command> can return public SSH keys derived "
+"from the public key of a X.509 certificate as well."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:73
+msgid ""
+"To enable this the <quote>ssh_use_certificate_keys</quote> option must be "
+"set to true (default) in the [ssh] section of <filename>sssd.conf</"
+"filename>. If the user entry contains certificates (see "
+"<quote>ldap_user_certificate</quote> in <citerefentry><refentrytitle>sssd-"
+"ldap</refentrytitle> <manvolnum>5</manvolnum></citerefentry> for details) or "
+"there is a certificate in an override entry for the user (see "
+"<citerefentry><refentrytitle>sss_override</refentrytitle> <manvolnum>8</"
+"manvolnum></citerefentry> or <citerefentry><refentrytitle>sssd-ipa</"
+"refentrytitle> <manvolnum>5</manvolnum></citerefentry> for details) and the "
+"certificate is valid SSSD will extract the public key from the certificate "
+"and convert it into the format expected by sshd."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:90
+msgid "Besides <quote>ssh_use_certificate_keys</quote> the options"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+#: sss_ssh_authorizedkeys.1.xml:92
+msgid "ca_db"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+#: sss_ssh_authorizedkeys.1.xml:93
+#, fuzzy
+#| msgid "client_idle_timeout"
+msgid "p11_child_timeout"
+msgstr "client_idle_timeout"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+#: sss_ssh_authorizedkeys.1.xml:94
+msgid "certificate_verification"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:96
+#, fuzzy
+#| msgid ""
+#| "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
+#| "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
+#| "citerefentry> for more information on configuring Kerberos."
+msgid ""
+"can be used to control how the certificates are validated (see "
+"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry> for details)."
+msgstr ""
+"<quote>krb5</quote> per canviar la contrasenya Kerberos. Vegeu "
+"<citerefentry><refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry> per a més informació sobre configurar Kerberos."
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:101
+msgid ""
+"The validation is the benefit of using X.509 certificates instead of SSH "
+"keys directly because e.g. it gives a better control of the lifetime of the "
+"keys. When the ssh client is configured to use the private keys from a "
+"Smartcard with the help of a PKCS#11 shared library (see "
+"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></"
+"citerefentry> for details) it might be irritating that authentication is "
+"still working even if the related X.509 certificate on the Smartcard is "
+"already expired because neither <command>ssh</command> nor <command>sshd</"
+"command> will look at the certificate at all."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:114
+msgid ""
+"It has to be noted that the derived public SSH key can still be added to the "
+"<filename>authorized_keys</filename> file of the user to bypass the "
+"certificate validation if the <command>sshd</command> configuration permits "
+"this."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_authorizedkeys.1.xml:75
+#: sss_ssh_authorizedkeys.1.xml:132
 msgid ""
 "Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_authorizedkeys.1.xml:84 sss_ssh_knownhostsproxy.1.xml:92
+#: sss_ssh_authorizedkeys.1.xml:141 sss_ssh_knownhostsproxy.1.xml:92
 msgid "EXIT STATUS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:86 sss_ssh_knownhostsproxy.1.xml:94
+#: sss_ssh_authorizedkeys.1.xml:143 sss_ssh_knownhostsproxy.1.xml:94
 msgid ""
 "In case of success, an exit value of 0 is returned. Otherwise, 1 is returned."
 msgstr ""
@@ -13810,25 +13815,79 @@ msgid ""
 "manvolnum> </citerefentry>."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-files.5.xml:69
+#, fuzzy
+#| msgid "ad_site (string)"
+msgid "passwd_files (string)"
+msgstr "ad_site (cadena)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:72
+msgid ""
+"Comma-separated list of one or multiple password filenames to be read and "
+"enumerated by the files provider, inotify monitor watches will be set on "
+"each file to detect changes dynamically."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:78
+#, fuzzy
+#| msgid "Default: password"
+msgid "Default: /etc/passwd"
+msgstr "Per defecte: password"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-files.5.xml:84
+#, fuzzy
+#| msgid "ldap_netgroup_triple (string)"
+msgid "group_files (string)"
+msgstr "ldap_netgroup_triple (cadena)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:87
+msgid ""
+"Comma-separated list of one or multiple group filenames to be read and "
+"enumerated by the files provider, inotify monitor watches will be set on "
+"each file to detect changes dynamically."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:93
+#, fuzzy
+#| msgid "Default: nisNetgroup"
+msgid "Default: /etc/group"
+msgstr "Per defecte: nisNetgroup"
+
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-files.5.xml:59
+#, fuzzy
+#| msgid ""
+#| "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
+#| "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
+#| "citerefentry> manual page for details on the configuration of an SSSD "
+#| "domain.  <placeholder type=\"variablelist\" id=\"0\"/>"
 msgid ""
-"The files provider has no specific options of its own, however, generic SSSD "
-"domain options can be set where applicable.  Refer to the section "
-"<quote>DOMAIN SECTIONS</quote> of the <citerefentry> <refentrytitle>sssd."
-"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page "
-"for details on the configuration of an SSSD domain."
+"In addition to the options listed below, generic SSSD domain options can be "
+"set where applicable.  Refer to the section <quote>DOMAIN SECTIONS</quote> "
+"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> manual page for details on the configuration of "
+"an SSSD domain.  <placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
+"Per a més informació sobre la configuració d'un domini SSSD, consulteu la "
+"secció <quote>SECCIONS DELS DOMINIS</quote> de la pàgina del manual "
+"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry>. <placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-files.5.xml:73
+#: sssd-files.5.xml:105
 msgid ""
 "The following example assumes that SSSD is correctly configured and files is "
 "one of the domains in the <replaceable>[sssd]</replaceable> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-files.5.xml:79
+#: sssd-files.5.xml:111
 #, no-wrap
 msgid ""
 "[domain/files]\n"
@@ -13899,25 +13958,15 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-secrets.5.xml:73
-#, fuzzy
-#| msgid "kdm"
 msgid "kcm"
-msgstr "kdm"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-secrets.5.xml:75
-#, fuzzy
-#| msgid ""
-#| "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
-#| "<manvolnum>8</manvolnum> </citerefentry> to specify the default "
-#| "permissions on a newly created home directory."
 msgid ""
 "used by the <citerefentry> <refentrytitle>sssd-kcm</refentrytitle> "
 "<manvolnum>8</manvolnum> </citerefentry> service."
 msgstr ""
-"Utilitzat per <citerefentry><refentrytitle>sss_useradd</refentrytitle> "
-"<manvolnum>8</manvolnum></citerefentry> per especificar els permisos per "
-"defecte en un directori inicial acabat de crear."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-secrets.5.xml:61
@@ -14077,10 +14126,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sssd-secrets.5.xml:216
-#, fuzzy
-#| msgid "pam_id_timeout (integer)"
 msgid "max_uid_secrets (integer)"
-msgstr "pam_id_timeout (enter)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd-secrets.5.xml:219
@@ -14609,7 +14656,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-session-recording.5.xml:16
+#: sssd-session-recording.5.xml:10 sssd-session-recording.5.xml:16
 msgid "sssd-session-recording"
 msgstr ""
 
@@ -14620,14 +14667,6 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-session-recording.5.xml:23
-#, fuzzy
-#| msgid ""
-#| "This manual page describes the configuration of the simple access-control "
-#| "provider for <citerefentry> <refentrytitle>sssd</refentrytitle> "
-#| "<manvolnum>8</manvolnum> </citerefentry>.  For a detailed syntax "
-#| "reference, refer to the <quote>FILE FORMAT</quote> section of the "
-#| "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-#| "manvolnum> </citerefentry> manual page."
 msgid ""
 "This manual page describes how to configure <citerefentry> "
 "<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> "
@@ -14638,12 +14677,6 @@ msgid ""
 "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
 "<manvolnum>5</manvolnum> </citerefentry> manual page."
 msgstr ""
-"En aquesta pàgina del manual es descriu la configuració del proveïdor de "
-"control d'accés simple per a <citerefentry> <refentrytitle>sssd</"
-"refentrytitle> <manvolnum>8</manvolnum></citerefentry>.  Per a una "
-"referència detallada de la sintaxi, aneu a la secció <quote>FORMAT DEL "
-"FITXER</quote> de la pàgina del manual <citerefentry> <refentrytitle>sssd."
-"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-session-recording.5.xml:41
@@ -14667,11 +14700,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-session-recording.5.xml:60
-#, fuzzy
-#| msgid "These options can be used to configure the PAC responder."
 msgid "These options can be used to configure the session recording."
 msgstr ""
-"Es poden utilitzar aquestes opcions per configurar el contestador del PAC."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-session-recording.5.xml:146
@@ -14895,10 +14925,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sssd-systemtap.5.xml:10 sssd-systemtap.5.xml:16
-#, fuzzy
-#| msgid "sssd-simple"
 msgid "sssd-systemtap"
-msgstr "sssd-simple"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sssd-systemtap.5.xml:17
@@ -14907,19 +14935,11 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-systemtap.5.xml:23
-#, fuzzy
-#| msgid ""
-#| "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
-#| "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-#| "citerefentry> for more information on configuring LDAP."
 msgid ""
 "This manual page provides information about the systemtap functionality in "
 "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
 "</citerefentry>."
 msgstr ""
-"<quote>ldap</quote> per autenticació nativa LDAP. Vegeu "
-"<citerefentry><refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-"manvolnum></citerefentry> per a més informació sobre configuració d'LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-systemtap.5.xml:32
@@ -14955,10 +14975,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sssd-systemtap.5.xml:64
-#, fuzzy
-#| msgid "realm name"
 msgid "probe $name"
-msgstr "nom real"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd-systemtap.5.xml:67
@@ -15154,16 +15172,11 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
 #: sssd-systemtap.5.xml:257 sssd-systemtap.5.xml:269 sssd-systemtap.5.xml:281
 #: sssd-systemtap.5.xml:293
-#, fuzzy, no-wrap
-#| msgid ""
-#| "fallback_homedir = /home/%u\n"
-#| "                            "
+#, no-wrap
 msgid ""
 "filter:string\n"
 "                       "
 msgstr ""
-"fallback_homedir = /home/%u\n"
-"                            "
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sssd-systemtap.5.xml:262
@@ -15460,10 +15473,8 @@ msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
 #: include/failover.xml:76
-#, fuzzy
-#| msgid "dns_resolver_timeout (integer)"
 msgid "dns_resolver_op_timeout"
-msgstr "dns_resolver_timeout (enter)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: include/failover.xml:80
@@ -15472,10 +15483,8 @@ msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
 #: include/failover.xml:86
-#, fuzzy
-#| msgid "dns_resolver_timeout (integer)"
 msgid "dns_resolver_timeout"
-msgstr "dns_resolver_timeout (enter)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: include/failover.xml:90
@@ -15487,31 +15496,18 @@ msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para>
 #: include/failover.xml:67
-#, fuzzy
-#| msgid ""
-#| "All of the common configuration options that apply to SSSD domains also "
-#| "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> "
-#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
-#| "<manvolnum>5</manvolnum> </citerefentry> manual page for full details.  "
-#| "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgid ""
 "This section lists the available tunables. Please refer to their description "
 "in the <citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
 "manvolnum> </citerefentry>, manual page.  <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
 msgstr ""
-"Totes les opcions comunes de configuració que s'apliquen als dominis SSD "
-"també s'apliquen als dominis LDAP. Referiu-vos a la secció <quote>SECCIONS "
-"DE DOMINI</quote> de la pàgina de manual de <citerefentry> "
-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> per a tots els detalls.  <placeholder type=\"variablelist\" id="
-"\"0\"/>"
 
 #. type: Content of: <refsect1><refsect2><para>
 #: include/failover.xml:100
 msgid ""
 "For LDAP-based providers, the resolve operation is performed as part of an "
-"LDAP connection operation. Thefore, also the <quote>ldap_opt_timeout></"
+"LDAP connection operation. Therefore, also the <quote>ldap_opt_timeout></"
 "quote> timeout should be set to a larger value than "
 "<quote>dns_resolver_timeout</quote> which in turn should be set to a larger "
 "value than <quote>dns_resolver_op_timeout</quote>."
@@ -16406,6 +16402,23 @@ msgstr ""
 msgid "ldap_use_tokengroups = true"
 msgstr ""
 
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ad_modified_defaults.xml:63
+msgid "ldap_sasl_authid = sAMAccountName@REALM (typically SHORTNAME$@REALM)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ad_modified_defaults.xml:66
+msgid ""
+"The AD provider looks for a different principal than the LDAP provider by "
+"default, because in an Active Directory environment the principals are "
+"divided into two groups - User Principals and Service Principals. Only User "
+"Principal can be used to obtain a TGT and by default, computer object's "
+"principal is constructed from its sAMAccountName and the AD realm. The well-"
+"known host/hostname@REALM principal is a Service Principal and thus cannot "
+"be used to get a TGT with."
+msgstr ""
+
 #. type: Content of: <refsect1><para>
 #: include/ipa_modified_defaults.xml:4
 msgid ""
@@ -16508,23 +16521,3 @@ msgstr ""
 #: include/ipa_modified_defaults.xml:118
 msgid "ldap_group_external_member = ipaExternalMember"
 msgstr ""
-
-#~ msgid ""
-#~ "Determines if a domain can be enumerated. This parameter can have one of "
-#~ "the following values:"
-#~ msgstr ""
-#~ "Determina si un domini pot ser enumerat. Aquest paràmetre pot tenir un "
-#~ "dels valors següents:"
-
-#~ msgid ""
-#~ "<command>sss_debuglevel</command> changes debug level of SSSD monitor and "
-#~ "providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is "
-#~ "running."
-#~ msgstr ""
-#~ "<command>sss_debuglevel</command> canvia el nivell de depuració del "
-#~ "monitor i dels proveïdors de l'SSSD monitor al "
-#~ "<replaceable>NOU_NIVELL_DE_DEPURACIÓ</replaceable> mentre s'està "
-#~ "executant l'SSSD."
-
-#~ msgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>"
-#~ msgstr "<replaceable>NOU_NIVELL_DE_DEPURACIÓ</replaceable>"
diff --git a/src/man/po/cs.po b/src/man/po/cs.po
index 7029a11..e5af85a 100644
--- a/src/man/po/cs.po
+++ b/src/man/po/cs.po
@@ -7,10 +7,10 @@
 # Zdenek <chmelarz@gmail.com>, 2017. #zanata
 msgid ""
 msgstr ""
-"Project-Id-Version: sssd-docs 1.15.3\n"
+"Project-Id-Version: sssd-docs 1.16.1\n"
 "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2018-03-09 12:30+0100\n"
-"PO-Revision-Date: 2017-09-11 08:53-0400\n"
+"POT-Creation-Date: 2018-06-08 21:00+0200\n"
+"PO-Revision-Date: 2017-09-11 08:53+0000\n"
 "Last-Translator: Zdenek <chmelarz@gmail.com>\n"
 "Language-Team: Czech (http://www.transifex.com/projects/p/sssd/language/"
 "cs/)\n"
@@ -19,7 +19,7 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=3; plural=(n==1) ? 0 : (n>=2 && n<=4) ? 1 : 2;\n"
-"X-Generator: Zanata 3.9.6\n"
+"X-Generator: Zanata 4.4.5\n"
 
 #. type: Content of: <reference><title>
 #: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
@@ -90,7 +90,7 @@ msgstr ""
 #: sss_groupmod.8.xml:39 pam_sss.8.xml:64 sssd.8.xml:42 sss_obfuscate.8.xml:58
 #: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
 #: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
-#: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:66
+#: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:123
 #: sss_ssh_knownhostsproxy.1.xml:62
 msgid "OPTIONS"
 msgstr "VOLBY"
@@ -187,7 +187,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd.conf.5.xml:41
 msgid ""
-"A line comment starts with a hash sign (<quote>#</quote>) or a semicolon "
+"A comment line starts with a hash sign (<quote>#</quote>) or a semicolon "
 "(<quote>;</quote>).  Inline comments are not supported."
 msgstr ""
 
@@ -295,11 +295,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:133 sssd.conf.5.xml:543 sssd.conf.5.xml:837
-#: sssd.conf.5.xml:1474 sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1937
-#: sssd-ldap.5.xml:1999 sssd-ldap.5.xml:2565 sssd-ldap.5.xml:2630
-#: sssd-ldap.5.xml:2648 sssd-ad.5.xml:224 sssd-ad.5.xml:338 sssd-ad.5.xml:882
-#: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
+#: sssd.conf.5.xml:133 sssd.conf.5.xml:543 sssd.conf.5.xml:839
+#: sssd.conf.5.xml:1491 sssd.conf.5.xml:1521 sssd-ldap.5.xml:1840
+#: sssd-ldap.5.xml:1937 sssd-ldap.5.xml:1999 sssd-ldap.5.xml:2565
+#: sssd-ldap.5.xml:2630 sssd-ldap.5.xml:2648 sssd-ad.5.xml:227
+#: sssd-ad.5.xml:341 sssd-ad.5.xml:885 sssd-krb5.5.xml:499
+#: sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
 msgid "Default: true"
 msgstr ""
 
@@ -316,8 +317,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:146 sssd.conf.5.xml:540 sssd.conf.5.xml:721
-#: sssd.conf.5.xml:1407 sssd.conf.5.xml:2925 sssd-ldap.5.xml:708
+#: sssd.conf.5.xml:146 sssd.conf.5.xml:540 sssd.conf.5.xml:722
+#: sssd.conf.5.xml:1424 sssd.conf.5.xml:2983 sssd-ldap.5.xml:708
 #: sssd-ldap.5.xml:1714 sssd-ldap.5.xml:1733 sssd-ldap.5.xml:1909
 #: sssd-ldap.5.xml:2335 sssd-ipa.5.xml:151 sssd-ipa.5.xml:238
 #: sssd-ipa.5.xml:559 sssd-krb5.5.xml:266 sssd-krb5.5.xml:300
@@ -351,7 +352,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:169 sssd.conf.5.xml:1359 sssd.conf.5.xml:2941
+#: sssd.conf.5.xml:169 sssd.conf.5.xml:1376 sssd.conf.5.xml:2999
 #: sssd-ldap.5.xml:1585 include/ldap_id_mapping.xml:264
 msgid "Default: 10"
 msgstr ""
@@ -367,7 +368,7 @@ msgid "The [sssd] section"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:191 sssd.conf.5.xml:3030
+#: sssd.conf.5.xml:191 sssd.conf.5.xml:3088
 msgid "Section parameters"
 msgstr ""
 
@@ -415,19 +416,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231 sssd.conf.5.xml:613
+#: sssd.conf.5.xml:231 sssd.conf.5.xml:614
 msgid "reconnection_retries (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:234 sssd.conf.5.xml:616
+#: sssd.conf.5.xml:234 sssd.conf.5.xml:617
 msgid ""
 "Number of times services should attempt to reconnect in the event of a Data "
 "Provider crash or restart before they give up"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:239 sssd.conf.5.xml:621
+#: sssd.conf.5.xml:239 sssd.conf.5.xml:622
 msgid "Default: 3"
 msgstr ""
 
@@ -447,7 +448,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:259 sssd.conf.5.xml:2539
+#: sssd.conf.5.xml:259 sssd.conf.5.xml:2597
 msgid "re_expression (string)"
 msgstr ""
 
@@ -467,12 +468,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:276 sssd.conf.5.xml:2590
+#: sssd.conf.5.xml:276 sssd.conf.5.xml:2648
 msgid "full_name_format (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:279 sssd.conf.5.xml:2593
+#: sssd.conf.5.xml:279 sssd.conf.5.xml:2651
 msgid ""
 "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
 "manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -480,39 +481,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:290 sssd.conf.5.xml:2604
+#: sssd.conf.5.xml:290 sssd.conf.5.xml:2662
 msgid "%1$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:291 sssd.conf.5.xml:2605
+#: sssd.conf.5.xml:291 sssd.conf.5.xml:2663
 msgid "user name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:294 sssd.conf.5.xml:2608
+#: sssd.conf.5.xml:294 sssd.conf.5.xml:2666
 msgid "%2$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:297 sssd.conf.5.xml:2611
+#: sssd.conf.5.xml:297 sssd.conf.5.xml:2669
 msgid "domain name as specified in the SSSD config file."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:303 sssd.conf.5.xml:2617
+#: sssd.conf.5.xml:303 sssd.conf.5.xml:2675
 msgid "%3$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:306 sssd.conf.5.xml:2620
+#: sssd.conf.5.xml:306 sssd.conf.5.xml:2678
 msgid ""
 "domain flat name. Mostly usable for Active Directory domains, both directly "
 "configured or discovered via IPA trusts."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:287 sssd.conf.5.xml:2601
+#: sssd.conf.5.xml:287 sssd.conf.5.xml:2659
 msgid ""
 "The following expansions are supported: <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
@@ -636,9 +637,9 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:418 sssd.conf.5.xml:1163 sssd-ldap.5.xml:679
+#: sssd.conf.5.xml:418 sssd.conf.5.xml:1165 sssd-ldap.5.xml:679
 #: sssd-ldap.5.xml:1319 sssd-ldap.5.xml:1673 sssd-ldap.5.xml:1685
-#: sssd-ldap.5.xml:1767 sssd-ad.5.xml:687 sssd-ad.5.xml:762 sssd.8.xml:126
+#: sssd-ldap.5.xml:1767 sssd-ad.5.xml:690 sssd-ad.5.xml:765 sssd.8.xml:126
 #: sssd-krb5.5.xml:410 sssd-krb5.5.xml:556 sssd-secrets.5.xml:339
 #: sssd-secrets.5.xml:377 sssd-secrets.5.xml:390 sssd-secrets.5.xml:404
 #: sssd-secrets.5.xml:415 include/ldap_id_mapping.xml:205
@@ -816,21 +817,22 @@ msgstr ""
 #: sssd.conf.5.xml:563
 msgid ""
 "Please, note that when this option is set the output format of all commands "
-"is always fully-qualified even when using short names for input.  In case "
-"the administrator wants the output not fully-qualified, the full_name_format "
-"option can be used as shown below: <quote>full_name_format=%1$s</quote> "
-"However, keep in mind that during login, login applications often "
-"canonicalize the username by calling <citerefentry> <refentrytitle>getpwnam</"
-"refentrytitle> <manvolnum>3</manvolnum> </citerefentry> which, if a "
-"shortname is returned for a qualified input (while trying to reach a user "
-"which exists in multiple domains) might re-route the login attempt into the "
-"domain which users shortnames, making this workaround totally not "
-"recommended in cases where usernames may overlap between domains."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587 sssd.conf.5.xml:1371 sssd.conf.5.xml:2991
-#: sssd-ad.5.xml:161 sssd-ad.5.xml:299 sssd-ad.5.xml:313
+"is always fully-qualified even when using short names for input, for all "
+"users but the ones managed by the files provider.  In case the administrator "
+"wants the output not fully-qualified, the full_name_format option can be "
+"used as shown below: <quote>full_name_format=%1$s</quote> However, keep in "
+"mind that during login, login applications often canonicalize the username "
+"by calling <citerefentry> <refentrytitle>getpwnam</refentrytitle> "
+"<manvolnum>3</manvolnum> </citerefentry> which, if a shortname is returned "
+"for a qualified input (while trying to reach a user which exists in multiple "
+"domains) might re-route the login attempt into the domain which uses "
+"shortnames, making this workaround totally not recommended in cases where "
+"usernames may overlap between domains."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:588 sssd.conf.5.xml:1388 sssd.conf.5.xml:3049
+#: sssd-ad.5.xml:164 sssd-ad.5.xml:302 sssd-ad.5.xml:316
 msgid "Default: Not set"
 msgstr ""
 
@@ -846,12 +848,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:598
+#: sssd.conf.5.xml:599
 msgid "SERVICES SECTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:600
+#: sssd.conf.5.xml:601
 msgid ""
 "Settings that can be used to configure different services are described in "
 "this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -860,22 +862,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:607
+#: sssd.conf.5.xml:608
 msgid "General service configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:609
+#: sssd.conf.5.xml:610
 msgid "These options can be used to configure any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:626
+#: sssd.conf.5.xml:627
 msgid "fd_limit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:629
+#: sssd.conf.5.xml:630
 msgid ""
 "This option specifies the maximum number of file descriptors that may be "
 "opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -885,17 +887,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:638
+#: sssd.conf.5.xml:639
 msgid "Default: 8192 (or limits.conf \"hard\" limit)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:643
+#: sssd.conf.5.xml:644
 msgid "client_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:646
+#: sssd.conf.5.xml:647
 msgid ""
 "This option specifies the number of seconds that a client of an SSSD process "
 "can hold onto a file descriptor without communicating on it. This value is "
@@ -905,18 +907,18 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:655 sssd.conf.5.xml:687 sssd.conf.5.xml:968
-#: sssd.conf.5.xml:1229 sssd-ldap.5.xml:1412
+#: sssd.conf.5.xml:656 sssd.conf.5.xml:688 sssd.conf.5.xml:970
+#: sssd.conf.5.xml:1231 sssd-ldap.5.xml:1412
 msgid "Default: 60"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:660
+#: sssd.conf.5.xml:661
 msgid "offline_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:663
+#: sssd.conf.5.xml:664
 msgid ""
 "When SSSD switches to offline mode the amount of time before it tries to go "
 "back online will increase based upon the time spent disconnected.  This "
@@ -924,24 +926,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:670
+#: sssd.conf.5.xml:671
 msgid "offline_timeout + random_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:673
+#: sssd.conf.5.xml:674
 msgid ""
 "The random offset can increment up to 30 seconds.  After each unsuccessful "
 "attempt to go online, the new interval is recalculated by the following:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:678
+#: sssd.conf.5.xml:679
 msgid "new_interval = old_interval*2 + random_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:681
+#: sssd.conf.5.xml:682
 msgid ""
 "Note that the maximum length of each interval is currently limited to one "
 "hour. If the calculated length of new_interval is greater than an hour, it "
@@ -949,12 +951,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:692
+#: sssd.conf.5.xml:693
 msgid "responder_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:695
+#: sssd.conf.5.xml:696
 msgid ""
 "This option specifies the number of seconds that an SSSD responder process "
 "can be up without being used. This value is limited in order to avoid "
@@ -966,58 +968,58 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:709 sssd.conf.5.xml:981 sssd.conf.5.xml:1566
+#: sssd.conf.5.xml:710 sssd.conf.5.xml:983 sssd.conf.5.xml:1616
 #: sssd-ldap.5.xml:722
 msgid "Default: 300"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:714
+#: sssd.conf.5.xml:715
 msgid "cache_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:717
+#: sssd.conf.5.xml:718
 msgid ""
 "This option specifies whether the responder should query all caches before "
 "querying the Data Providers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:729
+#: sssd.conf.5.xml:730
 msgid "NSS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:731
+#: sssd.conf.5.xml:732
 msgid ""
 "These options can be used to configure the Name Service Switch (NSS) service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:736
+#: sssd.conf.5.xml:737
 msgid "enum_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:739
+#: sssd.conf.5.xml:740
 msgid ""
 "How many seconds should nss_sss cache enumerations (requests for info about "
 "all users)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:743
+#: sssd.conf.5.xml:744
 msgid "Default: 120"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:748
+#: sssd.conf.5.xml:749
 msgid "entry_cache_nowait_percentage (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:751
+#: sssd.conf.5.xml:752
 msgid ""
 "The entry cache can be set to automatically update entries in the background "
 "if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -1025,7 +1027,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:757
+#: sssd.conf.5.xml:758
 msgid ""
 "For example, if the domain's entry_cache_timeout is set to 30s and "
 "entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -1035,7 +1037,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:767
+#: sssd.conf.5.xml:768
 msgid ""
 "Valid values for this option are 0-99 and represent a percentage of the "
 "entry_cache_timeout for each domain. For performance reasons, this "
@@ -1044,17 +1046,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:775 sssd.conf.5.xml:1428
+#: sssd.conf.5.xml:776 sssd.conf.5.xml:1445
 msgid "Default: 50"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:780
+#: sssd.conf.5.xml:781
 msgid "entry_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:784
 msgid ""
 "Specifies for how many seconds nss_sss should cache negative cache hits "
 "(that is, queries for invalid database entries, like nonexistent ones)  "
@@ -1062,34 +1064,35 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:789 sssd.conf.5.xml:1452
+#: sssd.conf.5.xml:790 sssd.conf.5.xml:1469
 msgid "Default: 15"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:794
+#: sssd.conf.5.xml:795
 msgid "local_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:797
+#: sssd.conf.5.xml:798
 msgid ""
 "Specifies for how many seconds nss_sss should keep local users and groups in "
-"negative cache before trying to look it up in the back end again."
+"negative cache before trying to look it up in the back end again. Setting "
+"the option to 0 disables this feature."
 msgstr ""
 
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:802 sssd.conf.5.xml:1217 sssd.conf.5.xml:2846 sssd.8.xml:79
-msgid "Default: 0"
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:804
+msgid "Default: 14400 (4 hours)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:807
+#: sssd.conf.5.xml:809
 msgid "filter_users, filter_groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:810
+#: sssd.conf.5.xml:812
 msgid ""
 "Exclude certain users or groups from being fetched from the sss NSS "
 "database. This is particularly useful for system accounts. This option can "
@@ -1098,7 +1101,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:817
+#: sssd.conf.5.xml:819
 msgid ""
 "NOTE: The filter_groups option doesn't affect inheritance of nested group "
 "members, since filtering happens after they are propagated for returning via "
@@ -1107,41 +1110,41 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:825
+#: sssd.conf.5.xml:827
 msgid "Default: root"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:830
+#: sssd.conf.5.xml:832
 msgid "filter_users_in_groups (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:833
+#: sssd.conf.5.xml:835
 msgid ""
 "If you want filtered user still be group members set this option to false."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:844
+#: sssd.conf.5.xml:846
 msgid "fallback_homedir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:849
 msgid ""
 "Set a default template for a user's home directory if one is not specified "
 "explicitly by the domain's data provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:852
+#: sssd.conf.5.xml:854
 msgid ""
 "The available values for this option are the same as for override_homedir."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:858
+#: sssd.conf.5.xml:860
 #, no-wrap
 msgid ""
 "fallback_homedir = /home/%u\n"
@@ -1149,23 +1152,23 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:856 sssd.conf.5.xml:1296 sssd.conf.5.xml:1315
+#: sssd.conf.5.xml:858 sssd.conf.5.xml:1298 sssd.conf.5.xml:1317
 #: sssd-krb5.5.xml:539 include/override_homedir.xml:59
 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:862
+#: sssd.conf.5.xml:864
 msgid "Default: not set (no substitution for unset home directories)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:870
 msgid "override_shell (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:873
 msgid ""
 "Override the login shell for all users. This option supersedes any other "
 "shell options if it takes effect and can be set either in the [nss] section "
@@ -1173,47 +1176,47 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:877
+#: sssd.conf.5.xml:879
 msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:883
+#: sssd.conf.5.xml:885
 msgid "allowed_shells (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:886
+#: sssd.conf.5.xml:888
 msgid ""
 "Restrict user shell to one of the listed values. The order of evaluation is:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:889
+#: sssd.conf.5.xml:891
 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:895
 msgid ""
 "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
 "quote>, use the value of the shell_fallback parameter."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:898
+#: sssd.conf.5.xml:900
 msgid ""
 "3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
 "shells</quote>, a nologin shell is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:903
+#: sssd.conf.5.xml:905
 msgid "The wildcard (*) can be used to allow any shell."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:906
+#: sssd.conf.5.xml:908
 msgid ""
 "The (*) is useful if you want to use shell_fallback in case that user's "
 "shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -1221,112 +1224,112 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:913
+#: sssd.conf.5.xml:915
 msgid "An empty string for shell is passed as-is to libc."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:918
 msgid ""
 "The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
 "that a restart of the SSSD is required in case a new shell is installed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:920
+#: sssd.conf.5.xml:922
 msgid "Default: Not set. The user shell is automatically used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:925
+#: sssd.conf.5.xml:927
 msgid "vetoed_shells (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:928
+#: sssd.conf.5.xml:930
 msgid "Replace any instance of these shells with the shell_fallback"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:933
+#: sssd.conf.5.xml:935
 msgid "shell_fallback (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:936
+#: sssd.conf.5.xml:938
 msgid ""
 "The default shell to use if an allowed shell is not installed on the machine."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
+#: sssd.conf.5.xml:942
 msgid "Default: /bin/sh"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:945
+#: sssd.conf.5.xml:947
 msgid "default_shell"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:950
 msgid ""
 "The default shell to use if the provider does not return one during lookup. "
 "This option can be specified globally in the [nss] section or per-domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:956
 msgid ""
 "Default: not set (Return NULL if no shell is specified and rely on libc to "
 "substitute something sensible when necessary, usually /bin/sh)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:961 sssd.conf.5.xml:1222
+#: sssd.conf.5.xml:963 sssd.conf.5.xml:1224
 msgid "get_domains_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:964 sssd.conf.5.xml:1225
+#: sssd.conf.5.xml:966 sssd.conf.5.xml:1227
 msgid ""
 "Specifies time in seconds for which the list of subdomains will be "
 "considered valid."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:973
+#: sssd.conf.5.xml:975
 msgid "memcache_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:976
+#: sssd.conf.5.xml:978
 msgid ""
 "Specifies time in seconds for which records in the in-memory cache will be "
 "valid. Setting this option to zero will disable the in-memory cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:984
+#: sssd.conf.5.xml:986
 msgid ""
 "WARNING: Disabling the in-memory cache will have significant negative impact "
 "on SSSD's performance and should only be used for testing."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:990
+#: sssd.conf.5.xml:992
 msgid ""
 "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
 "client applications will not use the fast in-memory cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:998 sssd-ifp.5.xml:74
+#: sssd.conf.5.xml:1000 sssd-ifp.5.xml:74
 msgid "user_attributes (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1001
+#: sssd.conf.5.xml:1003
 msgid ""
 "Some of the additional NSS responder requests can return more attributes "
 "than just the POSIX ones defined by the NSS interface. The list of "
@@ -1337,96 +1340,96 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1014
+#: sssd.conf.5.xml:1016
 msgid ""
 "To make configuration more easy the NSS responder will check the InfoPipe "
 "option if it is not set for the NSS responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1019
+#: sssd.conf.5.xml:1021
 msgid "Default: not set, fallback to InfoPipe option"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1026
 msgid "pwfield (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1029
 msgid ""
 "The value that NSS operations that return users or groups will return for "
 "the <quote>password</quote> field."
 msgstr ""
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:1032 include/override_homedir.xml:56
+#: sssd.conf.5.xml:1034 include/override_homedir.xml:56
 msgid "This option can also be set per-domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1035
+#: sssd.conf.5.xml:1037
 msgid ""
 "Default: <quote>*</quote> (remote domains)  or <quote>x</quote> (the files "
 "domain)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1043
+#: sssd.conf.5.xml:1045
 msgid "PAM configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1047
 msgid ""
 "These options can be used to configure the Pluggable Authentication Module "
 "(PAM) service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1050
+#: sssd.conf.5.xml:1052
 msgid "offline_credentials_expiration (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1053
+#: sssd.conf.5.xml:1055
 msgid ""
 "If the authentication provider is offline, how long should we allow cached "
 "logins (in days since the last successful online login)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1058 sssd.conf.5.xml:1071
+#: sssd.conf.5.xml:1060 sssd.conf.5.xml:1073
 msgid "Default: 0 (No limit)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1064
+#: sssd.conf.5.xml:1066
 msgid "offline_failed_login_attempts (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1067
+#: sssd.conf.5.xml:1069
 msgid ""
 "If the authentication provider is offline, how many failed login attempts "
 "are allowed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1077
+#: sssd.conf.5.xml:1079
 msgid "offline_failed_login_delay (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1080
+#: sssd.conf.5.xml:1082
 msgid ""
 "The time in minutes which has to pass after offline_failed_login_attempts "
 "has been reached before a new login attempt is possible."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1085
+#: sssd.conf.5.xml:1087
 msgid ""
 "If set to 0 the user cannot authenticate offline if "
 "offline_failed_login_attempts has been reached. Only a successful online "
@@ -1434,59 +1437,59 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1091 sssd.conf.5.xml:1189
+#: sssd.conf.5.xml:1093 sssd.conf.5.xml:1191
 msgid "Default: 5"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1097
+#: sssd.conf.5.xml:1099
 msgid "pam_verbosity (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1100
+#: sssd.conf.5.xml:1102
 msgid ""
 "Controls what kind of messages are shown to the user during authentication. "
 "The higher the number to more messages are displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1105
+#: sssd.conf.5.xml:1107
 msgid "Currently sssd supports the following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1108
+#: sssd.conf.5.xml:1110
 msgid "<emphasis>0</emphasis>: do not show any message"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1111
+#: sssd.conf.5.xml:1113
 msgid "<emphasis>1</emphasis>: show only important messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1115
+#: sssd.conf.5.xml:1117
 msgid "<emphasis>2</emphasis>: show informational messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1118
+#: sssd.conf.5.xml:1120
 msgid "<emphasis>3</emphasis>: show all messages and debug information"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1122 sssd.8.xml:63
+#: sssd.conf.5.xml:1124 sssd.8.xml:63
 msgid "Default: 1"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1128
+#: sssd.conf.5.xml:1130
 msgid "pam_response_filter (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1131
+#: sssd.conf.5.xml:1133
 msgid ""
 "A comma separated list of strings which allows to remove (filter) data sent "
 "by the PAM responder to pam_sss PAM module. There are different kind of "
@@ -1495,61 +1498,61 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1139
+#: sssd.conf.5.xml:1141
 msgid ""
 "While messages already can be controlled with the help of the pam_verbosity "
 "option this option allows to filter out other kind of responses as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1148
 msgid "ENV"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1147
+#: sssd.conf.5.xml:1149
 msgid "Do not send any environment variables to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1150
+#: sssd.conf.5.xml:1152
 msgid "ENV:var_name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1151
+#: sssd.conf.5.xml:1153
 msgid "Do not send environment variable var_name to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1155
+#: sssd.conf.5.xml:1157
 msgid "ENV:var_name:service"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1156
+#: sssd.conf.5.xml:1158
 msgid "Do not send environment variable var_name to service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1144
+#: sssd.conf.5.xml:1146
 msgid ""
 "Currently the following filters are supported: <placeholder type="
 "\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1166
+#: sssd.conf.5.xml:1168
 msgid "Example: ENV:KRB5CCNAME:sudo-i"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1174
 msgid "pam_id_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1175
+#: sssd.conf.5.xml:1177
 msgid ""
 "For any PAM request while SSSD is online, the SSSD will attempt to "
 "immediately update the cached identity information for the user in order to "
@@ -1557,7 +1560,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1181
+#: sssd.conf.5.xml:1183
 msgid ""
 "A complete PAM conversation may perform multiple PAM requests, such as "
 "account management and session opening. This option controls (on a per-"
@@ -1566,17 +1569,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1195
+#: sssd.conf.5.xml:1197
 msgid "pam_pwd_expiration_warning (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1198 sssd.conf.5.xml:2028
+#: sssd.conf.5.xml:1200 sssd.conf.5.xml:2078
 msgid "Display a warning N days before the password expires."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1201
+#: sssd.conf.5.xml:1203
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -1584,26 +1587,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1207 sssd.conf.5.xml:2031
+#: sssd.conf.5.xml:1209 sssd.conf.5.xml:2081
 msgid ""
 "If zero is set, then this filter is not applied, i.e. if the expiration "
 "warning was received from backend server, it will automatically be displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1212
+#: sssd.conf.5.xml:1214
 msgid ""
 "This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
 "emphasis> for a particular domain."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1219 sssd.conf.5.xml:2904 sssd.8.xml:79
+msgid "Default: 0"
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1234
+#: sssd.conf.5.xml:1236
 msgid "pam_trusted_users (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1237
+#: sssd.conf.5.xml:1239
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to run PAM conversations against trusted domains.  Users not "
@@ -1613,74 +1621,74 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1247
+#: sssd.conf.5.xml:1249
 msgid "Default: All users are considered trusted by default"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1251
+#: sssd.conf.5.xml:1253
 msgid ""
 "Please note that UID 0 is always allowed to access the PAM responder even in "
 "case it is not in the pam_trusted_users list."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1258
+#: sssd.conf.5.xml:1260
 msgid "pam_public_domains (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1261
+#: sssd.conf.5.xml:1263
 msgid ""
 "Specifies the comma-separated list of domain names that are accessible even "
 "to untrusted users."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1265
+#: sssd.conf.5.xml:1267
 msgid "Two special values for pam_public_domains option are defined:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1269
+#: sssd.conf.5.xml:1271
 msgid ""
 "all (Untrusted users are allowed to access all domains in PAM responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1273
+#: sssd.conf.5.xml:1275
 msgid ""
 "none (Untrusted users are not allowed to access any domains PAM in "
 "responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1277 sssd.conf.5.xml:1302 sssd.conf.5.xml:1321
-#: sssd.conf.5.xml:1825 sssd.conf.5.xml:2782 sssd-ldap.5.xml:1968
+#: sssd.conf.5.xml:1279 sssd.conf.5.xml:1304 sssd.conf.5.xml:1323
+#: sssd.conf.5.xml:1875 sssd.conf.5.xml:2840 sssd-ldap.5.xml:1968
 msgid "Default: none"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1282
+#: sssd.conf.5.xml:1284
 msgid "pam_account_expired_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1285
+#: sssd.conf.5.xml:1287
 msgid ""
 "Allows a custom expiration message to be set, replacing the default "
 "'Permission denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1290
+#: sssd.conf.5.xml:1292
 msgid ""
 "Note: Please be aware that message is only printed for the SSH service "
 "unless pam_verbosity is set to 3 (show all messages and debug information)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1298
+#: sssd.conf.5.xml:1300
 #, no-wrap
 msgid ""
 "pam_account_expired_message = Account expired, please contact help desk.\n"
@@ -1688,19 +1696,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1307
+#: sssd.conf.5.xml:1309
 msgid "pam_account_locked_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1310
+#: sssd.conf.5.xml:1312
 msgid ""
 "Allows a custom lockout message to be set, replacing the default 'Permission "
 "denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1317
+#: sssd.conf.5.xml:1319
 #, no-wrap
 msgid ""
 "pam_account_locked_message = Account locked, please contact help desk.\n"
@@ -1708,12 +1716,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1326
+#: sssd.conf.5.xml:1328
 msgid "pam_cert_auth (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1329
+#: sssd.conf.5.xml:1331
 msgid ""
 "Enable certificate based Smartcard authentication.  Since this requires "
 "additional communication with the Smartcard which will delay the "
@@ -1721,58 +1729,80 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1335 sssd.conf.5.xml:2875 sssd-ldap.5.xml:1087
+#: sssd.conf.5.xml:1337 sssd.conf.5.xml:2933 sssd-ldap.5.xml:1087
 #: sssd-ldap.5.xml:1114 sssd-ldap.5.xml:1514 sssd-ldap.5.xml:1535
 #: sssd-ldap.5.xml:2041 include/ldap_id_mapping.xml:244
 msgid "Default: False"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1340
+#: sssd.conf.5.xml:1342
 msgid "pam_cert_db_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1343
+#: sssd.conf.5.xml:1345
 msgid ""
 "The path to the certificate database which contain the PKCS#11 modules to "
 "access the Smartcard."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1347
-msgid "Default: /etc/pki/nssdb (NSS version)"
+#: sssd.conf.5.xml:1349 sssd.conf.5.xml:1534
+msgid "Default:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:1351 sssd.conf.5.xml:1536
+msgid "/etc/pki/nssdb (NSS version, path to a NSS database)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:1354 sssd.conf.5.xml:1539
+msgid ""
+"/etc/sssd/pki/sssd_auth_ca_db.pem (OpenSSL version, path to a file with "
+"trusted CA certificates in PEM format)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1361 sssd.conf.5.xml:1546
+msgid "This man page was generated for the NSS version."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1364 sssd.conf.5.xml:1549
+msgid "This man page was generated for the OpenSSL version."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1352
+#: sssd.conf.5.xml:1369
 msgid "p11_child_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1355
+#: sssd.conf.5.xml:1372
 msgid "How many seconds will pam_sss wait for p11_child to finish."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1364
+#: sssd.conf.5.xml:1381
 msgid "pam_app_services (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1367
+#: sssd.conf.5.xml:1384
 msgid ""
 "Which PAM services are permitted to contact domains of type "
 "<quote>application</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1380
+#: sssd.conf.5.xml:1397
 msgid "SUDO configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1382
+#: sssd.conf.5.xml:1399
 msgid ""
 "These options can be used to configure the sudo service.  The detailed "
 "instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -1783,24 +1813,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1399
+#: sssd.conf.5.xml:1416
 msgid "sudo_timed (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1402
+#: sssd.conf.5.xml:1419
 msgid ""
 "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
 "that implement time-dependent sudoers entries."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1414
+#: sssd.conf.5.xml:1431
 msgid "sudo_threshold (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1417
+#: sssd.conf.5.xml:1434
 msgid ""
 "Maximum number of expired rules that can be refreshed at once. If number of "
 "expired rules is below threshold, those rules are refreshed with "
@@ -1810,22 +1840,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1436
+#: sssd.conf.5.xml:1453
 msgid "AUTOFS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1438
+#: sssd.conf.5.xml:1455
 msgid "These options can be used to configure the autofs service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1442
+#: sssd.conf.5.xml:1459
 msgid "autofs_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1445
+#: sssd.conf.5.xml:1462
 msgid ""
 "Specifies for how many seconds should the autofs responder negative cache "
 "hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1833,68 +1863,77 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1461
+#: sssd.conf.5.xml:1478
 msgid "SSH configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1463
+#: sssd.conf.5.xml:1480
 msgid "These options can be used to configure the SSH service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1467
+#: sssd.conf.5.xml:1484
 msgid "ssh_hash_known_hosts (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1470
+#: sssd.conf.5.xml:1487
 msgid ""
 "Whether or not to hash host names and addresses in the managed known_hosts "
 "file."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1479
+#: sssd.conf.5.xml:1496
 msgid "ssh_known_hosts_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1482
+#: sssd.conf.5.xml:1499
 msgid ""
 "How many seconds to keep a host in the managed known_hosts file after its "
 "host keys were requested."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1486
+#: sssd.conf.5.xml:1503
 msgid "Default: 180"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1491
-msgid "ca_db (string)"
+#: sssd.conf.5.xml:1508
+msgid "ssh_use_certificate_keys (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1494
+#: sssd.conf.5.xml:1511
 msgid ""
-"Path to a storage of trusted CA certificates. The option is used to validate "
-"user certificates before deriving public ssh keys from them."
+"If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh "
+"keys derived from the public key of X.509 certificates stored in the user "
+"entry as well. See <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</"
+"refentrytitle> <manvolnum>1</manvolnum> </citerefentry> for details."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1526
+msgid "ca_db (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1499
-msgid "Default: /etc/pki/nssdb"
+#: sssd.conf.5.xml:1529
+msgid ""
+"Path to a storage of trusted CA certificates. The option is used to validate "
+"user certificates before deriving public ssh keys from them."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1507
+#: sssd.conf.5.xml:1557
 msgid "PAC responder configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1509
+#: sssd.conf.5.xml:1559
 msgid ""
 "The PAC responder works together with the authorization data plugin for MIT "
 "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -1905,7 +1944,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1518
+#: sssd.conf.5.xml:1568
 msgid ""
 "If the remote user does not exist in the cache, it is created. The UID is "
 "determined with the help of the SID, trusted domains will have UPGs and the "
@@ -1916,24 +1955,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1526
+#: sssd.conf.5.xml:1576
 msgid ""
 "If there are SIDs of groups from domains sssd knows about, the user will be "
 "added to those groups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1532
+#: sssd.conf.5.xml:1582
 msgid "These options can be used to configure the PAC responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1536 sssd-ifp.5.xml:50
+#: sssd.conf.5.xml:1586 sssd-ifp.5.xml:50
 msgid "allowed_uids (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1539
+#: sssd.conf.5.xml:1589
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -1941,12 +1980,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1545
+#: sssd.conf.5.xml:1595
 msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1549
+#: sssd.conf.5.xml:1599
 msgid ""
 "Please note that although the UID 0 is used as the default it will be "
 "overwritten with this option. If you still want to allow the root user to "
@@ -1955,24 +1994,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1558
+#: sssd.conf.5.xml:1608
 msgid "pac_lifetime (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1561
+#: sssd.conf.5.xml:1611
 msgid ""
 "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
 "data can be used to determine the group memberships of a user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1574
+#: sssd.conf.5.xml:1624
 msgid "Session recording configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1576
+#: sssd.conf.5.xml:1626
 msgid ""
 "Session recording works in conjunction with <citerefentry> "
 "<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </"
@@ -1982,66 +2021,66 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1589
+#: sssd.conf.5.xml:1639
 msgid "These options can be used to configure session recording."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1593 sssd-session-recording.5.xml:64
+#: sssd.conf.5.xml:1643 sssd-session-recording.5.xml:64
 msgid "scope (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1600 sssd-session-recording.5.xml:71
+#: sssd.conf.5.xml:1650 sssd-session-recording.5.xml:71
 msgid "\"none\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1603 sssd-session-recording.5.xml:74
+#: sssd.conf.5.xml:1653 sssd-session-recording.5.xml:74
 msgid "No users are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1608 sssd-session-recording.5.xml:79
+#: sssd.conf.5.xml:1658 sssd-session-recording.5.xml:79
 msgid "\"some\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1611 sssd-session-recording.5.xml:82
+#: sssd.conf.5.xml:1661 sssd-session-recording.5.xml:82
 msgid ""
 "Users/groups specified by <replaceable>users</replaceable> and "
 "<replaceable>groups</replaceable> options are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1620 sssd-session-recording.5.xml:91
+#: sssd.conf.5.xml:1670 sssd-session-recording.5.xml:91
 msgid "\"all\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1623 sssd-session-recording.5.xml:94
+#: sssd.conf.5.xml:1673 sssd-session-recording.5.xml:94
 msgid "All users are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1596 sssd-session-recording.5.xml:67
+#: sssd.conf.5.xml:1646 sssd-session-recording.5.xml:67
 msgid ""
 "One of the following strings specifying the scope of session recording: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1630 sssd-session-recording.5.xml:101
+#: sssd.conf.5.xml:1680 sssd-session-recording.5.xml:101
 msgid "Default: \"none\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1635 sssd-session-recording.5.xml:106
+#: sssd.conf.5.xml:1685 sssd-session-recording.5.xml:106
 msgid "users (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1638 sssd-session-recording.5.xml:109
+#: sssd.conf.5.xml:1688 sssd-session-recording.5.xml:109
 msgid ""
 "A comma-separated list of users which should have session recording enabled. "
 "Matches user names as returned by NSS. I.e. after the possible space "
@@ -2049,17 +2088,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1644 sssd-session-recording.5.xml:115
+#: sssd.conf.5.xml:1694 sssd-session-recording.5.xml:115
 msgid "Default: Empty. Matches no users."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1649 sssd-session-recording.5.xml:120
+#: sssd.conf.5.xml:1699 sssd-session-recording.5.xml:120
 msgid "groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1652 sssd-session-recording.5.xml:123
+#: sssd.conf.5.xml:1702 sssd-session-recording.5.xml:123
 msgid ""
 "A comma-separated list of groups, members of which should have session "
 "recording enabled. Matches group names as returned by NSS. I.e. after the "
@@ -2067,7 +2106,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1658 sssd-session-recording.5.xml:129
+#: sssd.conf.5.xml:1708 sssd-session-recording.5.xml:129
 msgid ""
 "NOTE: using this option (having it set to anything) has a considerable "
 "performance cost, because each uncached request for a user requires "
@@ -2075,22 +2114,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1665 sssd-session-recording.5.xml:136
+#: sssd.conf.5.xml:1715 sssd-session-recording.5.xml:136
 msgid "Default: Empty. Matches no groups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1675
+#: sssd.conf.5.xml:1725
 msgid "DOMAIN SECTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1682
+#: sssd.conf.5.xml:1732
 msgid "domain_type (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1685
+#: sssd.conf.5.xml:1735
 msgid ""
 "Specifies whether the domain is meant to be used by POSIX-aware clients such "
 "as the Name Service Switch or by applications that do not need POSIX data to "
@@ -2099,14 +2138,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1693
+#: sssd.conf.5.xml:1743
 msgid ""
 "Allowed values for this option are <quote>posix</quote> and "
 "<quote>application</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1697
+#: sssd.conf.5.xml:1747
 msgid ""
 "POSIX domains are reachable by all services. Application domains are only "
 "reachable from the InfoPipe responder (see <citerefentry> "
@@ -2115,38 +2154,38 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1705
+#: sssd.conf.5.xml:1755
 msgid ""
 "NOTE: The application domains are currently well tested with "
 "<quote>id_provider=ldap</quote> only."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1709
+#: sssd.conf.5.xml:1759
 msgid ""
 "For an easy way to configure a non-POSIX domains, please see the "
 "<quote>Application domains</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1713
+#: sssd.conf.5.xml:1763
 msgid "Default: posix"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1719
+#: sssd.conf.5.xml:1769
 msgid "min_id,max_id (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1722
+#: sssd.conf.5.xml:1772
 msgid ""
 "UID and GID limits for the domain. If a domain contains an entry that is "
 "outside these limits, it is ignored."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1727
+#: sssd.conf.5.xml:1777
 msgid ""
 "For users, this affects the primary GID limit. The user will not be returned "
 "to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -2155,24 +2194,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1734
+#: sssd.conf.5.xml:1784
 msgid ""
 "These ID limits affect even saving entries to cache, not only returning them "
 "by name or ID."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1738
+#: sssd.conf.5.xml:1788
 msgid "Default: 1 for min_id, 0 (no limit) for max_id"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1744
+#: sssd.conf.5.xml:1794
 msgid "enumerate (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1747
+#: sssd.conf.5.xml:1797
 msgid ""
 "Determines if a domain can be enumerated, that is, whether the domain can "
 "list all the users and group it contains. Note that it is not required to "
@@ -2181,29 +2220,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1755
+#: sssd.conf.5.xml:1805
 msgid "TRUE = Users and groups are enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1758
+#: sssd.conf.5.xml:1808
 msgid "FALSE = No enumerations for this domain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1761 sssd.conf.5.xml:1983 sssd.conf.5.xml:2150
+#: sssd.conf.5.xml:1811 sssd.conf.5.xml:2033 sssd.conf.5.xml:2208
 msgid "Default: FALSE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1764
+#: sssd.conf.5.xml:1814
 msgid ""
 "Enumerating a domain requires SSSD to download and store ALL user and group "
 "entries from the remote server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1769
+#: sssd.conf.5.xml:1819
 msgid ""
 "Note: Enabling enumeration has a moderate performance impact on SSSD while "
 "enumeration is running. It may take up to several minutes after SSSD startup "
@@ -2217,14 +2256,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1784
+#: sssd.conf.5.xml:1834
 msgid ""
 "While the first enumeration is running, requests for the complete user or "
 "group lists may return no results until it completes."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1789
+#: sssd.conf.5.xml:1839
 msgid ""
 "Further, enabling enumeration may increase the time necessary to detect "
 "network disconnection, as longer timeouts are required to ensure that "
@@ -2233,39 +2272,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1797
+#: sssd.conf.5.xml:1847
 msgid ""
 "For the reasons cited above, enabling enumeration is not recommended, "
 "especially in large environments."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1805
+#: sssd.conf.5.xml:1855
 msgid "subdomain_enumerate (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1812
+#: sssd.conf.5.xml:1862
 msgid "all"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1813
+#: sssd.conf.5.xml:1863
 msgid "All discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1816
+#: sssd.conf.5.xml:1866
 msgid "none"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1817
+#: sssd.conf.5.xml:1867
 msgid "No discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1808
+#: sssd.conf.5.xml:1858
 msgid ""
 "Whether any of autodetected trusted domains should be enumerated. The "
 "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -2274,19 +2313,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1831
+#: sssd.conf.5.xml:1881
 msgid "entry_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1834
+#: sssd.conf.5.xml:1884
 msgid ""
 "How many seconds should nss_sss consider entries valid before asking the "
 "backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1838
+#: sssd.conf.5.xml:1888
 msgid ""
 "The cache expiration timestamps are stored as attributes of individual "
 "objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -2297,151 +2336,151 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1851
+#: sssd.conf.5.xml:1901
 msgid "Default: 5400"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1857
+#: sssd.conf.5.xml:1907
 msgid "entry_cache_user_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1860
+#: sssd.conf.5.xml:1910
 msgid ""
 "How many seconds should nss_sss consider user entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1864 sssd.conf.5.xml:1877 sssd.conf.5.xml:1890
-#: sssd.conf.5.xml:1903 sssd.conf.5.xml:1916 sssd.conf.5.xml:1930
-#: sssd.conf.5.xml:1944
+#: sssd.conf.5.xml:1914 sssd.conf.5.xml:1927 sssd.conf.5.xml:1940
+#: sssd.conf.5.xml:1953 sssd.conf.5.xml:1966 sssd.conf.5.xml:1980
+#: sssd.conf.5.xml:1994
 msgid "Default: entry_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1870
+#: sssd.conf.5.xml:1920
 msgid "entry_cache_group_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1873
+#: sssd.conf.5.xml:1923
 msgid ""
 "How many seconds should nss_sss consider group entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1883
+#: sssd.conf.5.xml:1933
 msgid "entry_cache_netgroup_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1886
+#: sssd.conf.5.xml:1936
 msgid ""
 "How many seconds should nss_sss consider netgroup entries valid before "
 "asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1896
+#: sssd.conf.5.xml:1946
 msgid "entry_cache_service_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1899
+#: sssd.conf.5.xml:1949
 msgid ""
 "How many seconds should nss_sss consider service entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1909
+#: sssd.conf.5.xml:1959
 msgid "entry_cache_sudo_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:1962
 msgid ""
 "How many seconds should sudo consider rules valid before asking the backend "
 "again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1922
+#: sssd.conf.5.xml:1972
 msgid "entry_cache_autofs_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1925
+#: sssd.conf.5.xml:1975
 msgid ""
 "How many seconds should the autofs service consider automounter maps valid "
 "before asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1936
+#: sssd.conf.5.xml:1986
 msgid "entry_cache_ssh_host_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1939
+#: sssd.conf.5.xml:1989
 msgid ""
 "How many seconds to keep a host ssh key after refresh. IE how long to cache "
 "the host key for."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1950
+#: sssd.conf.5.xml:2000
 msgid "refresh_expired_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1953
+#: sssd.conf.5.xml:2003
 msgid ""
 "Specifies how many seconds SSSD has to wait before triggering a background "
 "refresh task which will refresh all expired or nearly expired records."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1958
+#: sssd.conf.5.xml:2008
 msgid ""
 "The background refresh will process users, groups and netgroups in the cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1962
+#: sssd.conf.5.xml:2012
 msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1966 sssd-ldap.5.xml:746 sssd-ipa.5.xml:254
+#: sssd.conf.5.xml:2016 sssd-ldap.5.xml:746 sssd-ipa.5.xml:254
 msgid "Default: 0 (disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1972
+#: sssd.conf.5.xml:2022
 msgid "cache_credentials (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1975
+#: sssd.conf.5.xml:2025
 msgid "Determines if user credentials are also cached in the local LDB cache"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1979
+#: sssd.conf.5.xml:2029
 msgid "User credentials are stored in a SHA512 hash, not in plaintext"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1989
+#: sssd.conf.5.xml:2039
 msgid "cache_credentials_minimal_first_factor_length (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1992
+#: sssd.conf.5.xml:2042
 msgid ""
 "If 2-Factor-Authentication (2FA) is used and credentials should be saved "
 "this value determines the minimal length the first authentication factor "
@@ -2449,24 +2488,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1999
+#: sssd.conf.5.xml:2049
 msgid ""
 "This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
 "the cache which would make them easy targets for brute-force attacks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2004
+#: sssd.conf.5.xml:2054
 msgid "Default: 8"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2010
+#: sssd.conf.5.xml:2060
 msgid "account_cache_expiration (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2013
+#: sssd.conf.5.xml:2063
 msgid ""
 "Number of days entries are left in cache after last successful login before "
 "being removed during a cleanup of the cache. 0 means keep forever.  The "
@@ -2475,17 +2514,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2020
+#: sssd.conf.5.xml:2070
 msgid "Default: 0 (unlimited)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2025
+#: sssd.conf.5.xml:2075
 msgid "pwd_expiration_warning (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2036
+#: sssd.conf.5.xml:2086
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -2494,33 +2533,42 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2043
+#: sssd.conf.5.xml:2093
 msgid "Default: 7 (Kerberos), 0 (LDAP)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2049
+#: sssd.conf.5.xml:2099
 msgid "id_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2052
+#: sssd.conf.5.xml:2102
 msgid ""
 "The identification provider used for the domain.  Supported ID providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2056
-msgid "<quote>proxy</quote>: Support a legacy NSS provider"
+#: sssd.conf.5.xml:2106
+msgid "<quote>proxy</quote>: Support a legacy NSS provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2059 sssd.conf.5.xml:2196
-msgid "<quote>local</quote>: SSSD internal provider for local users"
+#: sssd.conf.5.xml:2109
+msgid ""
+"<quote>local</quote>: SSSD internal provider for local users (DEPRECATED)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2063
+#: sssd.conf.5.xml:2113
+msgid ""
+"<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-"
+"files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
+"information on how to mirror local users and groups into SSSD."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2121
 msgid ""
 "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
 "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -2528,8 +2576,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2071 sssd.conf.5.xml:2176 sssd.conf.5.xml:2231
-#: sssd.conf.5.xml:2294
+#: sssd.conf.5.xml:2129 sssd.conf.5.xml:2234 sssd.conf.5.xml:2289
+#: sssd.conf.5.xml:2352
 msgid ""
 "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
 "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -2538,8 +2586,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2080 sssd.conf.5.xml:2185 sssd.conf.5.xml:2240
-#: sssd.conf.5.xml:2303
+#: sssd.conf.5.xml:2138 sssd.conf.5.xml:2243 sssd.conf.5.xml:2298
+#: sssd.conf.5.xml:2361
 msgid ""
 "<quote>ad</quote>: Active Directory provider. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2547,19 +2595,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2091
+#: sssd.conf.5.xml:2149
 msgid "use_fully_qualified_names (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2094
+#: sssd.conf.5.xml:2152
 msgid ""
 "Use the full name and domain (as formatted by the domain's full_name_format) "
 "as the user's login name reported to NSS."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2099
+#: sssd.conf.5.xml:2157
 msgid ""
 "If set to TRUE, all requests to this domain must use fully qualified names. "
 "For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -2568,7 +2616,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2107
+#: sssd.conf.5.xml:2165
 msgid ""
 "NOTE: This option has no effect on netgroup lookups due to their tendency to "
 "include nested netgroups without qualified names. For netgroups, all domains "
@@ -2576,22 +2624,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2114
+#: sssd.conf.5.xml:2172
 msgid "Default: FALSE (TRUE if default_domain_suffix is used)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2120
+#: sssd.conf.5.xml:2178
 msgid "ignore_group_members (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2123
+#: sssd.conf.5.xml:2181
 msgid "Do not return group members for group lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2126
+#: sssd.conf.5.xml:2184
 msgid ""
 "If set to TRUE, the group membership attribute is not requested from the "
 "ldap server, and group members are not returned when processing group lookup "
@@ -2603,7 +2651,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2144
+#: sssd.conf.5.xml:2202
 msgid ""
 "Enabling this option can also make access provider checks for group "
 "membership significantly faster, especially for groups containing many "
@@ -2611,19 +2659,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2155
+#: sssd.conf.5.xml:2213
 msgid "auth_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2158
+#: sssd.conf.5.xml:2216
 msgid ""
 "The authentication provider used for the domain.  Supported auth providers "
 "are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2162 sssd.conf.5.xml:2224
+#: sssd.conf.5.xml:2220 sssd.conf.5.xml:2282
 msgid ""
 "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2631,7 +2679,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2169
+#: sssd.conf.5.xml:2227
 msgid ""
 "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2639,30 +2687,35 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2193
+#: sssd.conf.5.xml:2251
 msgid ""
 "<quote>proxy</quote> for relaying authentication to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2200
+#: sssd.conf.5.xml:2254
+msgid "<quote>local</quote>: SSSD internal provider for local users"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2258
 msgid "<quote>none</quote> disables authentication explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2203
+#: sssd.conf.5.xml:2261
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "authentication requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2209
+#: sssd.conf.5.xml:2267
 msgid "access_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2212
+#: sssd.conf.5.xml:2270
 msgid ""
 "The access control provider used for the domain.  There are two built-in "
 "access providers (in addition to any included in installed backends)  "
@@ -2670,19 +2723,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2218
+#: sssd.conf.5.xml:2276
 msgid ""
 "<quote>permit</quote> always allow access. It's the only permitted access "
 "provider for a local domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2221
+#: sssd.conf.5.xml:2279
 msgid "<quote>deny</quote> always deny access."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2248
+#: sssd.conf.5.xml:2306
 msgid ""
 "<quote>simple</quote> access control based on access or deny lists. See "
 "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -2691,7 +2744,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2255
+#: sssd.conf.5.xml:2313
 msgid ""
 "<quote>krb5</quote>: .k5login based access control.  See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
@@ -2699,29 +2752,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2262
+#: sssd.conf.5.xml:2320
 msgid "<quote>proxy</quote> for relaying access control to another PAM module."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2265
+#: sssd.conf.5.xml:2323
 msgid "Default: <quote>permit</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2270
+#: sssd.conf.5.xml:2328
 msgid "chpass_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2273
+#: sssd.conf.5.xml:2331
 msgid ""
 "The provider which should handle change password operations for the domain.  "
 "Supported change password providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2278
+#: sssd.conf.5.xml:2336
 msgid ""
 "<quote>ldap</quote> to change a password stored in a LDAP server. See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -2729,7 +2782,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2286
+#: sssd.conf.5.xml:2344
 msgid ""
 "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2737,35 +2790,35 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2311
+#: sssd.conf.5.xml:2369
 msgid ""
 "<quote>proxy</quote> for relaying password changes to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2315
+#: sssd.conf.5.xml:2373
 msgid "<quote>none</quote> disallows password changes explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2318
+#: sssd.conf.5.xml:2376
 msgid ""
 "Default: <quote>auth_provider</quote> is used if it is set and can handle "
 "change password requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2325
+#: sssd.conf.5.xml:2383
 msgid "sudo_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2328
+#: sssd.conf.5.xml:2386
 msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2332
+#: sssd.conf.5.xml:2390
 msgid ""
 "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2773,32 +2826,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2340
+#: sssd.conf.5.xml:2398
 msgid ""
 "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2344
+#: sssd.conf.5.xml:2402
 msgid ""
 "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2348
+#: sssd.conf.5.xml:2406
 msgid "<quote>none</quote> disables SUDO explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2351 sssd.conf.5.xml:2437 sssd.conf.5.xml:2507
-#: sssd.conf.5.xml:2532
+#: sssd.conf.5.xml:2409 sssd.conf.5.xml:2495 sssd.conf.5.xml:2565
+#: sssd.conf.5.xml:2590
 msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2355
+#: sssd.conf.5.xml:2413
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -2809,7 +2862,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2370
+#: sssd.conf.5.xml:2428
 msgid ""
 "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the "
 "background unless the sudo provider is explicitly disabled. Set "
@@ -2818,12 +2871,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2380
+#: sssd.conf.5.xml:2438
 msgid "selinux_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2383
+#: sssd.conf.5.xml:2441
 msgid ""
 "The provider which should handle loading of selinux settings. Note that this "
 "provider will be called right after access provider ends.  Supported selinux "
@@ -2831,7 +2884,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2389
+#: sssd.conf.5.xml:2447
 msgid ""
 "<quote>ipa</quote> to load selinux settings from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2839,31 +2892,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2397
+#: sssd.conf.5.xml:2455
 msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2400
+#: sssd.conf.5.xml:2458
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "selinux loading requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2406
+#: sssd.conf.5.xml:2464
 msgid "subdomains_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2409
+#: sssd.conf.5.xml:2467
 msgid ""
 "The provider which should handle fetching of subdomains. This value should "
 "be always the same as id_provider.  Supported subdomain providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2415
+#: sssd.conf.5.xml:2473
 msgid ""
 "<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2871,7 +2924,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2424
+#: sssd.conf.5.xml:2482
 msgid ""
 "<quote>ad</quote> to load a list of subdomains from an Active Directory "
 "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -2880,17 +2933,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2433
+#: sssd.conf.5.xml:2491
 msgid "<quote>none</quote> disallows fetching subdomains explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2443
+#: sssd.conf.5.xml:2501
 msgid "session_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2446
+#: sssd.conf.5.xml:2504
 msgid ""
 "The provider which configures and manages user session related tasks. The "
 "only user session task currently provided is the integration with Fleet "
@@ -2898,43 +2951,43 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2453
+#: sssd.conf.5.xml:2511
 msgid "<quote>ipa</quote> to allow performing user session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2457
+#: sssd.conf.5.xml:2515
 msgid ""
 "<quote>none</quote> does not perform any kind of user session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2461
+#: sssd.conf.5.xml:2519
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can perform "
 "session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2465
+#: sssd.conf.5.xml:2523
 msgid ""
 "<emphasis>NOTE:</emphasis> In order to have this feature working as expected "
 "SSSD must be running as \"root\" and not as the unprivileged user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2473
+#: sssd.conf.5.xml:2531
 msgid "autofs_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2476
+#: sssd.conf.5.xml:2534
 msgid ""
 "The autofs provider used for the domain.  Supported autofs providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2480
+#: sssd.conf.5.xml:2538
 msgid ""
 "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2942,7 +2995,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2487
+#: sssd.conf.5.xml:2545
 msgid ""
 "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
 "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2950,7 +3003,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2495
+#: sssd.conf.5.xml:2553
 msgid ""
 "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2958,24 +3011,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2504
+#: sssd.conf.5.xml:2562
 msgid "<quote>none</quote> disables autofs explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2514
+#: sssd.conf.5.xml:2572
 msgid "hostid_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2517
+#: sssd.conf.5.xml:2575
 msgid ""
 "The provider used for retrieving host identity information.  Supported "
 "hostid providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2521
+#: sssd.conf.5.xml:2579
 msgid ""
 "<quote>ipa</quote> to load host identity stored in an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2983,12 +3036,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2529
+#: sssd.conf.5.xml:2587
 msgid "<quote>none</quote> disables hostid explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2542
+#: sssd.conf.5.xml:2600
 msgid ""
 "Regular expression for this domain that describes how to parse the string "
 "containing user name and domain into these components.  The \"domain\" can "
@@ -2998,7 +3051,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2551
+#: sssd.conf.5.xml:2609
 msgid ""
 "Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
 "\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -3008,29 +3061,29 @@ msgstr ""
 
 # auto translated by TM merge from project: Fedora Websites, version: fedorahosted.org, DocId: po/fedorahosted
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2556
+#: sssd.conf.5.xml:2614
 msgid "username"
 msgstr "username"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2559
+#: sssd.conf.5.xml:2617
 msgid "username@domain.name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2562
+#: sssd.conf.5.xml:2620
 msgid "domain\\username"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2565
+#: sssd.conf.5.xml:2623
 msgid ""
 "While the first two correspond to the general default the third one is "
 "introduced to allow easy integration of users from Windows domains."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2570
+#: sssd.conf.5.xml:2628
 msgid ""
 "Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
 "which translates to \"the name is everything up to the <quote>@</quote> "
@@ -3038,7 +3091,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2576
+#: sssd.conf.5.xml:2634
 msgid ""
 "PLEASE NOTE: the support for non-unique named subpatterns is not available "
 "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -3046,66 +3099,66 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2583
+#: sssd.conf.5.xml:2641
 msgid ""
 "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
 "P&lt;name&gt;) to label subpatterns."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2630
+#: sssd.conf.5.xml:2688
 msgid "Default: <quote>%1$s@%2$s</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2636
+#: sssd.conf.5.xml:2694
 msgid "lookup_family_order (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2639
+#: sssd.conf.5.xml:2697
 msgid ""
 "Provides the ability to select preferred address family to use when "
 "performing DNS lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2643
+#: sssd.conf.5.xml:2701
 msgid "Supported values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2646
+#: sssd.conf.5.xml:2704
 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2649
+#: sssd.conf.5.xml:2707
 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2652
+#: sssd.conf.5.xml:2710
 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2655
+#: sssd.conf.5.xml:2713
 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2658
+#: sssd.conf.5.xml:2716
 msgid "Default: ipv4_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2664
+#: sssd.conf.5.xml:2722
 msgid "dns_resolver_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2667
+#: sssd.conf.5.xml:2725
 msgid ""
 "Defines the amount of time (in seconds) to wait for a reply from the "
 "internal fail over service before assuming that the service is unreachable. "
@@ -3114,77 +3167,77 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2674
+#: sssd.conf.5.xml:2732
 msgid ""
 "Please see the section <quote>FAILOVER</quote> for more information about "
 "the service resolution."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2679 sssd-ldap.5.xml:1396 sssd-ldap.5.xml:1438
+#: sssd.conf.5.xml:2737 sssd-ldap.5.xml:1396 sssd-ldap.5.xml:1438
 #: sssd-ldap.5.xml:1456 sssd-krb5.5.xml:248
 msgid "Default: 6"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2685
+#: sssd.conf.5.xml:2743
 msgid "dns_discovery_domain (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2688
+#: sssd.conf.5.xml:2746
 msgid ""
 "If service discovery is used in the back end, specifies the domain part of "
 "the service discovery DNS query."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2692
+#: sssd.conf.5.xml:2750
 msgid "Default: Use the domain part of machine's hostname"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2698
+#: sssd.conf.5.xml:2756
 msgid "override_gid (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2701
+#: sssd.conf.5.xml:2759
 msgid "Override the primary GID value with the one specified."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2707
+#: sssd.conf.5.xml:2765
 msgid "case_sensitive (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2715
+#: sssd.conf.5.xml:2773
 msgid "True"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2718
+#: sssd.conf.5.xml:2776
 msgid "Case sensitive. This value is invalid for AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2724
+#: sssd.conf.5.xml:2782
 msgid "False"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2726
+#: sssd.conf.5.xml:2784
 msgid "Case insensitive."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2730
+#: sssd.conf.5.xml:2788
 msgid "Preserving"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2733
+#: sssd.conf.5.xml:2791
 msgid ""
 "Same as False (case insensitive), but does not lowercase names in the result "
 "of NSS operations. Note that name aliases (and in case of services also "
@@ -3192,7 +3245,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2710
+#: sssd.conf.5.xml:2768
 msgid ""
 "Treat user and group names as case sensitive. At the moment, this option is "
 "not supported in the local provider. Possible option values are: "
@@ -3200,17 +3253,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2745
+#: sssd.conf.5.xml:2803
 msgid "Default: True (False for AD provider)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2751
+#: sssd.conf.5.xml:2809
 msgid "subdomain_inherit (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2754
+#: sssd.conf.5.xml:2812
 msgid ""
 "Specifies a list of configuration parameters that should be inherited by a "
 "subdomain. Please note that only selected parameters can be inherited.  "
@@ -3218,34 +3271,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2760
+#: sssd.conf.5.xml:2818
 msgid "ignore_group_members"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2763
+#: sssd.conf.5.xml:2821
 msgid "ldap_purge_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2766 sssd-ldap.5.xml:1120
+#: sssd.conf.5.xml:2824 sssd-ldap.5.xml:1120
 msgid "ldap_use_tokengroups"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2769
+#: sssd.conf.5.xml:2827
 msgid "ldap_user_principal"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2772
+#: sssd.conf.5.xml:2830
 msgid ""
 "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
 "is not set explicitly)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:2778
+#: sssd.conf.5.xml:2836
 #, no-wrap
 msgid ""
 "subdomain_inherit = ldap_purge_cache_timeout\n"
@@ -3253,32 +3306,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2776 sssd-secrets.5.xml:448
+#: sssd.conf.5.xml:2834 sssd-secrets.5.xml:448
 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2785
+#: sssd.conf.5.xml:2843
 msgid "Note: This option only works with the IPA and AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2792
+#: sssd.conf.5.xml:2850
 msgid "subdomain_homedir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2803
+#: sssd.conf.5.xml:2861
 msgid "%F"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2804
+#: sssd.conf.5.xml:2862
 msgid "flat (NetBIOS) name of a subdomain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2795
+#: sssd.conf.5.xml:2853
 msgid ""
 "Use this homedir as default value for all subdomains within this domain in "
 "IPA AD trust.  See <emphasis>override_homedir</emphasis> for info about "
@@ -3288,34 +3341,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2809
+#: sssd.conf.5.xml:2867
 msgid ""
 "The value can be overridden by <emphasis>override_homedir</emphasis> option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2813
+#: sssd.conf.5.xml:2871
 msgid "Default: <filename>/home/%d/%u</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2818
+#: sssd.conf.5.xml:2876
 msgid "realmd_tags (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2821
+#: sssd.conf.5.xml:2879
 msgid ""
 "Various tags stored by the realmd configuration service for this domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2827
+#: sssd.conf.5.xml:2885
 msgid "cached_auth_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2830
+#: sssd.conf.5.xml:2888
 msgid ""
 "Specifies time in seconds since last successful online authentication for "
 "which user will be authenticated using cached credentials while SSSD is in "
@@ -3323,12 +3376,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2836
+#: sssd.conf.5.xml:2894
 msgid "Special value 0 implies that this feature is disabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2840
+#: sssd.conf.5.xml:2898
 msgid ""
 "Please note that if <quote>cached_auth_timeout</quote> is longer than "
 "<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -3336,26 +3389,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2851
+#: sssd.conf.5.xml:2909
 msgid "auto_private_groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2854
+#: sssd.conf.5.xml:2912
 msgid ""
 "If this option is enabled, SSSD will automatically create user private "
 "groups based on user's UID number. The GID number is ignored in this case."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2859
+#: sssd.conf.5.xml:2917
 msgid ""
 "For POSIX subdomains, setting the option in the main domain is inherited in "
 "the subdomain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2863
+#: sssd.conf.5.xml:2921
 msgid ""
 "For ID-mapping subdomains, auto_private_groups is already enabled for the "
 "subdomains and setting it to false will not have any effect for the "
@@ -3363,7 +3416,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2868
+#: sssd.conf.5.xml:2926
 msgid ""
 "NOTE: Because the GID number and the user private group are inferred from "
 "the UID number, it is not supported to have multiple entries with the same "
@@ -3372,7 +3425,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1677
+#: sssd.conf.5.xml:1727
 msgid ""
 "These configuration options can be present in a domain configuration "
 "section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -3380,29 +3433,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2887
+#: sssd.conf.5.xml:2945
 msgid "proxy_pam_target (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2890
+#: sssd.conf.5.xml:2948
 msgid "The proxy target PAM proxies to."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2893
+#: sssd.conf.5.xml:2951
 msgid ""
 "Default: not set by default, you have to take an existing pam configuration "
 "or create a new one and add the service name here."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2901
+#: sssd.conf.5.xml:2959
 msgid "proxy_lib_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2904
+#: sssd.conf.5.xml:2962
 msgid ""
 "The name of the NSS library to use in proxy domains. The NSS functions "
 "searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -3410,12 +3463,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2914
+#: sssd.conf.5.xml:2972
 msgid "proxy_fast_alias (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2917
+#: sssd.conf.5.xml:2975
 msgid ""
 "When a user or group is looked up by name in the proxy provider, a second "
 "lookup by ID is performed to \"canonicalize\" the name in case the requested "
@@ -3424,12 +3477,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2931
+#: sssd.conf.5.xml:2989
 msgid "proxy_max_children (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2934
+#: sssd.conf.5.xml:2992
 msgid ""
 "This option specifies the number of pre-forked proxy children. It is useful "
 "for high-load SSSD environments where sssd may run out of available child "
@@ -3437,19 +3490,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2883
+#: sssd.conf.5.xml:2941
 msgid ""
 "Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
 "\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2950
+#: sssd.conf.5.xml:3008
 msgid "Application domains"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2952
+#: sssd.conf.5.xml:3010
 msgid ""
 "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</"
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to "
@@ -3466,7 +3519,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2972
+#: sssd.conf.5.xml:3030
 msgid ""
 "Please note that the application domain must still be explicitly enabled in "
 "the <quote>domains</quote> parameter so that the lookup order between the "
@@ -3474,17 +3527,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:2978
+#: sssd.conf.5.xml:3036
 msgid "Application domain parameters"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2980
+#: sssd.conf.5.xml:3038
 msgid "inherit_from (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2983
+#: sssd.conf.5.xml:3041
 msgid ""
 "The SSSD POSIX-type domain the application domain inherits all settings "
 "from. The application domain can moreover add its own settings to the "
@@ -3493,7 +3546,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2997
+#: sssd.conf.5.xml:3055
 msgid ""
 "The following example illustrates the use of an application domain. In this "
 "setup, the POSIX domain is connected to an LDAP server and is used by the OS "
@@ -3503,7 +3556,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting>
-#: sssd.conf.5.xml:3005
+#: sssd.conf.5.xml:3063
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -3523,12 +3576,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:3023
+#: sssd.conf.5.xml:3081
 msgid "The local domain section"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:3025
+#: sssd.conf.5.xml:3083
 msgid ""
 "This section contains settings for domain that stores users and groups in "
 "SSSD native database, that is, a domain that uses "
@@ -3536,73 +3589,73 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3032
+#: sssd.conf.5.xml:3090
 msgid "default_shell (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3035
+#: sssd.conf.5.xml:3093
 msgid "The default shell for users created with SSSD userspace tools."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3039
+#: sssd.conf.5.xml:3097
 msgid "Default: <filename>/bin/bash</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3044
+#: sssd.conf.5.xml:3102
 msgid "base_directory (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3047
+#: sssd.conf.5.xml:3105
 msgid ""
 "The tools append the login name to <replaceable>base_directory</replaceable> "
 "and use that as the home directory."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3052
+#: sssd.conf.5.xml:3110
 msgid "Default: <filename>/home</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3057
+#: sssd.conf.5.xml:3115
 msgid "create_homedir (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3060
+#: sssd.conf.5.xml:3118
 msgid ""
 "Indicate if a home directory should be created by default for new users.  "
 "Can be overridden on command line."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3064 sssd.conf.5.xml:3076
+#: sssd.conf.5.xml:3122 sssd.conf.5.xml:3134
 msgid "Default: TRUE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3069
+#: sssd.conf.5.xml:3127
 msgid "remove_homedir (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3072
+#: sssd.conf.5.xml:3130
 msgid ""
 "Indicate if a home directory should be removed by default for deleted "
 "users.  Can be overridden on command line."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3081
+#: sssd.conf.5.xml:3139
 msgid "homedir_umask (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3084
+#: sssd.conf.5.xml:3142
 msgid ""
 "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
 "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -3610,17 +3663,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3092
+#: sssd.conf.5.xml:3150
 msgid "Default: 077"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3097
+#: sssd.conf.5.xml:3155
 msgid "skel_dir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3100
+#: sssd.conf.5.xml:3158
 msgid ""
 "The skeleton directory, which contains files and directories to be copied in "
 "the user's home directory, when the home directory is created by "
@@ -3629,17 +3682,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3110
+#: sssd.conf.5.xml:3168
 msgid "Default: <filename>/etc/skel</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3115
+#: sssd.conf.5.xml:3173
 msgid "mail_dir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3118
+#: sssd.conf.5.xml:3176
 msgid ""
 "The mail spool directory. This is needed to manipulate the mailbox when its "
 "corresponding user account is modified or deleted.  If not specified, a "
@@ -3647,17 +3700,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3125
+#: sssd.conf.5.xml:3183
 msgid "Default: <filename>/var/mail</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3130
+#: sssd.conf.5.xml:3188
 msgid "userdel_cmd (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3133
+#: sssd.conf.5.xml:3191
 msgid ""
 "The command that is run after a user is removed.  The command us passed the "
 "username of the user being removed as the first and only parameter. The "
@@ -3665,17 +3718,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3139
+#: sssd.conf.5.xml:3197
 msgid "Default: None, no command is run"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:3149
+#: sssd.conf.5.xml:3207
 msgid "TRUSTED DOMAIN SECTION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3151
+#: sssd.conf.5.xml:3209
 msgid ""
 "Some options used in the domain section can also be used in the trusted "
 "domain section, that is, in a section called <quote>[domain/"
@@ -3686,64 +3739,64 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3158
+#: sssd.conf.5.xml:3216
 msgid "ldap_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3159
+#: sssd.conf.5.xml:3217
 msgid "ldap_user_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3160
+#: sssd.conf.5.xml:3218
 msgid "ldap_group_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3161
+#: sssd.conf.5.xml:3219
 msgid "ldap_netgroup_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3162
+#: sssd.conf.5.xml:3220
 msgid "ldap_service_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3163
+#: sssd.conf.5.xml:3221
 msgid "ad_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3164
+#: sssd.conf.5.xml:3222
 msgid "ad_backup_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3165
+#: sssd.conf.5.xml:3223
 msgid "ad_site,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3166
+#: sssd.conf.5.xml:3224
 msgid "use_fully_qualified_names"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3168
+#: sssd.conf.5.xml:3226
 msgid ""
 "For more details about these options see their individual description in the "
 "manual page."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:3174 idmap_sss.8.xml:43
+#: sssd.conf.5.xml:3232 idmap_sss.8.xml:43
 msgid "EXAMPLES"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:3180
+#: sssd.conf.5.xml:3238
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -3773,7 +3826,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3176
+#: sssd.conf.5.xml:3234
 msgid ""
 "1. The following example shows a typical SSSD config. It does not describe "
 "configuration of the domains themselves - refer to documentation on "
@@ -3782,7 +3835,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:3213
+#: sssd.conf.5.xml:3271
 #, no-wrap
 msgid ""
 "[domain/ipa.com/child.ad.com]\n"
@@ -3790,7 +3843,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3207
+#: sssd.conf.5.xml:3265
 msgid ""
 "2. The following example shows configuration of IPA AD trust where the AD "
 "forest consists of two domains in a parent-child structure.  Suppose IPA "
@@ -3838,7 +3891,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:81 sssd-ad.5.xml:112
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:81 sssd-ad.5.xml:115
 #: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44 sssd-files.5.xml:57
 #: sssd-secrets.5.xml:120 sssd-session-recording.5.xml:58 sssd-kcm.8.xml:139
 msgid "CONFIGURATION OPTIONS"
@@ -3939,7 +3992,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:662 sssd-ad.5.xml:283
+#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:662 sssd-ad.5.xml:286
 #: sss_override.8.xml:137 sss_override.8.xml:234
 msgid "Examples:"
 msgstr ""
@@ -5754,7 +5807,7 @@ msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1853 sssd-ad.5.xml:934
+#: sssd-ldap.5.xml:1853 sssd-ad.5.xml:937
 msgid "Default: 86400 (24 hours)"
 msgstr ""
 
@@ -6826,8 +6879,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd-ldap.5.xml:2816 sssd-simple.5.xml:131 sssd-ipa.5.xml:736
-#: sssd-ad.5.xml:1038 sssd-krb5.5.xml:570 sss_rpcidmapd.5.xml:98
-#: sssd-files.5.xml:71 sssd-session-recording.5.xml:144
+#: sssd-ad.5.xml:1041 sssd-krb5.5.xml:570 sss_rpcidmapd.5.xml:98
+#: sssd-files.5.xml:103 sssd-session-recording.5.xml:144
 msgid "EXAMPLE"
 msgstr ""
 
@@ -6854,8 +6907,8 @@ msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para>
 #: sssd-ldap.5.xml:2823 sssd-ldap.5.xml:2841 sssd-simple.5.xml:139
-#: sssd-ipa.5.xml:744 sssd-ad.5.xml:1046 sssd-sudo.5.xml:56 sssd-krb5.5.xml:579
-#: sssd-files.5.xml:78 sssd-session-recording.5.xml:150
+#: sssd-ipa.5.xml:744 sssd-ad.5.xml:1049 sssd-sudo.5.xml:56 sssd-krb5.5.xml:579
+#: sssd-files.5.xml:110 sssd-session-recording.5.xml:150
 #: include/ldap_id_mapping.xml:105
 msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
@@ -6890,7 +6943,7 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd-ldap.5.xml:2857 sssd_krb5_locator_plugin.8.xml:61 sssd-simple.5.xml:148
-#: sssd-ad.5.xml:1061 sssd.8.xml:230 sss_seed.8.xml:163
+#: sssd-ad.5.xml:1064 sssd.8.xml:230 sss_seed.8.xml:163
 msgid "NOTES"
 msgstr ""
 
@@ -7301,7 +7354,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:82 sssd-ad.5.xml:113
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:82 sssd-ad.5.xml:116
 msgid ""
 "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
 "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -7398,23 +7451,24 @@ msgstr ""
 msgid ""
 "The rules are processed by priority while the number '0' (zero)  indicates "
 "the highest priority. The higher the number the lower is the priority. A "
-"missing value indicates the lowest priority."
+"missing value indicates the lowest priority. The rules processing is stopped "
+"when a matched rule is found and no further rules are checked."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:50
+#: sss-certmap.5.xml:52
 msgid ""
 "Internally the priority is treated as unsigned 32bit integer, using a "
 "priority value larger than 4294967295 will cause an error."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sss-certmap.5.xml:55
+#: sss-certmap.5.xml:57
 msgid "MATCHING RULE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:57
+#: sss-certmap.5.xml:59
 msgid ""
 "The matching rule is used to select a certificate to which the mapping rule "
 "should be applied. It uses a system similar to the one used by "
@@ -7426,12 +7480,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:69
+#: sss-certmap.5.xml:71
 msgid "&lt;SUBJECT&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:72
+#: sss-certmap.5.xml:74
 msgid ""
 "With this a part or the whole subject name of the certificate can be "
 "matched. For the matching POSIX Extended Regular Expression syntax is used, "
@@ -7439,7 +7493,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:78
+#: sss-certmap.5.xml:80
 msgid ""
 "For the matching the subject name stored in the certificate in DER encoded "
 "ASN.1 is converted into a string according to RFC 4514. This means the most "
@@ -7452,172 +7506,172 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:91
+#: sss-certmap.5.xml:93
 msgid "Example: &lt;SUBJECT&gt;.*,DC=MY,DC=DOMAIN"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:96
+#: sss-certmap.5.xml:98
 msgid "&lt;ISSUER&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:99
+#: sss-certmap.5.xml:101
 msgid ""
 "With this a part or the whole issuer name of the certificate can be matched. "
 "All comments for &lt;SUBJECT&gt; apply her as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:104
+#: sss-certmap.5.xml:106
 msgid "Example: &lt;ISSUER&gt;^CN=My-CA,DC=MY,DC=DOMAIN$"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:109
+#: sss-certmap.5.xml:111
 msgid "&lt;KU&gt;key-usage"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:112
+#: sss-certmap.5.xml:114
 msgid ""
 "This option can be used to specify which key usage values the certificate "
 "should have. The following values can be used in a comma separated list:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:116
+#: sss-certmap.5.xml:118
 msgid "digitalSignature"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:117
+#: sss-certmap.5.xml:119
 msgid "nonRepudiation"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:118
+#: sss-certmap.5.xml:120
 msgid "keyEncipherment"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:119
+#: sss-certmap.5.xml:121
 msgid "dataEncipherment"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:120
+#: sss-certmap.5.xml:122
 msgid "keyAgreement"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:121
+#: sss-certmap.5.xml:123
 msgid "keyCertSign"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:122
+#: sss-certmap.5.xml:124
 msgid "cRLSign"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:123
+#: sss-certmap.5.xml:125
 msgid "encipherOnly"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:124
+#: sss-certmap.5.xml:126
 msgid "decipherOnly"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:128
+#: sss-certmap.5.xml:130
 msgid ""
 "A numerical value in the range of a 32bit unsigned integer can be used as "
 "well to cover special use cases."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:132
+#: sss-certmap.5.xml:134
 msgid "Example: &lt;KU&gt;digitalSignature,keyEncipherment"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:137
+#: sss-certmap.5.xml:139
 msgid "&lt;EKU&gt;extended-key-usage"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:140
+#: sss-certmap.5.xml:142
 msgid ""
 "This option can be used to specify which extended key usage the certificate "
 "should have. The following value can be used in a comma separated list:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:144
+#: sss-certmap.5.xml:146
 msgid "serverAuth"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:145
+#: sss-certmap.5.xml:147
 msgid "clientAuth"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:146
+#: sss-certmap.5.xml:148
 msgid "codeSigning"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:147
+#: sss-certmap.5.xml:149
 msgid "emailProtection"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:148
+#: sss-certmap.5.xml:150
 msgid "timeStamping"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:149
+#: sss-certmap.5.xml:151
 msgid "OCSPSigning"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:150
+#: sss-certmap.5.xml:152
 msgid "KPClientAuth"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:151
+#: sss-certmap.5.xml:153
 msgid "pkinit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:152
+#: sss-certmap.5.xml:154
 msgid "msScLogin"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:156
+#: sss-certmap.5.xml:158
 msgid ""
 "Extended key usages which are not listed above can be specified with their "
 "OID in dotted-decimal notation."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:160
+#: sss-certmap.5.xml:162
 msgid "Example: &lt;EKU&gt;clientAuth,1.3.6.1.5.2.3.4"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:165
+#: sss-certmap.5.xml:167
 msgid "&lt;SAN&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:168
+#: sss-certmap.5.xml:170
 msgid ""
 "To be compatible with the usage of MIT Kerberos this option will match the "
 "Kerberos principals in the PKINIT or AD NT Principal SAN as &lt;SAN:"
@@ -7625,62 +7679,62 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:173
+#: sss-certmap.5.xml:175
 msgid "Example: &lt;SAN&gt;.*@MY\\.REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:178
+#: sss-certmap.5.xml:180
 msgid "&lt;SAN:Principal&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:181
+#: sss-certmap.5.xml:183
 msgid "Match the Kerberos principals in the PKINIT or AD NT Principal SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:185
+#: sss-certmap.5.xml:187
 msgid "Example: &lt;SAN:Principal&gt;.*@MY\\.REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:190
+#: sss-certmap.5.xml:192
 msgid "&lt;SAN:ntPrincipalName&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:193
+#: sss-certmap.5.xml:195
 msgid "Match the Kerberos principals from the AD NT Principal SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:197
+#: sss-certmap.5.xml:199
 msgid "Example: &lt;SAN:ntPrincipalName&gt;.*@MY.AD.REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:202
+#: sss-certmap.5.xml:204
 msgid "&lt;SAN:pkinit&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:205
+#: sss-certmap.5.xml:207
 msgid "Match the Kerberos principals from the PKINIT SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:208
+#: sss-certmap.5.xml:210
 msgid "Example: &lt;SAN:ntPrincipalName&gt;.*@MY\\.PKINIT\\.REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:213
+#: sss-certmap.5.xml:215
 msgid "&lt;SAN:dotted-decimal-oid&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:216
+#: sss-certmap.5.xml:218
 msgid ""
 "Take the value of the otherName SAN component given by the OID in dotted-"
 "decimal notation, interpret it as string and try to match it against the "
@@ -7688,17 +7742,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:222
+#: sss-certmap.5.xml:224
 msgid "Example: &lt;SAN:1.2.3.4&gt;test"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:227
+#: sss-certmap.5.xml:229
 msgid "&lt;SAN:otherName&gt;base64-string"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:230
+#: sss-certmap.5.xml:232
 msgid ""
 "Do a binary match with the base64 encoded blob against all otherName SAN "
 "components. With this option it is possible to match against custom "
@@ -7707,145 +7761,145 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:237
+#: sss-certmap.5.xml:239
 msgid "Example: &lt;SAN:otherName&gt;MTIz"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:242
+#: sss-certmap.5.xml:244
 msgid "&lt;SAN:rfc822Name&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:245
+#: sss-certmap.5.xml:247
 msgid "Match the value of the rfc822Name SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:248
+#: sss-certmap.5.xml:250
 msgid "Example: &lt;SAN:rfc822Name&gt;.*@email\\.domain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:253
+#: sss-certmap.5.xml:255
 msgid "&lt;SAN:dNSName&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:256
+#: sss-certmap.5.xml:258
 msgid "Match the value of the dNSName SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:259
+#: sss-certmap.5.xml:261
 msgid "Example: &lt;SAN:dNSName&gt;.*\\.my\\.dns\\.domain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:264
+#: sss-certmap.5.xml:266
 msgid "&lt;SAN:x400Address&gt;base64-string"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:267
+#: sss-certmap.5.xml:269
 msgid "Binary match the value of the x400Address SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:270
+#: sss-certmap.5.xml:272
 msgid "Example: &lt;SAN:x400Address&gt;MTIz"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:275
+#: sss-certmap.5.xml:277
 msgid "&lt;SAN:directoryName&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:278
+#: sss-certmap.5.xml:280
 msgid ""
 "Match the value of the directoryName SAN. The same comments as given for &lt;"
 "ISSUER&gt; and &lt;SUBJECT&gt; apply here as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:283
+#: sss-certmap.5.xml:285
 msgid "Example: &lt;SAN:directoryName&gt;.*,DC=com"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:288
+#: sss-certmap.5.xml:290
 msgid "&lt;SAN:ediPartyName&gt;base64-string"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:291
+#: sss-certmap.5.xml:293
 msgid "Binary match the value of the ediPartyName SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:294
+#: sss-certmap.5.xml:296
 msgid "Example: &lt;SAN:ediPartyName&gt;MTIz"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:299
+#: sss-certmap.5.xml:301
 msgid "&lt;SAN:uniformResourceIdentifier&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:302
+#: sss-certmap.5.xml:304
 msgid "Match the value of the uniformResourceIdentifier SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:305
+#: sss-certmap.5.xml:307
 msgid "Example: &lt;SAN:uniformResourceIdentifier&gt;URN:.*"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:310
+#: sss-certmap.5.xml:312
 msgid "&lt;SAN:iPAddress&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:313
+#: sss-certmap.5.xml:315
 msgid "Match the value of the iPAddress SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:316
+#: sss-certmap.5.xml:318
 msgid "Example: &lt;SAN:iPAddress&gt;192\\.168\\..*"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:321
+#: sss-certmap.5.xml:323
 msgid "&lt;SAN:registeredID&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:324
+#: sss-certmap.5.xml:326
 msgid "Match the value of the registeredID SAN as dotted-decimal string."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:328
+#: sss-certmap.5.xml:330
 msgid "Example: &lt;SAN:registeredID&gt;1\\.2\\.3\\..*"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:66
+#: sss-certmap.5.xml:68
 msgid ""
 "The available options are: <placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sss-certmap.5.xml:336
+#: sss-certmap.5.xml:338
 msgid "MAPPING RULE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:338
+#: sss-certmap.5.xml:340
 msgid ""
 "The mapping rule is used to associate a certificate with one or more "
 "accounts. A Smartcard with the certificate and the matching private key can "
@@ -7853,7 +7907,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:343
+#: sss-certmap.5.xml:345
 msgid ""
 "Currently SSSD basically only supports LDAP to lookup user information (the "
 "exception is the proxy provider which is not of relevance here). Because of "
@@ -7865,7 +7919,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:353
+#: sss-certmap.5.xml:355
 msgid ""
 "In general it is recommended to use attributes from the certificate and add "
 "them to special attributes to the LDAP user object. E.g. the "
@@ -7874,7 +7928,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:359
+#: sss-certmap.5.xml:361
 msgid ""
 "This should be preferred to read user specific data from the certificate "
 "like e.g. an email address and search for it in the LDAP server. The reason "
@@ -7884,12 +7938,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:374
+#: sss-certmap.5.xml:376
 msgid "{issuer_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:377
+#: sss-certmap.5.xml:379
 msgid ""
 "This template will add the full issuer DN converted to a string according to "
 "RFC 4514. If X.500 ordering (most specific RDN comes last) an option with "
@@ -7897,40 +7951,40 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:383 sss-certmap.5.xml:409
+#: sss-certmap.5.xml:385 sss-certmap.5.xml:411
 msgid ""
 "The conversion options starting with 'ad_' will use attribute names as used "
 "by AD, e.g. 'S' instead of 'ST'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:387 sss-certmap.5.xml:413
+#: sss-certmap.5.xml:389 sss-certmap.5.xml:415
 msgid ""
 "The conversion options starting with 'nss_' will use attribute names as used "
 "by NSS."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:391 sss-certmap.5.xml:417
+#: sss-certmap.5.xml:393 sss-certmap.5.xml:419
 msgid ""
 "The default conversion option is 'nss', i.e. attribute names according to "
 "NSS and LDAP/RFC 4514 ordering."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:395
+#: sss-certmap.5.xml:397
 msgid ""
 "Example: (ipacertmapdata=X509:&lt;I&gt;{issuer_dn!ad}&lt;S&gt;{subject_dn!"
 "ad})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:400
+#: sss-certmap.5.xml:402
 msgid "{subject_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:403
+#: sss-certmap.5.xml:405
 msgid ""
 "This template will add the full subject DN converted to string according to "
 "RFC 4514. If X.500 ordering (most specific RDN comes last) an option with "
@@ -7938,19 +7992,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:421
+#: sss-certmap.5.xml:423
 msgid ""
 "Example: (ipacertmapdata=X509:&lt;I&gt;{issuer_dn!nss_x500}&lt;S&gt;"
 "{subject_dn!nss_x500})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:426
+#: sss-certmap.5.xml:428
 msgid "{cert[!(bin|base64)]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:429
+#: sss-certmap.5.xml:431
 msgid ""
 "This template will add the whole DER encoded certificate as a string to the "
 "search filter. Depending on the conversion option the binary certificate is "
@@ -7960,17 +8014,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:437
+#: sss-certmap.5.xml:439
 msgid "Example: (userCertificate;binary={cert!bin})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:442
+#: sss-certmap.5.xml:444
 msgid "{subject_principal[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:445
+#: sss-certmap.5.xml:447
 msgid ""
 "This template will add the Kerberos principal which is taken either from the "
 "SAN used by pkinit or the one used by AD. The 'short_name' component "
@@ -7978,19 +8032,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:451 sss-certmap.5.xml:479
+#: sss-certmap.5.xml:453 sss-certmap.5.xml:481
 msgid ""
 "Example: (|(userPrincipal={subject_principal})"
 "(samAccountName={subject_principal.short_name}))"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:456
+#: sss-certmap.5.xml:458
 msgid "{subject_pkinit_principal[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:459
+#: sss-certmap.5.xml:461
 msgid ""
 "This template will add the Kerberos principal which is given by the SAN used "
 "by pkinit. The 'short_name' component represents the first part of the "
@@ -7998,19 +8052,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:465
+#: sss-certmap.5.xml:467
 msgid ""
 "Example: (|(userPrincipal={subject_pkinit_principal})"
 "(uid={subject_pkinit_principal.short_name}))"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:470
+#: sss-certmap.5.xml:472
 msgid "{subject_nt_principal[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:473
+#: sss-certmap.5.xml:475
 msgid ""
 "This template will add the Kerberos principal which is given by the SAN used "
 "by AD. The 'short_name' component represent the first part of the principal "
@@ -8018,12 +8072,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:484
+#: sss-certmap.5.xml:486
 msgid "{subject_rfc822_name[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:487
+#: sss-certmap.5.xml:489
 msgid ""
 "This template will add the string which is stored in the rfc822Name "
 "component of the SAN, typically an email address. The 'short_name' component "
@@ -8031,19 +8085,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:493
+#: sss-certmap.5.xml:495
 msgid ""
 "Example: (|(mail={subject_rfc822_name})(uid={subject_rfc822_name."
 "short_name}))"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:498
+#: sss-certmap.5.xml:500
 msgid "{subject_dns_name[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:501
+#: sss-certmap.5.xml:503
 msgid ""
 "This template will add the string which is stored in the dNSName component "
 "of the SAN, typically a fully-qualified host name.  The 'short_name' "
@@ -8051,116 +8105,116 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:507
+#: sss-certmap.5.xml:509
 msgid ""
 "Example: (|(fqdn={subject_dns_name})(host={subject_dns_name.short_name}))"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:512
+#: sss-certmap.5.xml:514
 msgid "{subject_uri}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:515
+#: sss-certmap.5.xml:517
 msgid ""
 "This template will add the string which is stored in the "
 "uniformResourceIdentifier component of the SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:519
+#: sss-certmap.5.xml:521
 msgid "Example: (uri={subject_uri})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:524
+#: sss-certmap.5.xml:526
 msgid "{subject_ip_address}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:527
+#: sss-certmap.5.xml:529
 msgid ""
 "This template will add the string which is stored in the iPAddress component "
 "of the SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:531
+#: sss-certmap.5.xml:533
 msgid "Example: (ip={subject_ip_address})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:536
+#: sss-certmap.5.xml:538
 msgid "{subject_x400_address}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:539
+#: sss-certmap.5.xml:541
 msgid ""
 "This template will add the value which is stored in the x400Address "
 "component of the SAN as escaped hex sequence."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:544
+#: sss-certmap.5.xml:546
 msgid "Example: (attr:binary={subject_x400_address})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:549
+#: sss-certmap.5.xml:551
 msgid ""
 "{subject_directory_name[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:552
+#: sss-certmap.5.xml:554
 msgid ""
 "This template will add the DN string of the value which is stored in the "
 "directoryName component of the SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:556
+#: sss-certmap.5.xml:558
 msgid "Example: (orig_dn={subject_directory_name})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:561
+#: sss-certmap.5.xml:563
 msgid "{subject_ediparty_name}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:564
+#: sss-certmap.5.xml:566
 msgid ""
 "This template will add the value which is stored in the ediPartyName "
 "component of the SAN as escaped hex sequence."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:569
+#: sss-certmap.5.xml:571
 msgid "Example: (attr:binary={subject_ediparty_name})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:574
+#: sss-certmap.5.xml:576
 msgid "{subject_registered_id}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:577
+#: sss-certmap.5.xml:579
 msgid ""
 "This template will add the OID which is stored in the registeredID component "
 "of the SAN as a dotted-decimal string."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:582
+#: sss-certmap.5.xml:584
 msgid "Example: (oid={subject_registered_id})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:367
+#: sss-certmap.5.xml:369
 msgid ""
 "The templates to add certificate data to the search filter are based on "
 "Python-style formatting strings. They consist of a keyword in curly braces "
@@ -8170,12 +8224,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sss-certmap.5.xml:590
+#: sss-certmap.5.xml:592
 msgid "DOMAIN LIST"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:592
+#: sss-certmap.5.xml:594
 msgid ""
 "If the domain list is not empty users mapped to a given certificate are not "
 "only searched in the local domain but in the listed domains as well as long "
@@ -8296,7 +8350,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:863
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:866
 msgid "dyndns_update (boolean)"
 msgstr ""
 
@@ -8311,7 +8365,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:140 sssd-ad.5.xml:877
+#: sssd-ipa.5.xml:140 sssd-ad.5.xml:880
 msgid ""
 "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
 "the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -8326,12 +8380,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:157 sssd-ad.5.xml:888
+#: sssd-ipa.5.xml:157 sssd-ad.5.xml:891
 msgid "dyndns_ttl (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:160 sssd-ad.5.xml:891
+#: sssd-ipa.5.xml:160 sssd-ad.5.xml:894
 msgid ""
 "The TTL to apply to the client DNS record when updating it.  If "
 "dyndns_update is false this has no effect. This will override the TTL "
@@ -8352,12 +8406,12 @@ msgid "Default: 1200 (seconds)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:177 sssd-ad.5.xml:902
+#: sssd-ipa.5.xml:177 sssd-ad.5.xml:905
 msgid "dyndns_iface (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:180 sssd-ad.5.xml:905
+#: sssd-ipa.5.xml:180 sssd-ad.5.xml:908
 msgid ""
 "Optional. Applicable only when dyndns_update is true. Choose the interface "
 "or a list of interfaces whose IP addresses should be used for dynamic DNS "
@@ -8381,17 +8435,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:197 sssd-ad.5.xml:916
+#: sssd-ipa.5.xml:197 sssd-ad.5.xml:919
 msgid "Example: dyndns_iface = em1, vnet1, vnet2"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:203 sssd-ad.5.xml:967
+#: sssd-ipa.5.xml:203 sssd-ad.5.xml:970
 msgid "dyndns_auth (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:206 sssd-ad.5.xml:970
+#: sssd-ipa.5.xml:206 sssd-ad.5.xml:973
 msgid ""
 "Whether the nsupdate utility should use GSS-TSIG authentication for secure "
 "updates with the DNS server, insecure updates can be sent by setting this "
@@ -8399,7 +8453,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:212 sssd-ad.5.xml:976
+#: sssd-ipa.5.xml:212 sssd-ad.5.xml:979
 msgid "Default: GSS-TSIG"
 msgstr ""
 
@@ -8409,7 +8463,7 @@ msgid "ipa_enable_dns_sites (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:221 sssd-ad.5.xml:210
+#: sssd-ipa.5.xml:221 sssd-ad.5.xml:213
 msgid "Enables DNS sites - location based service discovery."
 msgstr ""
 
@@ -8426,7 +8480,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:244 sssd-ad.5.xml:922
+#: sssd-ipa.5.xml:244 sssd-ad.5.xml:925
 msgid "dyndns_refresh_interval (integer)"
 msgstr ""
 
@@ -8439,12 +8493,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:940
+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:943
 msgid "dyndns_update_ptr (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:263 sssd-ad.5.xml:943
+#: sssd-ipa.5.xml:263 sssd-ad.5.xml:946
 msgid ""
 "Whether the PTR record should also be explicitly updated when updating the "
 "client's DNS records.  Applicable only when dyndns_update is true."
@@ -8463,50 +8517,50 @@ msgid "Default: False (disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:280 sssd-ad.5.xml:954
+#: sssd-ipa.5.xml:280 sssd-ad.5.xml:957
 msgid "dyndns_force_tcp (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:283 sssd-ad.5.xml:957
+#: sssd-ipa.5.xml:283 sssd-ad.5.xml:960
 msgid ""
 "Whether the nsupdate utility should default to using TCP for communicating "
 "with the DNS server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:287 sssd-ad.5.xml:961
+#: sssd-ipa.5.xml:287 sssd-ad.5.xml:964
 msgid "Default: False (let nsupdate choose the protocol)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:293 sssd-ad.5.xml:982
+#: sssd-ipa.5.xml:293 sssd-ad.5.xml:985
 msgid "dyndns_server (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:296 sssd-ad.5.xml:985
+#: sssd-ipa.5.xml:296 sssd-ad.5.xml:988
 msgid ""
 "The DNS server to use when performing a DNS update. In most setups, it's "
 "recommended to leave this option unset."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:301 sssd-ad.5.xml:990
+#: sssd-ipa.5.xml:301 sssd-ad.5.xml:993
 msgid ""
 "Setting this option makes sense for environments where the DNS server is "
 "different from the identity server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:306 sssd-ad.5.xml:995
+#: sssd-ipa.5.xml:306 sssd-ad.5.xml:998
 msgid ""
 "Please note that this option will be only used in fallback attempt when "
 "previous attempt using autodetected settings failed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1000
+#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1003
 msgid "Default: None (let nsupdate choose the server)"
 msgstr ""
 
@@ -8617,26 +8671,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:443 sssd-ad.5.xml:1009
+#: sssd-ipa.5.xml:443 sssd-ad.5.xml:1012
 msgid "krb5_confd_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:446 sssd-ad.5.xml:1012
+#: sssd-ipa.5.xml:446 sssd-ad.5.xml:1015
 msgid ""
 "Absolute path of a directory where SSSD should place Kerberos configuration "
 "snippets."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:450 sssd-ad.5.xml:1016
+#: sssd-ipa.5.xml:450 sssd-ad.5.xml:1019
 msgid ""
 "To disable the creation of the configuration snippets set the parameter to "
 "'none'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454 sssd-ad.5.xml:1020
+#: sssd-ipa.5.xml:454 sssd-ad.5.xml:1023
 msgid ""
 "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
 msgstr ""
@@ -8655,7 +8709,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471 sssd-ipa.5.xml:501 sssd-ipa.5.xml:517 sssd-ad.5.xml:428
+#: sssd-ipa.5.xml:471 sssd-ipa.5.xml:501 sssd-ipa.5.xml:517 sssd-ad.5.xml:431
 msgid "Default: 5 (seconds)"
 msgstr ""
 
@@ -9075,11 +9129,13 @@ msgid ""
 "POSIX attributes are not replicated to the Global Catalog, SSSD must search "
 "all the domains in the forest sequentially. Please note that the "
 "<quote>cache_first</quote> option might be also helpful in speeding up "
-"domainless searches."
+"domainless searches.  Note that if only a subset of POSIX attributes is "
+"present in the Global Catalog, the non-replicated attributes are currently "
+"not read from the LDAP port."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:105
+#: sssd-ad.5.xml:108
 msgid ""
 "Users, groups and other entities served by SSSD are always treated as case-"
 "insensitive in the AD provider for compatibility with Active Directory's "
@@ -9087,38 +9143,38 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:120
+#: sssd-ad.5.xml:123
 msgid "ad_domain (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:123
+#: sssd-ad.5.xml:126
 msgid ""
 "Specifies the name of the Active Directory domain.  This is optional. If not "
 "provided, the configuration domain name is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:128
+#: sssd-ad.5.xml:131
 msgid ""
 "For proper operation, this option should be specified as the lower-case "
 "version of the long version of the Active Directory domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:133
+#: sssd-ad.5.xml:136
 msgid ""
 "The short domain name (also known as the NetBIOS or the flat name) is "
 "autodetected by the SSSD."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:140
+#: sssd-ad.5.xml:143
 msgid "ad_enabled_domains (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:143
+#: sssd-ad.5.xml:146
 msgid ""
 "A comma-separated list of enabled Active Directory domains.  If provided, "
 "SSSD will ignore any domains not listed in this option. If left unset, all "
@@ -9126,7 +9182,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:153
+#: sssd-ad.5.xml:156
 #, no-wrap
 msgid ""
 "ad_enabled_domains = sales.example.com, eng.example.com\n"
@@ -9134,7 +9190,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:149
+#: sssd-ad.5.xml:152
 msgid ""
 "For proper operation, this option must be specified in all lower-case and as "
 "the fully qualified domain name of the Active Directory domain. For example: "
@@ -9142,19 +9198,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:157
+#: sssd-ad.5.xml:160
 msgid ""
 "The short domain name (also known as the NetBIOS or the flat name) will be "
 "autodetected by SSSD."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:167
+#: sssd-ad.5.xml:170
 msgid "ad_server, ad_backup_server (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:170
+#: sssd-ad.5.xml:173
 msgid ""
 "The comma-separated list of hostnames of the AD servers to which SSSD should "
 "connect in order of preference. For more information on failover and server "
@@ -9162,26 +9218,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:177
+#: sssd-ad.5.xml:180
 msgid ""
 "This is optional if autodiscovery is enabled.  For more information on "
 "service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:182
+#: sssd-ad.5.xml:185
 msgid ""
 "Note: Trusted domains will always auto-discover servers even if the primary "
 "server is explicitly defined in the ad_server option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:190
+#: sssd-ad.5.xml:193
 msgid "ad_hostname (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:193
+#: sssd-ad.5.xml:196
 msgid ""
 "Optional. May be set on machines where the hostname(5) does not reflect the "
 "fully qualified name used in the Active Directory domain to identify this "
@@ -9189,19 +9245,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:199
+#: sssd-ad.5.xml:202
 msgid ""
 "This field is used to determine the host principal in use in the keytab. It "
 "must match the hostname for which the keytab was issued."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:207
+#: sssd-ad.5.xml:210
 msgid "ad_enable_dns_sites (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:214
+#: sssd-ad.5.xml:217
 msgid ""
 "If true and service discovery (see Service Discovery paragraph at the bottom "
 "of the man page)  is enabled, the SSSD will first attempt to discover the "
@@ -9212,12 +9268,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:230
+#: sssd-ad.5.xml:233
 msgid "ad_access_filter (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:233
+#: sssd-ad.5.xml:236
 msgid ""
 "This option specifies LDAP access control filter that the user must match in "
 "order to be allowed access. Please note that the <quote>access_provider</"
@@ -9226,7 +9282,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:241
+#: sssd-ad.5.xml:244
 msgid ""
 "The option also supports specifying different filters per domain or forest. "
 "This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>.  "
@@ -9235,7 +9291,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:249
+#: sssd-ad.5.xml:252
 msgid ""
 "If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</"
 "quote> specifies the domain or subdomain the filter applies to.  If the "
@@ -9244,14 +9300,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:257
+#: sssd-ad.5.xml:260
 msgid ""
 "Multiple filters can be separated with the <quote>?</quote> character, "
 "similarly to how search bases work."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:262
+#: sssd-ad.5.xml:265
 msgid ""
 "Nested group membership must be searched for using a special OID "
 "<quote>:1.2.840.113556.1.4.1941:</quote> in addition to the full DOM:domain."
@@ -9264,7 +9320,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:275
+#: sssd-ad.5.xml:278
 msgid ""
 "The most specific match is always used. For example, if the option specified "
 "filter for a domain the user is a member of and a global filter, the per-"
@@ -9273,7 +9329,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ad.5.xml:286
+#: sssd-ad.5.xml:289
 #, no-wrap
 msgid ""
 "# apply filter on domain called dom1 only:\n"
@@ -9291,24 +9347,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:305
+#: sssd-ad.5.xml:308
 msgid "ad_site (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:308
+#: sssd-ad.5.xml:311
 msgid ""
 "Specify AD site to which client should try to connect.  If this option is "
 "not provided, the AD site will be auto-discovered."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:319
+#: sssd-ad.5.xml:322
 msgid "ad_enable_gc (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:322
+#: sssd-ad.5.xml:325
 msgid ""
 "By default, the SSSD connects to the Global Catalog first to retrieve users "
 "from trusted domains and uses the LDAP port to retrieve group memberships or "
@@ -9317,7 +9373,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:330
+#: sssd-ad.5.xml:333
 msgid ""
 "Please note that disabling Global Catalog support does not disable "
 "retrieving users from trusted domains. The SSSD would connect to the LDAP "
@@ -9326,12 +9382,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:344
+#: sssd-ad.5.xml:347
 msgid "ad_gpo_access_control (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:347
+#: sssd-ad.5.xml:350
 msgid ""
 "This option specifies the operation mode for GPO-based access control "
 "functionality: whether it operates in disabled mode, enforcing mode, or "
@@ -9341,14 +9397,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:356
+#: sssd-ad.5.xml:359
 msgid ""
 "GPO-based access control functionality uses GPO policy settings to determine "
 "whether or not a particular user is allowed to logon to a particular host."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:362
+#: sssd-ad.5.xml:365
 msgid ""
 "NOTE: The current version of SSSD does not support host (computer) entries "
 "in the GPO 'Security Filtering' list. Only user and group entries are "
@@ -9356,7 +9412,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:369
+#: sssd-ad.5.xml:372
 msgid ""
 "NOTE: If the operation mode is set to enforcing, it is possible that users "
 "that were previously allowed logon access will now be denied logon access "
@@ -9369,23 +9425,23 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:382
+#: sssd-ad.5.xml:385
 msgid "There are three supported values for this option:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:386
+#: sssd-ad.5.xml:389
 msgid ""
 "disabled: GPO-based access control rules are neither evaluated nor enforced."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:392
+#: sssd-ad.5.xml:395
 msgid "enforcing: GPO-based access control rules are evaluated and enforced."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:398
+#: sssd-ad.5.xml:401
 msgid ""
 "permissive: GPO-based access control rules are evaluated, but not enforced.  "
 "Instead, a syslog message will be emitted indicating that the user would "
@@ -9393,22 +9449,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:409
+#: sssd-ad.5.xml:412
 msgid "Default: permissive"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:412
+#: sssd-ad.5.xml:415
 msgid "Default: enforcing"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:418
+#: sssd-ad.5.xml:421
 msgid "ad_gpo_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:421
+#: sssd-ad.5.xml:424
 msgid ""
 "The amount of time between lookups of GPO policy files against the AD "
 "server. This will reduce the latency and load on the AD server if there are "
@@ -9416,12 +9472,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:434
+#: sssd-ad.5.xml:437
 msgid "ad_gpo_map_interactive (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:437
+#: sssd-ad.5.xml:440
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the InteractiveLogonRight and "
@@ -9429,14 +9485,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:443
+#: sssd-ad.5.xml:446
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Allow "
 "log on locally\" and \"Deny log on locally\"."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:457
+#: sssd-ad.5.xml:460
 #, no-wrap
 msgid ""
 "ad_gpo_map_interactive = +my_pam_service, -login\n"
@@ -9444,7 +9500,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:448
+#: sssd-ad.5.xml:451
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -9456,78 +9512,78 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:461 sssd-ad.5.xml:557 sssd-ad.5.xml:603 sssd-ad.5.xml:648
-#: sssd-ad.5.xml:714
+#: sssd-ad.5.xml:464 sssd-ad.5.xml:560 sssd-ad.5.xml:606 sssd-ad.5.xml:651
+#: sssd-ad.5.xml:717
 msgid "Default: the default set of PAM service names includes:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:465
+#: sssd-ad.5.xml:468
 msgid "login"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:470
+#: sssd-ad.5.xml:473
 msgid "su"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:475
+#: sssd-ad.5.xml:478
 msgid "su-l"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:480
+#: sssd-ad.5.xml:483
 msgid "gdm-fingerprint"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:485
+#: sssd-ad.5.xml:488
 msgid "gdm-password"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:490
+#: sssd-ad.5.xml:493
 msgid "gdm-smartcard"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:495
+#: sssd-ad.5.xml:498
 msgid "kdm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:500
+#: sssd-ad.5.xml:503
 msgid "lightdm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:505
+#: sssd-ad.5.xml:508
 msgid "lxdm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:510
+#: sssd-ad.5.xml:513
 msgid "sddm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:515
+#: sssd-ad.5.xml:518
 msgid "unity"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:520
+#: sssd-ad.5.xml:523
 msgid "xdm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:529
+#: sssd-ad.5.xml:532
 msgid "ad_gpo_map_remote_interactive (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:532
+#: sssd-ad.5.xml:535
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the RemoteInteractiveLogonRight and "
@@ -9535,7 +9591,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:538
+#: sssd-ad.5.xml:541
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Allow "
 "log on through Remote Desktop Services\" and \"Deny log on through Remote "
@@ -9543,7 +9599,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:553
+#: sssd-ad.5.xml:556
 #, no-wrap
 msgid ""
 "ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n"
@@ -9551,7 +9607,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:544
+#: sssd-ad.5.xml:547
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -9563,22 +9619,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:561
+#: sssd-ad.5.xml:564
 msgid "sshd"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:566
+#: sssd-ad.5.xml:569
 msgid "cockpit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:575
+#: sssd-ad.5.xml:578
 msgid "ad_gpo_map_network (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:578
+#: sssd-ad.5.xml:581
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the NetworkLogonRight and "
@@ -9586,7 +9642,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:584
+#: sssd-ad.5.xml:587
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Access "
 "this computer from the network\" and \"Deny access to this computer from the "
@@ -9594,7 +9650,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:599
+#: sssd-ad.5.xml:602
 #, no-wrap
 msgid ""
 "ad_gpo_map_network = +my_pam_service, -ftp\n"
@@ -9602,7 +9658,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:590
+#: sssd-ad.5.xml:593
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -9614,22 +9670,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:607
+#: sssd-ad.5.xml:610
 msgid "ftp"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:612
+#: sssd-ad.5.xml:615
 msgid "samba"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:621
+#: sssd-ad.5.xml:624
 msgid "ad_gpo_map_batch (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:624
+#: sssd-ad.5.xml:627
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the BatchLogonRight and DenyBatchLogonRight "
@@ -9637,14 +9693,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:630
+#: sssd-ad.5.xml:633
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Allow "
 "log on as a batch job\" and \"Deny log on as a batch job\"."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:644
+#: sssd-ad.5.xml:647
 #, no-wrap
 msgid ""
 "ad_gpo_map_batch = +my_pam_service, -crond\n"
@@ -9652,7 +9708,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:635
+#: sssd-ad.5.xml:638
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -9664,17 +9720,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:652
+#: sssd-ad.5.xml:655
 msgid "crond"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:661
+#: sssd-ad.5.xml:664
 msgid "ad_gpo_map_service (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:664
+#: sssd-ad.5.xml:667
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the ServiceLogonRight and "
@@ -9682,14 +9738,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:670
+#: sssd-ad.5.xml:673
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Allow "
 "log on as a service\" and \"Deny log on as a service\"."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:683
+#: sssd-ad.5.xml:686
 #, no-wrap
 msgid ""
 "ad_gpo_map_service = +my_pam_service\n"
@@ -9697,7 +9753,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:675 sssd-ad.5.xml:750
+#: sssd-ad.5.xml:678 sssd-ad.5.xml:753
 msgid ""
 "It is possible to add a PAM service name to the default set by using <quote>"
 "+service_name</quote>.  Since the default set is empty, it is not possible "
@@ -9708,19 +9764,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:693
+#: sssd-ad.5.xml:696
 msgid "ad_gpo_map_permit (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:696
+#: sssd-ad.5.xml:699
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access is "
 "always granted, regardless of any GPO Logon Rights."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:710
+#: sssd-ad.5.xml:713
 #, no-wrap
 msgid ""
 "ad_gpo_map_permit = +my_pam_service, -sudo\n"
@@ -9728,7 +9784,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:701
+#: sssd-ad.5.xml:704
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -9740,39 +9796,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:718
+#: sssd-ad.5.xml:721
 msgid "polkit-1"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:723
+#: sssd-ad.5.xml:726
 msgid "sudo"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:728
+#: sssd-ad.5.xml:731
 msgid "sudo-i"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:733
+#: sssd-ad.5.xml:736
 msgid "systemd-user"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:742
+#: sssd-ad.5.xml:745
 msgid "ad_gpo_map_deny (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:745
+#: sssd-ad.5.xml:748
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access is "
 "always denied, regardless of any GPO Logon Rights."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:758
+#: sssd-ad.5.xml:761
 #, no-wrap
 msgid ""
 "ad_gpo_map_deny = +my_pam_service\n"
@@ -9780,12 +9836,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:768
+#: sssd-ad.5.xml:771
 msgid "ad_gpo_default_right (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:771
+#: sssd-ad.5.xml:774
 msgid ""
 "This option defines how access control is evaluated for PAM service names "
 "that are not explicitly listed in one of the ad_gpo_map_* options. This "
@@ -9798,57 +9854,57 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:784
+#: sssd-ad.5.xml:787
 msgid "Supported values for this option include:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:788
+#: sssd-ad.5.xml:791
 msgid "interactive"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:793
+#: sssd-ad.5.xml:796
 msgid "remote_interactive"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:798
+#: sssd-ad.5.xml:801
 msgid "network"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:803
+#: sssd-ad.5.xml:806
 msgid "batch"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:808
+#: sssd-ad.5.xml:811
 msgid "service"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:813
+#: sssd-ad.5.xml:816
 msgid "permit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:818
+#: sssd-ad.5.xml:821
 msgid "deny"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:824
+#: sssd-ad.5.xml:827
 msgid "Default: deny"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:830
+#: sssd-ad.5.xml:833
 msgid "ad_maximum_machine_account_password_age (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:833
+#: sssd-ad.5.xml:836
 msgid ""
 "SSSD will check once a day if the machine account password is older than the "
 "given age in days and try to renew it. A value of 0 will disable the renewal "
@@ -9856,17 +9912,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:839
+#: sssd-ad.5.xml:842
 msgid "Default: 30 days"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:845
+#: sssd-ad.5.xml:848
 msgid "ad_machine_account_password_renewal_opts (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:848
+#: sssd-ad.5.xml:851
 msgid ""
 "This option should only be used to test the machine account renewal task. "
 "The option expects 2 integers separated by a colon (':'). The first integer "
@@ -9876,12 +9932,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:857
+#: sssd-ad.5.xml:860
 msgid "Default: 86400:750 (24h and 15m)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:866
+#: sssd-ad.5.xml:869
 msgid ""
 "Optional. This option tells SSSD to automatically update the Active "
 "Directory DNS server with the IP address of this client. The update is "
@@ -9892,19 +9948,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:896
+#: sssd-ad.5.xml:899
 msgid "Default: 3600 (seconds)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:912
+#: sssd-ad.5.xml:915
 msgid ""
 "Default: Use the IP addresses of the interface which is used for AD LDAP "
 "connection"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:925
+#: sssd-ad.5.xml:928
 msgid ""
 "How often should the back end perform periodic DNS update in addition to the "
 "automatic update performed when the back end goes online.  This option is "
@@ -9914,12 +9970,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:948 sss_rpcidmapd.5.xml:76
+#: sssd-ad.5.xml:951 sss_rpcidmapd.5.xml:76
 msgid "Default: True"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:1040
+#: sssd-ad.5.xml:1043
 msgid ""
 "The following example assumes that SSSD is correctly configured and example."
 "com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -9927,7 +9983,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:1047
+#: sssd-ad.5.xml:1050
 #, no-wrap
 msgid ""
 "[domain/EXAMPLE]\n"
@@ -9942,7 +9998,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:1067
+#: sssd-ad.5.xml:1070
 #, no-wrap
 msgid ""
 "access_provider = ldap\n"
@@ -9951,7 +10007,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:1063
+#: sssd-ad.5.xml:1066
 msgid ""
 "The AD access control provider checks if the account is expired.  It has the "
 "same effect as the following configuration of the LDAP provider: "
@@ -9959,7 +10015,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:1073
+#: sssd-ad.5.xml:1076
 msgid ""
 "However, unless the <quote>ad</quote> access control provider is explicitly "
 "configured, the default access provider is <quote>permit</quote>. Please "
@@ -9969,15 +10025,15 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:1081
+#: sssd-ad.5.xml:1084
 msgid ""
 "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
 "attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
 "are included in the default Active Directory schema."
 msgstr ""
 
-#. type: Content of: <reference><refentry><refmeta><refentrytitle>
-#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 sssd-session-recording.5.xml:10
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16
 msgid "sssd-sudo"
 msgstr ""
 
@@ -10486,7 +10542,7 @@ msgid "The password to obfuscate will be read from standard input."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:70
+#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:127
 #: sss_ssh_knownhostsproxy.1.xml:78
 msgid ""
 "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
@@ -12508,19 +12564,99 @@ msgid ""
 "\" id=\"0\"/>"
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sss_ssh_authorizedkeys.1.xml:65
+msgid "KEYS FROM CERTIFICATES"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:67
+msgid ""
+"In addition to the public SSH keys for user <replaceable>USER</replaceable> "
+"<command>sss_ssh_authorizedkeys</command> can return public SSH keys derived "
+"from the public key of a X.509 certificate as well."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:73
+msgid ""
+"To enable this the <quote>ssh_use_certificate_keys</quote> option must be "
+"set to true (default) in the [ssh] section of <filename>sssd.conf</"
+"filename>. If the user entry contains certificates (see "
+"<quote>ldap_user_certificate</quote> in <citerefentry><refentrytitle>sssd-"
+"ldap</refentrytitle> <manvolnum>5</manvolnum></citerefentry> for details) or "
+"there is a certificate in an override entry for the user (see "
+"<citerefentry><refentrytitle>sss_override</refentrytitle> <manvolnum>8</"
+"manvolnum></citerefentry> or <citerefentry><refentrytitle>sssd-ipa</"
+"refentrytitle> <manvolnum>5</manvolnum></citerefentry> for details) and the "
+"certificate is valid SSSD will extract the public key from the certificate "
+"and convert it into the format expected by sshd."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:90
+msgid "Besides <quote>ssh_use_certificate_keys</quote> the options"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+#: sss_ssh_authorizedkeys.1.xml:92
+msgid "ca_db"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+#: sss_ssh_authorizedkeys.1.xml:93
+msgid "p11_child_timeout"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+#: sss_ssh_authorizedkeys.1.xml:94
+msgid "certificate_verification"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:96
+msgid ""
+"can be used to control how the certificates are validated (see "
+"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry> for details)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:101
+msgid ""
+"The validation is the benefit of using X.509 certificates instead of SSH "
+"keys directly because e.g. it gives a better control of the lifetime of the "
+"keys. When the ssh client is configured to use the private keys from a "
+"Smartcard with the help of a PKCS#11 shared library (see "
+"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></"
+"citerefentry> for details) it might be irritating that authentication is "
+"still working even if the related X.509 certificate on the Smartcard is "
+"already expired because neither <command>ssh</command> nor <command>sshd</"
+"command> will look at the certificate at all."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:114
+msgid ""
+"It has to be noted that the derived public SSH key can still be added to the "
+"<filename>authorized_keys</filename> file of the user to bypass the "
+"certificate validation if the <command>sshd</command> configuration permits "
+"this."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_authorizedkeys.1.xml:75
+#: sss_ssh_authorizedkeys.1.xml:132
 msgid ""
 "Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_authorizedkeys.1.xml:84 sss_ssh_knownhostsproxy.1.xml:92
+#: sss_ssh_authorizedkeys.1.xml:141 sss_ssh_knownhostsproxy.1.xml:92
 msgid "EXIT STATUS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:86 sss_ssh_knownhostsproxy.1.xml:94
+#: sss_ssh_authorizedkeys.1.xml:143 sss_ssh_knownhostsproxy.1.xml:94
 msgid ""
 "In case of success, an exit value of 0 is returned. Otherwise, 1 is returned."
 msgstr ""
@@ -12721,25 +12857,61 @@ msgid ""
 "manvolnum> </citerefentry>."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-files.5.xml:69
+msgid "passwd_files (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:72
+msgid ""
+"Comma-separated list of one or multiple password filenames to be read and "
+"enumerated by the files provider, inotify monitor watches will be set on "
+"each file to detect changes dynamically."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:78
+msgid "Default: /etc/passwd"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-files.5.xml:84
+msgid "group_files (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:87
+msgid ""
+"Comma-separated list of one or multiple group filenames to be read and "
+"enumerated by the files provider, inotify monitor watches will be set on "
+"each file to detect changes dynamically."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:93
+msgid "Default: /etc/group"
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-files.5.xml:59
 msgid ""
-"The files provider has no specific options of its own, however, generic SSSD "
-"domain options can be set where applicable.  Refer to the section "
-"<quote>DOMAIN SECTIONS</quote> of the <citerefentry> <refentrytitle>sssd."
-"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page "
-"for details on the configuration of an SSSD domain."
+"In addition to the options listed below, generic SSSD domain options can be "
+"set where applicable.  Refer to the section <quote>DOMAIN SECTIONS</quote> "
+"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> manual page for details on the configuration of "
+"an SSSD domain.  <placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-files.5.xml:73
+#: sssd-files.5.xml:105
 msgid ""
 "The following example assumes that SSSD is correctly configured and files is "
 "one of the domains in the <replaceable>[sssd]</replaceable> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-files.5.xml:79
+#: sssd-files.5.xml:111
 #, no-wrap
 msgid ""
 "[domain/files]\n"
@@ -13508,7 +13680,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-session-recording.5.xml:16
+#: sssd-session-recording.5.xml:10 sssd-session-recording.5.xml:16
 msgid "sssd-session-recording"
 msgstr ""
 
@@ -14359,7 +14531,7 @@ msgstr ""
 #: include/failover.xml:100
 msgid ""
 "For LDAP-based providers, the resolve operation is performed as part of an "
-"LDAP connection operation. Thefore, also the <quote>ldap_opt_timeout></"
+"LDAP connection operation. Therefore, also the <quote>ldap_opt_timeout></"
 "quote> timeout should be set to a larger value than "
 "<quote>dns_resolver_timeout</quote> which in turn should be set to a larger "
 "value than <quote>dns_resolver_op_timeout</quote>."
@@ -15197,6 +15369,23 @@ msgstr ""
 msgid "ldap_use_tokengroups = true"
 msgstr ""
 
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ad_modified_defaults.xml:63
+msgid "ldap_sasl_authid = sAMAccountName@REALM (typically SHORTNAME$@REALM)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ad_modified_defaults.xml:66
+msgid ""
+"The AD provider looks for a different principal than the LDAP provider by "
+"default, because in an Active Directory environment the principals are "
+"divided into two groups - User Principals and Service Principals. Only User "
+"Principal can be used to obtain a TGT and by default, computer object's "
+"principal is constructed from its sAMAccountName and the AD realm. The well-"
+"known host/hostname@REALM principal is a Service Principal and thus cannot "
+"be used to get a TGT with."
+msgstr ""
+
 #. type: Content of: <refsect1><para>
 #: include/ipa_modified_defaults.xml:4
 msgid ""
diff --git a/src/man/po/de.po b/src/man/po/de.po
index 3d1d87a..9b41d8b 100644
--- a/src/man/po/de.po
+++ b/src/man/po/de.po
@@ -8,10 +8,10 @@
 # Mario Blättermann <mario.blaettermann@gmail.com>, 2014
 msgid ""
 msgstr ""
-"Project-Id-Version: sssd-docs 1.15.3\n"
+"Project-Id-Version: sssd-docs 1.16.1\n"
 "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2018-03-09 12:30+0100\n"
-"PO-Revision-Date: 2014-12-14 11:53-0500\n"
+"POT-Creation-Date: 2018-06-08 21:00+0200\n"
+"PO-Revision-Date: 2014-12-14 11:53+0000\n"
 "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
 "Language-Team: German (http://www.transifex.com/projects/p/sssd/language/"
 "de/)\n"
@@ -20,7 +20,7 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
-"X-Generator: Zanata 3.9.6\n"
+"X-Generator: Zanata 4.4.5\n"
 
 #. type: Content of: <reference><title>
 #: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
@@ -96,7 +96,7 @@ msgstr ""
 #: sss_groupmod.8.xml:39 pam_sss.8.xml:64 sssd.8.xml:42 sss_obfuscate.8.xml:58
 #: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
 #: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
-#: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:66
+#: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:123
 #: sss_ssh_knownhostsproxy.1.xml:62
 msgid "OPTIONS"
 msgstr "OPTIONEN"
@@ -208,8 +208,12 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd.conf.5.xml:41
+#, fuzzy
+#| msgid ""
+#| "A line comment starts with a hash sign (<quote>#</quote>) or a semicolon "
+#| "(<quote>;</quote>).  Inline comments are not supported."
 msgid ""
-"A line comment starts with a hash sign (<quote>#</quote>) or a semicolon "
+"A comment line starts with a hash sign (<quote>#</quote>) or a semicolon "
 "(<quote>;</quote>).  Inline comments are not supported."
 msgstr ""
 "Eine Kommentarzeile beginnt mit einem Rautenzeichen (»#«) oder einem "
@@ -324,11 +328,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:133 sssd.conf.5.xml:543 sssd.conf.5.xml:837
-#: sssd.conf.5.xml:1474 sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1937
-#: sssd-ldap.5.xml:1999 sssd-ldap.5.xml:2565 sssd-ldap.5.xml:2630
-#: sssd-ldap.5.xml:2648 sssd-ad.5.xml:224 sssd-ad.5.xml:338 sssd-ad.5.xml:882
-#: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
+#: sssd.conf.5.xml:133 sssd.conf.5.xml:543 sssd.conf.5.xml:839
+#: sssd.conf.5.xml:1491 sssd.conf.5.xml:1521 sssd-ldap.5.xml:1840
+#: sssd-ldap.5.xml:1937 sssd-ldap.5.xml:1999 sssd-ldap.5.xml:2565
+#: sssd-ldap.5.xml:2630 sssd-ldap.5.xml:2648 sssd-ad.5.xml:227
+#: sssd-ad.5.xml:341 sssd-ad.5.xml:885 sssd-krb5.5.xml:499
+#: sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
 msgid "Default: true"
 msgstr "Voreinstellung: »true«"
 
@@ -345,8 +350,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:146 sssd.conf.5.xml:540 sssd.conf.5.xml:721
-#: sssd.conf.5.xml:1407 sssd.conf.5.xml:2925 sssd-ldap.5.xml:708
+#: sssd.conf.5.xml:146 sssd.conf.5.xml:540 sssd.conf.5.xml:722
+#: sssd.conf.5.xml:1424 sssd.conf.5.xml:2983 sssd-ldap.5.xml:708
 #: sssd-ldap.5.xml:1714 sssd-ldap.5.xml:1733 sssd-ldap.5.xml:1909
 #: sssd-ldap.5.xml:2335 sssd-ipa.5.xml:151 sssd-ipa.5.xml:238
 #: sssd-ipa.5.xml:559 sssd-krb5.5.xml:266 sssd-krb5.5.xml:300
@@ -380,7 +385,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:169 sssd.conf.5.xml:1359 sssd.conf.5.xml:2941
+#: sssd.conf.5.xml:169 sssd.conf.5.xml:1376 sssd.conf.5.xml:2999
 #: sssd-ldap.5.xml:1585 include/ldap_id_mapping.xml:264
 msgid "Default: 10"
 msgstr "Voreinstellung: 10"
@@ -396,7 +401,7 @@ msgid "The [sssd] section"
 msgstr "Der Abschnitt [sssd]"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:191 sssd.conf.5.xml:3030
+#: sssd.conf.5.xml:191 sssd.conf.5.xml:3088
 msgid "Section parameters"
 msgstr "Abschnittsparameter"
 
@@ -450,12 +455,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231 sssd.conf.5.xml:613
+#: sssd.conf.5.xml:231 sssd.conf.5.xml:614
 msgid "reconnection_retries (integer)"
 msgstr "reconnection_retries (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:234 sssd.conf.5.xml:616
+#: sssd.conf.5.xml:234 sssd.conf.5.xml:617
 msgid ""
 "Number of times services should attempt to reconnect in the event of a Data "
 "Provider crash or restart before they give up"
@@ -465,7 +470,7 @@ msgstr ""
 "startet."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:239 sssd.conf.5.xml:621
+#: sssd.conf.5.xml:239 sssd.conf.5.xml:622
 msgid "Default: 3"
 msgstr "Voreinstellung: 3"
 
@@ -485,7 +490,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:259 sssd.conf.5.xml:2539
+#: sssd.conf.5.xml:259 sssd.conf.5.xml:2597
 msgid "re_expression (string)"
 msgstr "re_expression (Zeichenkette)"
 
@@ -508,12 +513,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:276 sssd.conf.5.xml:2590
+#: sssd.conf.5.xml:276 sssd.conf.5.xml:2648
 msgid "full_name_format (string)"
 msgstr "full_name_format (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:279 sssd.conf.5.xml:2593
+#: sssd.conf.5.xml:279 sssd.conf.5.xml:2651
 msgid ""
 "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
 "manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -525,32 +530,32 @@ msgstr ""
 "zusammengestellt wird."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:290 sssd.conf.5.xml:2604
+#: sssd.conf.5.xml:290 sssd.conf.5.xml:2662
 msgid "%1$s"
 msgstr "%1$s"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:291 sssd.conf.5.xml:2605
+#: sssd.conf.5.xml:291 sssd.conf.5.xml:2663
 msgid "user name"
 msgstr "Benutzername"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:294 sssd.conf.5.xml:2608
+#: sssd.conf.5.xml:294 sssd.conf.5.xml:2666
 msgid "%2$s"
 msgstr "%2$s"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:297 sssd.conf.5.xml:2611
+#: sssd.conf.5.xml:297 sssd.conf.5.xml:2669
 msgid "domain name as specified in the SSSD config file."
 msgstr "Domain-Name, wie er durch die SSSD-Konfigurationsdatei angegeben wird"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:303 sssd.conf.5.xml:2617
+#: sssd.conf.5.xml:303 sssd.conf.5.xml:2675
 msgid "%3$s"
 msgstr "%3$s"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:306 sssd.conf.5.xml:2620
+#: sssd.conf.5.xml:306 sssd.conf.5.xml:2678
 msgid ""
 "domain flat name. Mostly usable for Active Directory domains, both directly "
 "configured or discovered via IPA trusts."
@@ -559,7 +564,7 @@ msgstr ""
 "direkt konfiguriert als auch über IPA-Trust"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:287 sssd.conf.5.xml:2601
+#: sssd.conf.5.xml:287 sssd.conf.5.xml:2659
 msgid ""
 "The following expansions are supported: <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
@@ -713,9 +718,9 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:418 sssd.conf.5.xml:1163 sssd-ldap.5.xml:679
+#: sssd.conf.5.xml:418 sssd.conf.5.xml:1165 sssd-ldap.5.xml:679
 #: sssd-ldap.5.xml:1319 sssd-ldap.5.xml:1673 sssd-ldap.5.xml:1685
-#: sssd-ldap.5.xml:1767 sssd-ad.5.xml:687 sssd-ad.5.xml:762 sssd.8.xml:126
+#: sssd-ldap.5.xml:1767 sssd-ad.5.xml:690 sssd-ad.5.xml:765 sssd.8.xml:126
 #: sssd-krb5.5.xml:410 sssd-krb5.5.xml:556 sssd-secrets.5.xml:339
 #: sssd-secrets.5.xml:377 sssd-secrets.5.xml:390 sssd-secrets.5.xml:404
 #: sssd-secrets.5.xml:415 include/ldap_id_mapping.xml:205
@@ -893,21 +898,22 @@ msgstr ""
 #: sssd.conf.5.xml:563
 msgid ""
 "Please, note that when this option is set the output format of all commands "
-"is always fully-qualified even when using short names for input.  In case "
-"the administrator wants the output not fully-qualified, the full_name_format "
-"option can be used as shown below: <quote>full_name_format=%1$s</quote> "
-"However, keep in mind that during login, login applications often "
-"canonicalize the username by calling <citerefentry> <refentrytitle>getpwnam</"
-"refentrytitle> <manvolnum>3</manvolnum> </citerefentry> which, if a "
-"shortname is returned for a qualified input (while trying to reach a user "
-"which exists in multiple domains) might re-route the login attempt into the "
-"domain which users shortnames, making this workaround totally not "
-"recommended in cases where usernames may overlap between domains."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587 sssd.conf.5.xml:1371 sssd.conf.5.xml:2991
-#: sssd-ad.5.xml:161 sssd-ad.5.xml:299 sssd-ad.5.xml:313
+"is always fully-qualified even when using short names for input, for all "
+"users but the ones managed by the files provider.  In case the administrator "
+"wants the output not fully-qualified, the full_name_format option can be "
+"used as shown below: <quote>full_name_format=%1$s</quote> However, keep in "
+"mind that during login, login applications often canonicalize the username "
+"by calling <citerefentry> <refentrytitle>getpwnam</refentrytitle> "
+"<manvolnum>3</manvolnum> </citerefentry> which, if a shortname is returned "
+"for a qualified input (while trying to reach a user which exists in multiple "
+"domains) might re-route the login attempt into the domain which uses "
+"shortnames, making this workaround totally not recommended in cases where "
+"usernames may overlap between domains."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:588 sssd.conf.5.xml:1388 sssd.conf.5.xml:3049
+#: sssd-ad.5.xml:164 sssd-ad.5.xml:302 sssd-ad.5.xml:316
 msgid "Default: Not set"
 msgstr "Voreinstellung: Nicht gesetzt"
 
@@ -929,12 +935,12 @@ msgstr ""
 "verwendet. <placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:598
+#: sssd.conf.5.xml:599
 msgid "SERVICES SECTIONS"
 msgstr "DIENSTABSCHNITTE"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:600
+#: sssd.conf.5.xml:601
 msgid ""
 "Settings that can be used to configure different services are described in "
 "this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -947,22 +953,22 @@ msgstr ""
 "Abschnitt zum Beispiel <quote>[nss]</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:607
+#: sssd.conf.5.xml:608
 msgid "General service configuration options"
 msgstr "Allgemeine Optionen zum Konfigurieren von Diensten"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:609
+#: sssd.conf.5.xml:610
 msgid "These options can be used to configure any service."
 msgstr "Diese Optionen können zur Konfiguration jedes Dienstes benutzt werden."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:626
+#: sssd.conf.5.xml:627
 msgid "fd_limit"
 msgstr "fd_limit"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:629
+#: sssd.conf.5.xml:630
 msgid ""
 "This option specifies the maximum number of file descriptors that may be "
 "opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -978,17 +984,17 @@ msgstr ""
 "Begrenzung in der »limit.conf« sein."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:638
+#: sssd.conf.5.xml:639
 msgid "Default: 8192 (or limits.conf \"hard\" limit)"
 msgstr "Voreinstellung: 8192 (oder die »harte« Begrenzung der »limit.conf«)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:643
+#: sssd.conf.5.xml:644
 msgid "client_idle_timeout"
 msgstr "client_idle_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:646
+#: sssd.conf.5.xml:647
 msgid ""
 "This option specifies the number of seconds that a client of an SSSD process "
 "can hold onto a file descriptor without communicating on it. This value is "
@@ -998,18 +1004,18 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:655 sssd.conf.5.xml:687 sssd.conf.5.xml:968
-#: sssd.conf.5.xml:1229 sssd-ldap.5.xml:1412
+#: sssd.conf.5.xml:656 sssd.conf.5.xml:688 sssd.conf.5.xml:970
+#: sssd.conf.5.xml:1231 sssd-ldap.5.xml:1412
 msgid "Default: 60"
 msgstr "Voreinstellung: 60"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:660
+#: sssd.conf.5.xml:661
 msgid "offline_timeout (integer)"
 msgstr "offline_timeout (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:663
+#: sssd.conf.5.xml:664
 msgid ""
 "When SSSD switches to offline mode the amount of time before it tries to go "
 "back online will increase based upon the time spent disconnected.  This "
@@ -1017,24 +1023,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:670
+#: sssd.conf.5.xml:671
 msgid "offline_timeout + random_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:673
+#: sssd.conf.5.xml:674
 msgid ""
 "The random offset can increment up to 30 seconds.  After each unsuccessful "
 "attempt to go online, the new interval is recalculated by the following:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:678
+#: sssd.conf.5.xml:679
 msgid "new_interval = old_interval*2 + random_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:681
+#: sssd.conf.5.xml:682
 msgid ""
 "Note that the maximum length of each interval is currently limited to one "
 "hour. If the calculated length of new_interval is greater than an hour, it "
@@ -1042,12 +1048,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:692
+#: sssd.conf.5.xml:693
 msgid "responder_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:695
+#: sssd.conf.5.xml:696
 msgid ""
 "This option specifies the number of seconds that an SSSD responder process "
 "can be up without being used. This value is limited in order to avoid "
@@ -1059,30 +1065,30 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:709 sssd.conf.5.xml:981 sssd.conf.5.xml:1566
+#: sssd.conf.5.xml:710 sssd.conf.5.xml:983 sssd.conf.5.xml:1616
 #: sssd-ldap.5.xml:722
 msgid "Default: 300"
 msgstr "Voreinstellung: 300"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:714
+#: sssd.conf.5.xml:715
 msgid "cache_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:717
+#: sssd.conf.5.xml:718
 msgid ""
 "This option specifies whether the responder should query all caches before "
 "querying the Data Providers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:729
+#: sssd.conf.5.xml:730
 msgid "NSS configuration options"
 msgstr "NSS-Konfigurationsoptionen"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:731
+#: sssd.conf.5.xml:732
 msgid ""
 "These options can be used to configure the Name Service Switch (NSS) service."
 msgstr ""
@@ -1090,12 +1096,12 @@ msgstr ""
 "benutzt werden"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:736
+#: sssd.conf.5.xml:737
 msgid "enum_cache_timeout (integer)"
 msgstr "enum_cache_timeout (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:739
+#: sssd.conf.5.xml:740
 msgid ""
 "How many seconds should nss_sss cache enumerations (requests for info about "
 "all users)"
@@ -1104,17 +1110,17 @@ msgstr ""
 "über alle Nutzer) zwischenspeichern?"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:743
+#: sssd.conf.5.xml:744
 msgid "Default: 120"
 msgstr "Voreinstellung: 120"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:748
+#: sssd.conf.5.xml:749
 msgid "entry_cache_nowait_percentage (integer)"
 msgstr "entry_cache_nowait_percentage (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:751
+#: sssd.conf.5.xml:752
 msgid ""
 "The entry cache can be set to automatically update entries in the background "
 "if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -1126,7 +1132,7 @@ msgstr ""
 "werden."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:757
+#: sssd.conf.5.xml:758
 msgid ""
 "For example, if the domain's entry_cache_timeout is set to 30s and "
 "entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -1143,7 +1149,7 @@ msgstr ""
 "Zwischenspeicheraktualisierung zu warten."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:767
+#: sssd.conf.5.xml:768
 msgid ""
 "Valid values for this option are 0-99 and represent a percentage of the "
 "entry_cache_timeout for each domain. For performance reasons, this "
@@ -1156,17 +1162,17 @@ msgstr ""
 "Sekunden senken. (0 schaltet diese Funktionalität aus.)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:775 sssd.conf.5.xml:1428
+#: sssd.conf.5.xml:776 sssd.conf.5.xml:1445
 msgid "Default: 50"
 msgstr "Voreinstellung: 50"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:780
+#: sssd.conf.5.xml:781
 msgid "entry_negative_timeout (integer)"
 msgstr "entry_negative_timeout (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:784
 msgid ""
 "Specifies for how many seconds nss_sss should cache negative cache hits "
 "(that is, queries for invalid database entries, like nonexistent ones)  "
@@ -1178,34 +1184,37 @@ msgstr ""
 "Backend erneut gefragt wird)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:789 sssd.conf.5.xml:1452
+#: sssd.conf.5.xml:790 sssd.conf.5.xml:1469
 msgid "Default: 15"
 msgstr "Voreinstellung: 15"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:794
+#: sssd.conf.5.xml:795
 msgid "local_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:797
+#: sssd.conf.5.xml:798
 msgid ""
 "Specifies for how many seconds nss_sss should keep local users and groups in "
-"negative cache before trying to look it up in the back end again."
+"negative cache before trying to look it up in the back end again. Setting "
+"the option to 0 disables this feature."
 msgstr ""
 
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:802 sssd.conf.5.xml:1217 sssd.conf.5.xml:2846 sssd.8.xml:79
-msgid "Default: 0"
-msgstr "Voreinstellung: 0"
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:804
+#, fuzzy
+#| msgid "Default: 86400 (24 hours)"
+msgid "Default: 14400 (4 hours)"
+msgstr "Voreinstellung: 86400 (24 Stunden)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:807
+#: sssd.conf.5.xml:809
 msgid "filter_users, filter_groups (string)"
 msgstr "filter_users, filter_groups (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:810
+#: sssd.conf.5.xml:812
 msgid ""
 "Exclude certain users or groups from being fetched from the sss NSS "
 "database. This is particularly useful for system accounts. This option can "
@@ -1214,7 +1223,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:817
+#: sssd.conf.5.xml:819
 msgid ""
 "NOTE: The filter_groups option doesn't affect inheritance of nested group "
 "members, since filtering happens after they are propagated for returning via "
@@ -1223,17 +1232,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:825
+#: sssd.conf.5.xml:827
 msgid "Default: root"
 msgstr "Voreinstellung: root"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:830
+#: sssd.conf.5.xml:832
 msgid "filter_users_in_groups (bool)"
 msgstr "filter_users_in_groups (Boolesch)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:833
+#: sssd.conf.5.xml:835
 msgid ""
 "If you want filtered user still be group members set this option to false."
 msgstr ""
@@ -1241,12 +1250,12 @@ msgstr ""
 "setzen Sie diese Option auf »false«."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:844
+#: sssd.conf.5.xml:846
 msgid "fallback_homedir (string)"
 msgstr "fallback_homedir (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:849
 msgid ""
 "Set a default template for a user's home directory if one is not specified "
 "explicitly by the domain's data provider."
@@ -1255,7 +1264,7 @@ msgstr ""
 "es nicht explizit durch den Datenanbieter der Domain angegeben wurde."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:852
+#: sssd.conf.5.xml:854
 msgid ""
 "The available values for this option are the same as for override_homedir."
 msgstr ""
@@ -1263,7 +1272,7 @@ msgstr ""
 "»override_homedir«."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:858
+#: sssd.conf.5.xml:860
 #, no-wrap
 msgid ""
 "fallback_homedir = /home/%u\n"
@@ -1273,25 +1282,25 @@ msgstr ""
 "                            "
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:856 sssd.conf.5.xml:1296 sssd.conf.5.xml:1315
+#: sssd.conf.5.xml:858 sssd.conf.5.xml:1298 sssd.conf.5.xml:1317
 #: sssd-krb5.5.xml:539 include/override_homedir.xml:59
 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr "Beispiel: <placeholder type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:862
+#: sssd.conf.5.xml:864
 msgid "Default: not set (no substitution for unset home directories)"
 msgstr ""
 "Voreinstellung: nicht gesetzt (kein Ersetzen nicht gesetzter Home-"
 "Verzeichnisse)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:870
 msgid "override_shell (string)"
 msgstr "override_shell (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:873
 msgid ""
 "Override the login shell for all users. This option supersedes any other "
 "shell options if it takes effect and can be set either in the [nss] section "
@@ -1302,19 +1311,19 @@ msgstr ""
 "entweder im Abschnitt [nss] oder für jede Domain gesetzt werden."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:877
+#: sssd.conf.5.xml:879
 msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
 msgstr ""
 "Voreinstellung: nicht gesetzt (SSSD wird den von LDAP erhaltenen Wert "
 "benutzen)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:883
+#: sssd.conf.5.xml:885
 msgid "allowed_shells (string)"
 msgstr "allowed_shells (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:886
+#: sssd.conf.5.xml:888
 msgid ""
 "Restrict user shell to one of the listed values. The order of evaluation is:"
 msgstr ""
@@ -1322,12 +1331,12 @@ msgstr ""
 "Reihenfolge der Auswertung ist:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:889
+#: sssd.conf.5.xml:891
 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
 msgstr "1. Falls die Shell in »/etc/shells« vorhanden ist, wird sie benutzt."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:895
 msgid ""
 "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
 "quote>, use the value of the shell_fallback parameter."
@@ -1336,7 +1345,7 @@ msgstr ""
 "shells« steht, wird der Wert des Parameters »shell_fallback« verwendet."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:898
+#: sssd.conf.5.xml:900
 msgid ""
 "3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
 "shells</quote>, a nologin shell is used."
@@ -1345,12 +1354,12 @@ msgstr ""
 "steht, wird eine Nicht-Login-Shell benutzt."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:903
+#: sssd.conf.5.xml:905
 msgid "The wildcard (*) can be used to allow any shell."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:906
+#: sssd.conf.5.xml:908
 msgid ""
 "The (*) is useful if you want to use shell_fallback in case that user's "
 "shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -1358,13 +1367,13 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:913
+#: sssd.conf.5.xml:915
 msgid "An empty string for shell is passed as-is to libc."
 msgstr ""
 "Eine leere Zeichenkette als Shell wird, so wie sie ist, an Libc übergeben."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:918
 msgid ""
 "The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
 "that a restart of the SSSD is required in case a new shell is installed."
@@ -1373,28 +1382,28 @@ msgstr ""
 "Fall einer neu installierten Shell ein Neustart von SSSD nötig ist."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:920
+#: sssd.conf.5.xml:922
 msgid "Default: Not set. The user shell is automatically used."
 msgstr ""
 "Voreinstellung: nicht gesetzt. Die Benutzer-Shell wird automatisch verwendet."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:925
+#: sssd.conf.5.xml:927
 msgid "vetoed_shells (string)"
 msgstr "vetoed_shells (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:928
+#: sssd.conf.5.xml:930
 msgid "Replace any instance of these shells with the shell_fallback"
 msgstr "ersetzt jedwede Instanz dieser Shells durch die aus »shell_fallback«."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:933
+#: sssd.conf.5.xml:935
 msgid "shell_fallback (string)"
 msgstr "shell_fallback (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:936
+#: sssd.conf.5.xml:938
 msgid ""
 "The default shell to use if an allowed shell is not installed on the machine."
 msgstr ""
@@ -1402,17 +1411,17 @@ msgstr ""
 "auf dem Rechner installiert ist."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
+#: sssd.conf.5.xml:942
 msgid "Default: /bin/sh"
 msgstr "Voreinstellung: /bin/sh"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:945
+#: sssd.conf.5.xml:947
 msgid "default_shell"
 msgstr "default_shell"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:950
 msgid ""
 "The default shell to use if the provider does not return one during lookup. "
 "This option can be specified globally in the [nss] section or per-domain."
@@ -1422,7 +1431,7 @@ msgstr ""
 "jede Domain gesetzt werden."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:956
 msgid ""
 "Default: not set (Return NULL if no shell is specified and rely on libc to "
 "substitute something sensible when necessary, usually /bin/sh)"
@@ -1432,12 +1441,12 @@ msgstr ""
 "Vernünftiges, üblicherweise /bin/sh, ersetzt.)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:961 sssd.conf.5.xml:1222
+#: sssd.conf.5.xml:963 sssd.conf.5.xml:1224
 msgid "get_domains_timeout (int)"
 msgstr "get_domains_timeout (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:964 sssd.conf.5.xml:1225
+#: sssd.conf.5.xml:966 sssd.conf.5.xml:1227
 msgid ""
 "Specifies time in seconds for which the list of subdomains will be "
 "considered valid."
@@ -1446,38 +1455,38 @@ msgstr ""
 "gültig erachtet wird."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:973
+#: sssd.conf.5.xml:975
 msgid "memcache_timeout (int)"
 msgstr "memcache_timeout (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:976
+#: sssd.conf.5.xml:978
 msgid ""
 "Specifies time in seconds for which records in the in-memory cache will be "
 "valid. Setting this option to zero will disable the in-memory cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:984
+#: sssd.conf.5.xml:986
 msgid ""
 "WARNING: Disabling the in-memory cache will have significant negative impact "
 "on SSSD's performance and should only be used for testing."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:990
+#: sssd.conf.5.xml:992
 msgid ""
 "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
 "client applications will not use the fast in-memory cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:998 sssd-ifp.5.xml:74
+#: sssd.conf.5.xml:1000 sssd-ifp.5.xml:74
 msgid "user_attributes (string)"
 msgstr "user_attributes (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1001
+#: sssd.conf.5.xml:1003
 msgid ""
 "Some of the additional NSS responder requests can return more attributes "
 "than just the POSIX ones defined by the NSS interface. The list of "
@@ -1488,48 +1497,48 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1014
+#: sssd.conf.5.xml:1016
 msgid ""
 "To make configuration more easy the NSS responder will check the InfoPipe "
 "option if it is not set for the NSS responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1019
+#: sssd.conf.5.xml:1021
 msgid "Default: not set, fallback to InfoPipe option"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1026
 msgid "pwfield (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1029
 msgid ""
 "The value that NSS operations that return users or groups will return for "
 "the <quote>password</quote> field."
 msgstr ""
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:1032 include/override_homedir.xml:56
+#: sssd.conf.5.xml:1034 include/override_homedir.xml:56
 msgid "This option can also be set per-domain."
 msgstr "Diese Option kann auch pro Domain gesetzt werden."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1035
+#: sssd.conf.5.xml:1037
 msgid ""
 "Default: <quote>*</quote> (remote domains)  or <quote>x</quote> (the files "
 "domain)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1043
+#: sssd.conf.5.xml:1045
 msgid "PAM configuration options"
 msgstr "PAM-Konfigurationsoptionen"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1047
 msgid ""
 "These options can be used to configure the Pluggable Authentication Module "
 "(PAM) service."
@@ -1538,12 +1547,12 @@ msgstr ""
 "Authentication Module« (PAM) einzurichten."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1050
+#: sssd.conf.5.xml:1052
 msgid "offline_credentials_expiration (integer)"
 msgstr "offline_credentials_expiration (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1053
+#: sssd.conf.5.xml:1055
 msgid ""
 "If the authentication provider is offline, how long should we allow cached "
 "logins (in days since the last successful online login)."
@@ -1553,17 +1562,17 @@ msgstr ""
 "erfolgreichen Anmeldung)?"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1058 sssd.conf.5.xml:1071
+#: sssd.conf.5.xml:1060 sssd.conf.5.xml:1073
 msgid "Default: 0 (No limit)"
 msgstr "Voreinstellung: 0 (unbegrenzt)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1064
+#: sssd.conf.5.xml:1066
 msgid "offline_failed_login_attempts (integer)"
 msgstr "offline_failed_login_attempts (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1067
+#: sssd.conf.5.xml:1069
 msgid ""
 "If the authentication provider is offline, how many failed login attempts "
 "are allowed."
@@ -1572,12 +1581,12 @@ msgstr ""
 "Authentifizierungsanbieter offline ist?"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1077
+#: sssd.conf.5.xml:1079
 msgid "offline_failed_login_delay (integer)"
 msgstr "offline_failed_login_delay (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1080
+#: sssd.conf.5.xml:1082
 msgid ""
 "The time in minutes which has to pass after offline_failed_login_attempts "
 "has been reached before a new login attempt is possible."
@@ -1587,7 +1596,7 @@ msgstr ""
 "Anmeldeversuch möglich ist."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1085
+#: sssd.conf.5.xml:1087
 msgid ""
 "If set to 0 the user cannot authenticate offline if "
 "offline_failed_login_attempts has been reached. Only a successful online "
@@ -1599,17 +1608,17 @@ msgstr ""
 "Authentifizierung reaktivieren."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1091 sssd.conf.5.xml:1189
+#: sssd.conf.5.xml:1093 sssd.conf.5.xml:1191
 msgid "Default: 5"
 msgstr "Voreinstellung: 5"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1097
+#: sssd.conf.5.xml:1099
 msgid "pam_verbosity (integer)"
 msgstr "pam_verbosity (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1100
+#: sssd.conf.5.xml:1102
 msgid ""
 "Controls what kind of messages are shown to the user during authentication. "
 "The higher the number to more messages are displayed."
@@ -1618,43 +1627,43 @@ msgstr ""
 "angezeigt werden. Je höher die Zahl, desto mehr Nachrichten werden angezeigt."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1105
+#: sssd.conf.5.xml:1107
 msgid "Currently sssd supports the following values:"
 msgstr "Derzeit unterstützt SSSD folgende Werte:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1108
+#: sssd.conf.5.xml:1110
 msgid "<emphasis>0</emphasis>: do not show any message"
 msgstr "<emphasis>0</emphasis>: keine Nachricht anzeigen"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1111
+#: sssd.conf.5.xml:1113
 msgid "<emphasis>1</emphasis>: show only important messages"
 msgstr "<emphasis>1</emphasis>: nur wichtige Nachrichten anzeigen"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1115
+#: sssd.conf.5.xml:1117
 msgid "<emphasis>2</emphasis>: show informational messages"
 msgstr "<emphasis>2</emphasis>: nur informative Nachrichten anzeigen"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1118
+#: sssd.conf.5.xml:1120
 msgid "<emphasis>3</emphasis>: show all messages and debug information"
 msgstr ""
 "<emphasis>3</emphasis>: alle Nachrichten und Debug-Informationen anzeigen"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1122 sssd.8.xml:63
+#: sssd.conf.5.xml:1124 sssd.8.xml:63
 msgid "Default: 1"
 msgstr "Voreinstellung: 1"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1128
+#: sssd.conf.5.xml:1130
 msgid "pam_response_filter (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1131
+#: sssd.conf.5.xml:1133
 msgid ""
 "A comma separated list of strings which allows to remove (filter) data sent "
 "by the PAM responder to pam_sss PAM module. There are different kind of "
@@ -1663,61 +1672,61 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1139
+#: sssd.conf.5.xml:1141
 msgid ""
 "While messages already can be controlled with the help of the pam_verbosity "
 "option this option allows to filter out other kind of responses as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1148
 msgid "ENV"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1147
+#: sssd.conf.5.xml:1149
 msgid "Do not send any environment variables to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1150
+#: sssd.conf.5.xml:1152
 msgid "ENV:var_name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1151
+#: sssd.conf.5.xml:1153
 msgid "Do not send environment variable var_name to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1155
+#: sssd.conf.5.xml:1157
 msgid "ENV:var_name:service"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1156
+#: sssd.conf.5.xml:1158
 msgid "Do not send environment variable var_name to service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1144
+#: sssd.conf.5.xml:1146
 msgid ""
 "Currently the following filters are supported: <placeholder type="
 "\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1166
+#: sssd.conf.5.xml:1168
 msgid "Example: ENV:KRB5CCNAME:sudo-i"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1174
 msgid "pam_id_timeout (integer)"
 msgstr "pam_id_timeout (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1175
+#: sssd.conf.5.xml:1177
 msgid ""
 "For any PAM request while SSSD is online, the SSSD will attempt to "
 "immediately update the cached identity information for the user in order to "
@@ -1729,7 +1738,7 @@ msgstr ""
 "den neusten Informationen erfolgt."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1181
+#: sssd.conf.5.xml:1183
 msgid ""
 "A complete PAM conversation may perform multiple PAM requests, such as "
 "account management and session opening. This option controls (on a per-"
@@ -1743,17 +1752,17 @@ msgstr ""
 "viele Abfragen der Identitätsanbieter zu vermeiden."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1195
+#: sssd.conf.5.xml:1197
 msgid "pam_pwd_expiration_warning (integer)"
 msgstr "pam_pwd_expiration_warning (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1198 sssd.conf.5.xml:2028
+#: sssd.conf.5.xml:1200 sssd.conf.5.xml:2078
 msgid "Display a warning N days before the password expires."
 msgstr "zeigt N Tage vor Ablauf des Passworts eine Warnung an."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1201
+#: sssd.conf.5.xml:1203
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -1764,7 +1773,7 @@ msgstr ""
 "SSSD keine Warnung anzeigen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1207 sssd.conf.5.xml:2031
+#: sssd.conf.5.xml:1209 sssd.conf.5.xml:2081
 msgid ""
 "If zero is set, then this filter is not applied, i.e. if the expiration "
 "warning was received from backend server, it will automatically be displayed."
@@ -1774,7 +1783,7 @@ msgstr ""
 "automatisch angezeigt."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1212
+#: sssd.conf.5.xml:1214
 msgid ""
 "This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
 "emphasis> for a particular domain."
@@ -1782,13 +1791,18 @@ msgstr ""
 "Diese Einstellung kann durch Setzen von <emphasis>pwd_expiration_warning</"
 "emphasis> für eine bestimmte Domain außer Kraft gesetzt werden."
 
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1219 sssd.conf.5.xml:2904 sssd.8.xml:79
+msgid "Default: 0"
+msgstr "Voreinstellung: 0"
+
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1234
+#: sssd.conf.5.xml:1236
 msgid "pam_trusted_users (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1237
+#: sssd.conf.5.xml:1239
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to run PAM conversations against trusted domains.  Users not "
@@ -1798,74 +1812,74 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1247
+#: sssd.conf.5.xml:1249
 msgid "Default: All users are considered trusted by default"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1251
+#: sssd.conf.5.xml:1253
 msgid ""
 "Please note that UID 0 is always allowed to access the PAM responder even in "
 "case it is not in the pam_trusted_users list."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1258
+#: sssd.conf.5.xml:1260
 msgid "pam_public_domains (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1261
+#: sssd.conf.5.xml:1263
 msgid ""
 "Specifies the comma-separated list of domain names that are accessible even "
 "to untrusted users."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1265
+#: sssd.conf.5.xml:1267
 msgid "Two special values for pam_public_domains option are defined:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1269
+#: sssd.conf.5.xml:1271
 msgid ""
 "all (Untrusted users are allowed to access all domains in PAM responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1273
+#: sssd.conf.5.xml:1275
 msgid ""
 "none (Untrusted users are not allowed to access any domains PAM in "
 "responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1277 sssd.conf.5.xml:1302 sssd.conf.5.xml:1321
-#: sssd.conf.5.xml:1825 sssd.conf.5.xml:2782 sssd-ldap.5.xml:1968
+#: sssd.conf.5.xml:1279 sssd.conf.5.xml:1304 sssd.conf.5.xml:1323
+#: sssd.conf.5.xml:1875 sssd.conf.5.xml:2840 sssd-ldap.5.xml:1968
 msgid "Default: none"
 msgstr "Voreinstellung: none"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1282
+#: sssd.conf.5.xml:1284
 msgid "pam_account_expired_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1285
+#: sssd.conf.5.xml:1287
 msgid ""
 "Allows a custom expiration message to be set, replacing the default "
 "'Permission denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1290
+#: sssd.conf.5.xml:1292
 msgid ""
 "Note: Please be aware that message is only printed for the SSH service "
 "unless pam_verbosity is set to 3 (show all messages and debug information)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1298
+#: sssd.conf.5.xml:1300
 #, no-wrap
 msgid ""
 "pam_account_expired_message = Account expired, please contact help desk.\n"
@@ -1873,19 +1887,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1307
+#: sssd.conf.5.xml:1309
 msgid "pam_account_locked_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1310
+#: sssd.conf.5.xml:1312
 msgid ""
 "Allows a custom lockout message to be set, replacing the default 'Permission "
 "denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1317
+#: sssd.conf.5.xml:1319
 #, no-wrap
 msgid ""
 "pam_account_locked_message = Account locked, please contact help desk.\n"
@@ -1893,12 +1907,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1326
+#: sssd.conf.5.xml:1328
 msgid "pam_cert_auth (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1329
+#: sssd.conf.5.xml:1331
 msgid ""
 "Enable certificate based Smartcard authentication.  Since this requires "
 "additional communication with the Smartcard which will delay the "
@@ -1906,58 +1920,82 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1335 sssd.conf.5.xml:2875 sssd-ldap.5.xml:1087
+#: sssd.conf.5.xml:1337 sssd.conf.5.xml:2933 sssd-ldap.5.xml:1087
 #: sssd-ldap.5.xml:1114 sssd-ldap.5.xml:1514 sssd-ldap.5.xml:1535
 #: sssd-ldap.5.xml:2041 include/ldap_id_mapping.xml:244
 msgid "Default: False"
 msgstr "Voreinstellung: False"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1340
+#: sssd.conf.5.xml:1342
 msgid "pam_cert_db_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1343
+#: sssd.conf.5.xml:1345
 msgid ""
 "The path to the certificate database which contain the PKCS#11 modules to "
 "access the Smartcard."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1347
-msgid "Default: /etc/pki/nssdb (NSS version)"
+#: sssd.conf.5.xml:1349 sssd.conf.5.xml:1534
+#, fuzzy
+#| msgid "Default: 3"
+msgid "Default:"
+msgstr "Voreinstellung: 3"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:1351 sssd.conf.5.xml:1536
+msgid "/etc/pki/nssdb (NSS version, path to a NSS database)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:1354 sssd.conf.5.xml:1539
+msgid ""
+"/etc/sssd/pki/sssd_auth_ca_db.pem (OpenSSL version, path to a file with "
+"trusted CA certificates in PEM format)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1361 sssd.conf.5.xml:1546
+msgid "This man page was generated for the NSS version."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1364 sssd.conf.5.xml:1549
+msgid "This man page was generated for the OpenSSL version."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1352
+#: sssd.conf.5.xml:1369
 msgid "p11_child_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1355
+#: sssd.conf.5.xml:1372
 msgid "How many seconds will pam_sss wait for p11_child to finish."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1364
+#: sssd.conf.5.xml:1381
 msgid "pam_app_services (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1367
+#: sssd.conf.5.xml:1384
 msgid ""
 "Which PAM services are permitted to contact domains of type "
 "<quote>application</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1380
+#: sssd.conf.5.xml:1397
 msgid "SUDO configuration options"
 msgstr "Sudo-Konfigurationsoptionen"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1382
+#: sssd.conf.5.xml:1399
 msgid ""
 "These options can be used to configure the sudo service.  The detailed "
 "instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -1975,12 +2013,12 @@ msgstr ""
 "manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1399
+#: sssd.conf.5.xml:1416
 msgid "sudo_timed (bool)"
 msgstr "sudo_timed (Boolesch)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1402
+#: sssd.conf.5.xml:1419
 msgid ""
 "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
 "that implement time-dependent sudoers entries."
@@ -1990,14 +2028,12 @@ msgstr ""
 "nicht."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1414
-#, fuzzy
-#| msgid "ldap_deref_threshold (integer)"
+#: sssd.conf.5.xml:1431
 msgid "sudo_threshold (integer)"
-msgstr "ldap_deref_threshold (Ganzzahl)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1417
+#: sssd.conf.5.xml:1434
 msgid ""
 "Maximum number of expired rules that can be refreshed at once. If number of "
 "expired rules is below threshold, those rules are refreshed with "
@@ -2007,23 +2043,23 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1436
+#: sssd.conf.5.xml:1453
 msgid "AUTOFS configuration options"
 msgstr "AUTOFS-Konfigurationsoptionen"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1438
+#: sssd.conf.5.xml:1455
 msgid "These options can be used to configure the autofs service."
 msgstr ""
 "Diese Optionen können zum Konfigurieren des Dienstes »autofs« benutzt werden."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1442
+#: sssd.conf.5.xml:1459
 msgid "autofs_negative_timeout (integer)"
 msgstr "autofs_negative_timeout (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1445
+#: sssd.conf.5.xml:1462
 msgid ""
 "Specifies for how many seconds should the autofs responder negative cache "
 "hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -2034,23 +2070,23 @@ msgstr ""
 "nicht existierende), bevor das Backend erneut befragt wird."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1461
+#: sssd.conf.5.xml:1478
 msgid "SSH configuration options"
 msgstr "SSH-Konfigurationsoptionen"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1463
+#: sssd.conf.5.xml:1480
 msgid "These options can be used to configure the SSH service."
 msgstr ""
 "Diese Optionen können zum Konfigurieren des SSH-Dienstes benutzt werden."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1467
+#: sssd.conf.5.xml:1484
 msgid "ssh_hash_known_hosts (bool)"
 msgstr "ssh_hash_known_hosts (Boolesch)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1470
+#: sssd.conf.5.xml:1487
 msgid ""
 "Whether or not to hash host names and addresses in the managed known_hosts "
 "file."
@@ -2059,12 +2095,12 @@ msgstr ""
 "»known_hosts« zusammengemischt werden oder nicht."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1479
+#: sssd.conf.5.xml:1496
 msgid "ssh_known_hosts_timeout (integer)"
 msgstr "ssh_known_hosts_timeout (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1482
+#: sssd.conf.5.xml:1499
 msgid ""
 "How many seconds to keep a host in the managed known_hosts file after its "
 "host keys were requested."
@@ -2073,34 +2109,53 @@ msgstr ""
 "»known_hosts« behalten wird, bevor seine Rechnerschlüssel abgefragt werden."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1486
+#: sssd.conf.5.xml:1503
 msgid "Default: 180"
 msgstr "Voreinstellung: 180"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1491
-msgid "ca_db (string)"
+#: sssd.conf.5.xml:1508
+msgid "ssh_use_certificate_keys (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1494
+#: sssd.conf.5.xml:1511
+#, fuzzy
+#| msgid ""
+#| "The skeleton directory, which contains files and directories to be copied "
+#| "in the user's home directory, when the home directory is created by "
+#| "<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</"
+#| "manvolnum> </citerefentry>"
 msgid ""
-"Path to a storage of trusted CA certificates. The option is used to validate "
-"user certificates before deriving public ssh keys from them."
+"If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh "
+"keys derived from the public key of X.509 certificates stored in the user "
+"entry as well. See <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</"
+"refentrytitle> <manvolnum>1</manvolnum> </citerefentry> for details."
+msgstr ""
+"die Verzeichnisvorlage, die Dateien und Verzeichnisse enthält, die in das "
+"Home-Verzeichnis des Benutzers kopiert werden, wenn das Home-Verzeichnis "
+"durch <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry> erstellt wird"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1526
+msgid "ca_db (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1499
-msgid "Default: /etc/pki/nssdb"
+#: sssd.conf.5.xml:1529
+msgid ""
+"Path to a storage of trusted CA certificates. The option is used to validate "
+"user certificates before deriving public ssh keys from them."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1507
+#: sssd.conf.5.xml:1557
 msgid "PAC responder configuration options"
 msgstr "PAC-Responder-Konfigurationsoptionen"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1509
+#: sssd.conf.5.xml:1559
 msgid ""
 "The PAC responder works together with the authorization data plugin for MIT "
 "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -2111,7 +2166,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1518
+#: sssd.conf.5.xml:1568
 msgid ""
 "If the remote user does not exist in the cache, it is created. The UID is "
 "determined with the help of the SID, trusted domains will have UPGs and the "
@@ -2122,7 +2177,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1526
+#: sssd.conf.5.xml:1576
 msgid ""
 "If there are SIDs of groups from domains sssd knows about, the user will be "
 "added to those groups."
@@ -2131,18 +2186,18 @@ msgstr ""
 "diesen Gruppen hinzugefügt."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1532
+#: sssd.conf.5.xml:1582
 msgid "These options can be used to configure the PAC responder."
 msgstr ""
 "Diese Optionen können zur Konfiguration des PAC-Responders verwendet werden."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1536 sssd-ifp.5.xml:50
+#: sssd.conf.5.xml:1586 sssd-ifp.5.xml:50
 msgid "allowed_uids (string)"
 msgstr "allowed_uids (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1539
+#: sssd.conf.5.xml:1589
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -2153,14 +2208,14 @@ msgstr ""
 "beim Starten zu UIDs aufgelöst."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1545
+#: sssd.conf.5.xml:1595
 msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
 msgstr ""
 "Voreinstellung: 0 (Nur dem Benutzer Root ist der Zugriff auf den PAC-"
 "Responder gestattet.)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1549
+#: sssd.conf.5.xml:1599
 msgid ""
 "Please note that although the UID 0 is used as the default it will be "
 "overwritten with this option. If you still want to allow the root user to "
@@ -2173,34 +2228,24 @@ msgstr ""
 "der Liste der erlaubten UIDs auch die 0 hinzufügen."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1558
+#: sssd.conf.5.xml:1608
 msgid "pac_lifetime (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1561
+#: sssd.conf.5.xml:1611
 msgid ""
 "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
 "data can be used to determine the group memberships of a user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1574
-#, fuzzy
-#| msgid "PAC responder configuration options"
+#: sssd.conf.5.xml:1624
 msgid "Session recording configuration options"
-msgstr "PAC-Responder-Konfigurationsoptionen"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1576
-#, fuzzy
-#| msgid ""
-#| "This manual page describes the configuration of the AD provider for "
-#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</"
-#| "manvolnum> </citerefentry>.  For a detailed syntax reference, refer to "
-#| "the <quote>FILE FORMAT</quote> section of the <citerefentry> "
-#| "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-#| "citerefentry> manual page."
+#: sssd.conf.5.xml:1626
 msgid ""
 "Session recording works in conjunction with <citerefentry> "
 "<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </"
@@ -2208,98 +2253,68 @@ msgid ""
 "they log in on a text terminal.  See also <citerefentry> <refentrytitle>sssd-"
 "session-recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
 msgstr ""
-"Diese Handbuchseite beschreibt die Konfiguration des AD-Anbieters für "
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry>. Eine ausführliche Syntax-Referenz finden Sie im Abschnitt "
-"»DATEIFORMAT« der Handbuchseite <citerefentry> <refentrytitle>sssd.conf</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1589
-#, fuzzy
-#| msgid "These options can be used to configure any service."
+#: sssd.conf.5.xml:1639
 msgid "These options can be used to configure session recording."
-msgstr "Diese Optionen können zur Konfiguration jedes Dienstes benutzt werden."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1593 sssd-session-recording.5.xml:64
-#, fuzzy
-#| msgid "sudo_provider (string)"
+#: sssd.conf.5.xml:1643 sssd-session-recording.5.xml:64
 msgid "scope (string)"
-msgstr "sudo_provider (Zeichenkette)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1600 sssd-session-recording.5.xml:71
-#, fuzzy
-#| msgid "none"
+#: sssd.conf.5.xml:1650 sssd-session-recording.5.xml:71
 msgid "\"none\""
-msgstr "none"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1603 sssd-session-recording.5.xml:74
+#: sssd.conf.5.xml:1653 sssd-session-recording.5.xml:74
 msgid "No users are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1608 sssd-session-recording.5.xml:79
+#: sssd.conf.5.xml:1658 sssd-session-recording.5.xml:79
 msgid "\"some\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1611 sssd-session-recording.5.xml:82
-#, fuzzy
-#| msgid ""
-#| "Append this user to groups specified by the <replaceable>GROUPS</"
-#| "replaceable> parameter.  The <replaceable>GROUPS</replaceable> parameter "
-#| "is a comma separated list of group names."
+#: sssd.conf.5.xml:1661 sssd-session-recording.5.xml:82
 msgid ""
 "Users/groups specified by <replaceable>users</replaceable> and "
 "<replaceable>groups</replaceable> options are recorded."
 msgstr ""
-"hängt diesen Benutzer an die Gruppen an, die durch den Parameter "
-"<replaceable>GRUPPEN</replaceable> angegeben werden. Der Parameter "
-"<replaceable>GRUPPEN</replaceable> ist eine durch Kommata getrennte Liste "
-"von Gruppennamen."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1620 sssd-session-recording.5.xml:91
+#: sssd.conf.5.xml:1670 sssd-session-recording.5.xml:91
 msgid "\"all\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1623 sssd-session-recording.5.xml:94
+#: sssd.conf.5.xml:1673 sssd-session-recording.5.xml:94
 msgid "All users are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1596 sssd-session-recording.5.xml:67
-#, fuzzy
-#| msgid ""
-#| "The following expansions are supported: <placeholder type=\"variablelist"
-#| "\" id=\"0\"/>"
+#: sssd.conf.5.xml:1646 sssd-session-recording.5.xml:67
 msgid ""
 "One of the following strings specifying the scope of session recording: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
-"Die folgenden Erweiterungen werden unterstützt: <placeholder type="
-"\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1630 sssd-session-recording.5.xml:101
-#, fuzzy
-#| msgid "Default: none"
+#: sssd.conf.5.xml:1680 sssd-session-recording.5.xml:101
 msgid "Default: \"none\""
-msgstr "Voreinstellung: none"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1635 sssd-session-recording.5.xml:106
-#, fuzzy
-#| msgid "skel_dir (string)"
+#: sssd.conf.5.xml:1685 sssd-session-recording.5.xml:106
 msgid "users (string)"
-msgstr "skel_dir (Zeichenkette)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1638 sssd-session-recording.5.xml:109
+#: sssd.conf.5.xml:1688 sssd-session-recording.5.xml:109
 msgid ""
 "A comma-separated list of users which should have session recording enabled. "
 "Matches user names as returned by NSS. I.e. after the possible space "
@@ -2307,21 +2322,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1644 sssd-session-recording.5.xml:115
-#, fuzzy
-#| msgid "Default: empty, i.e. ldap_uri is used."
+#: sssd.conf.5.xml:1694 sssd-session-recording.5.xml:115
 msgid "Default: Empty. Matches no users."
-msgstr "Voreinstellung: leer, d.h., dass »ldap_uri« benutzt wird"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1649 sssd-session-recording.5.xml:120
-#, fuzzy
-#| msgid "ldap_group_name (string)"
+#: sssd.conf.5.xml:1699 sssd-session-recording.5.xml:120
 msgid "groups (string)"
-msgstr "ldap_group_name (Zeichenkette)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1652 sssd-session-recording.5.xml:123
+#: sssd.conf.5.xml:1702 sssd-session-recording.5.xml:123
 msgid ""
 "A comma-separated list of groups, members of which should have session "
 "recording enabled. Matches group names as returned by NSS. I.e. after the "
@@ -2329,7 +2340,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1658 sssd-session-recording.5.xml:129
+#: sssd.conf.5.xml:1708 sssd-session-recording.5.xml:129
 msgid ""
 "NOTE: using this option (having it set to anything) has a considerable "
 "performance cost, because each uncached request for a user requires "
@@ -2337,22 +2348,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1665 sssd-session-recording.5.xml:136
+#: sssd.conf.5.xml:1715 sssd-session-recording.5.xml:136
 msgid "Default: Empty. Matches no groups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1675
+#: sssd.conf.5.xml:1725
 msgid "DOMAIN SECTIONS"
 msgstr "DOMAIN-ABSCHNITTE"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1682
+#: sssd.conf.5.xml:1732
 msgid "domain_type (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1685
+#: sssd.conf.5.xml:1735
 msgid ""
 "Specifies whether the domain is meant to be used by POSIX-aware clients such "
 "as the Name Service Switch or by applications that do not need POSIX data to "
@@ -2361,14 +2372,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1693
+#: sssd.conf.5.xml:1743
 msgid ""
 "Allowed values for this option are <quote>posix</quote> and "
 "<quote>application</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1697
+#: sssd.conf.5.xml:1747
 msgid ""
 "POSIX domains are reachable by all services. Application domains are only "
 "reachable from the InfoPipe responder (see <citerefentry> "
@@ -2377,31 +2388,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1705
+#: sssd.conf.5.xml:1755
 msgid ""
 "NOTE: The application domains are currently well tested with "
 "<quote>id_provider=ldap</quote> only."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1709
+#: sssd.conf.5.xml:1759
 msgid ""
 "For an easy way to configure a non-POSIX domains, please see the "
 "<quote>Application domains</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1713
+#: sssd.conf.5.xml:1763
 msgid "Default: posix"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1719
+#: sssd.conf.5.xml:1769
 msgid "min_id,max_id (integer)"
 msgstr "min_id,max_id (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1722
+#: sssd.conf.5.xml:1772
 msgid ""
 "UID and GID limits for the domain. If a domain contains an entry that is "
 "outside these limits, it is ignored."
@@ -2410,7 +2421,7 @@ msgstr ""
 "enthält, der jenseits dieser Beschränkungen liegt, wird er ignoriert."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1727
+#: sssd.conf.5.xml:1777
 msgid ""
 "For users, this affects the primary GID limit. The user will not be returned "
 "to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -2423,7 +2434,7 @@ msgstr ""
 "werden jene, die im Bereich liegen, wie erwartet gemeldet."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1734
+#: sssd.conf.5.xml:1784
 msgid ""
 "These ID limits affect even saving entries to cache, not only returning them "
 "by name or ID."
@@ -2432,17 +2443,17 @@ msgstr ""
 "den Zwischenspeicher und nicht nur ihre Rückgabe über Name oder ID."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1738
+#: sssd.conf.5.xml:1788
 msgid "Default: 1 for min_id, 0 (no limit) for max_id"
 msgstr "Voreinstellung: 1 für »min_id«, 0 (keine Beschränkung) für »max_id«"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1744
+#: sssd.conf.5.xml:1794
 msgid "enumerate (bool)"
 msgstr "enumerate (Boolesch)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1747
+#: sssd.conf.5.xml:1797
 msgid ""
 "Determines if a domain can be enumerated, that is, whether the domain can "
 "list all the users and group it contains. Note that it is not required to "
@@ -2451,38 +2462,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1755
+#: sssd.conf.5.xml:1805
 msgid "TRUE = Users and groups are enumerated"
 msgstr "TRUE = Benutzer und Gruppen werden aufgezählt."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1758
+#: sssd.conf.5.xml:1808
 msgid "FALSE = No enumerations for this domain"
 msgstr "FALSE = keine Aufzählungen für diese Domain"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1761 sssd.conf.5.xml:1983 sssd.conf.5.xml:2150
+#: sssd.conf.5.xml:1811 sssd.conf.5.xml:2033 sssd.conf.5.xml:2208
 msgid "Default: FALSE"
 msgstr "Voreinstellung: FALSE"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1764
+#: sssd.conf.5.xml:1814
 msgid ""
 "Enumerating a domain requires SSSD to download and store ALL user and group "
 "entries from the remote server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1769
-#, fuzzy
-#| msgid ""
-#| "Note: Enabling enumeration has a moderate performance impact on SSSD "
-#| "while enumeration is running. It may take up to several minutes after "
-#| "SSSD startup to fully complete enumerations.  During this time, "
-#| "individual requests for information will go directly to LDAP, though it "
-#| "may be slow, due to the heavy enumeration processing. Saving a large "
-#| "number of entries to cache after the enumeration completes might also be "
-#| "CPU intensive as the memberships have to be recomputed."
+#: sssd.conf.5.xml:1819
 msgid ""
 "Note: Enabling enumeration has a moderate performance impact on SSSD while "
 "enumeration is running. It may take up to several minutes after SSSD startup "
@@ -2494,17 +2496,9 @@ msgid ""
 "quote> process becoming unresponsive or even restarted by the internal "
 "watchdog."
 msgstr ""
-"Hinweis: Aktivieren der Aufzählung hat mäßige Auswirkungen auf die Leistung "
-"von SSSD, während die Aufzählung läuft. Das Vervollständigen der "
-"Aufzählungen kann nach dem Start von SSSD mehrere Minuten dauern. Während "
-"dieser Zeit werden individuelle Abfragen von Informationen direkt an LDAP "
-"gehen, obwohl es aufgrund des Aufzählungsprozesses möglicherweise langsam "
-"ist. Speichern einer großen Menge von Einträgen in den Zwischenspeicher, "
-"nachdem die Aufzählung vollständig ist, kann ebenfalls CPU-lastig sein, da "
-"die Mitgliedschaften neu berechnet werden müssen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1784
+#: sssd.conf.5.xml:1834
 msgid ""
 "While the first enumeration is running, requests for the complete user or "
 "group lists may return no results until it completes."
@@ -2514,7 +2508,7 @@ msgstr ""
 "Ergebnisse zurück."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1789
+#: sssd.conf.5.xml:1839
 msgid ""
 "Further, enabling enumeration may increase the time necessary to detect "
 "network disconnection, as longer timeouts are required to ensure that "
@@ -2529,7 +2523,7 @@ msgstr ""
 "benutzten »id_provider«."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1797
+#: sssd.conf.5.xml:1847
 msgid ""
 "For the reasons cited above, enabling enumeration is not recommended, "
 "especially in large environments."
@@ -2538,32 +2532,32 @@ msgstr ""
 "insbesondere in großen Umgebungen, nicht empfohlen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1805
+#: sssd.conf.5.xml:1855
 msgid "subdomain_enumerate (string)"
 msgstr "subdomain_enumerate (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1812
+#: sssd.conf.5.xml:1862
 msgid "all"
 msgstr "all"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1813
+#: sssd.conf.5.xml:1863
 msgid "All discovered trusted domains will be enumerated"
 msgstr "Alle entdeckten vertrauenswürdigen Domains werden aufgezählt."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1816
+#: sssd.conf.5.xml:1866
 msgid "none"
 msgstr "none"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1817
+#: sssd.conf.5.xml:1867
 msgid "No discovered trusted domains will be enumerated"
 msgstr "Keine der entdeckten vertrauenswürdigen Domains wird aufgezählt."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1808
+#: sssd.conf.5.xml:1858
 msgid ""
 "Whether any of autodetected trusted domains should be enumerated. The "
 "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -2577,12 +2571,12 @@ msgstr ""
 "Domains aktivieren."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1831
+#: sssd.conf.5.xml:1881
 msgid "entry_cache_timeout (integer)"
 msgstr "entry_cache_timeout (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1834
+#: sssd.conf.5.xml:1884
 msgid ""
 "How many seconds should nss_sss consider entries valid before asking the "
 "backend again"
@@ -2591,7 +2585,7 @@ msgstr ""
 "soll, bevor das Backend erneut abgefragt wird."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1838
+#: sssd.conf.5.xml:1888
 msgid ""
 "The cache expiration timestamps are stored as attributes of individual "
 "objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -2609,17 +2603,17 @@ msgstr ""
 "wurden."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1851
+#: sssd.conf.5.xml:1901
 msgid "Default: 5400"
 msgstr "Voreinstellung: 5400"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1857
+#: sssd.conf.5.xml:1907
 msgid "entry_cache_user_timeout (integer)"
 msgstr "entry_cache_user_timeout (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1860
+#: sssd.conf.5.xml:1910
 msgid ""
 "How many seconds should nss_sss consider user entries valid before asking "
 "the backend again"
@@ -2628,19 +2622,19 @@ msgstr ""
 "betrachten soll, bevor das Backend erneut abgefragt wird."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1864 sssd.conf.5.xml:1877 sssd.conf.5.xml:1890
-#: sssd.conf.5.xml:1903 sssd.conf.5.xml:1916 sssd.conf.5.xml:1930
-#: sssd.conf.5.xml:1944
+#: sssd.conf.5.xml:1914 sssd.conf.5.xml:1927 sssd.conf.5.xml:1940
+#: sssd.conf.5.xml:1953 sssd.conf.5.xml:1966 sssd.conf.5.xml:1980
+#: sssd.conf.5.xml:1994
 msgid "Default: entry_cache_timeout"
 msgstr "Voreinstellung: entry_cache_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1870
+#: sssd.conf.5.xml:1920
 msgid "entry_cache_group_timeout (integer)"
 msgstr "entry_cache_group_timeout (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1873
+#: sssd.conf.5.xml:1923
 msgid ""
 "How many seconds should nss_sss consider group entries valid before asking "
 "the backend again"
@@ -2649,12 +2643,12 @@ msgstr ""
 "betrachten soll, bevor das Backend erneut abgefragt wird."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1883
+#: sssd.conf.5.xml:1933
 msgid "entry_cache_netgroup_timeout (integer)"
 msgstr "entry_cache_netgroup_timeout (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1886
+#: sssd.conf.5.xml:1936
 msgid ""
 "How many seconds should nss_sss consider netgroup entries valid before "
 "asking the backend again"
@@ -2663,12 +2657,12 @@ msgstr ""
 "betrachten soll, bevor das Backend erneut abgefragt wird."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1896
+#: sssd.conf.5.xml:1946
 msgid "entry_cache_service_timeout (integer)"
 msgstr "entry_cache_service_timeout (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1899
+#: sssd.conf.5.xml:1949
 msgid ""
 "How many seconds should nss_sss consider service entries valid before asking "
 "the backend again"
@@ -2677,12 +2671,12 @@ msgstr ""
 "betrachten soll, bevor das Backend erneut abgefragt wird."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1909
+#: sssd.conf.5.xml:1959
 msgid "entry_cache_sudo_timeout (integer)"
 msgstr "entry_cache_sudo_timeout (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:1962
 msgid ""
 "How many seconds should sudo consider rules valid before asking the backend "
 "again"
@@ -2691,12 +2685,12 @@ msgstr ""
 "bevor das Backend erneut abgefragt wird."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1922
+#: sssd.conf.5.xml:1972
 msgid "entry_cache_autofs_timeout (integer)"
 msgstr "entry_cache_autofs_timeout (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1925
+#: sssd.conf.5.xml:1975
 msgid ""
 "How many seconds should the autofs service consider automounter maps valid "
 "before asking the backend again"
@@ -2706,24 +2700,24 @@ msgstr ""
 "wird."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1936
+#: sssd.conf.5.xml:1986
 msgid "entry_cache_ssh_host_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1939
+#: sssd.conf.5.xml:1989
 msgid ""
 "How many seconds to keep a host ssh key after refresh. IE how long to cache "
 "the host key for."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1950
+#: sssd.conf.5.xml:2000
 msgid "refresh_expired_interval (integer)"
 msgstr "refresh_expired_interval (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1953
+#: sssd.conf.5.xml:2003
 msgid ""
 "Specifies how many seconds SSSD has to wait before triggering a background "
 "refresh task which will refresh all expired or nearly expired records."
@@ -2733,49 +2727,49 @@ msgstr ""
 "abgelaufenen oder beinahe abgelaufenen Daten aktualisiert werden."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1958
+#: sssd.conf.5.xml:2008
 msgid ""
 "The background refresh will process users, groups and netgroups in the cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1962
+#: sssd.conf.5.xml:2012
 msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
 msgstr ""
 "Sie können in Betracht ziehen, diesen Wert auf 3/4 * entry_cache_timeout zu "
 "setzen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1966 sssd-ldap.5.xml:746 sssd-ipa.5.xml:254
+#: sssd.conf.5.xml:2016 sssd-ldap.5.xml:746 sssd-ipa.5.xml:254
 msgid "Default: 0 (disabled)"
 msgstr "Voreinstellung: 0 (deaktiviert)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1972
+#: sssd.conf.5.xml:2022
 msgid "cache_credentials (bool)"
 msgstr "cache_credentials (Boolesch)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1975
+#: sssd.conf.5.xml:2025
 msgid "Determines if user credentials are also cached in the local LDB cache"
 msgstr ""
 "bestimmt, ob auch Benutzerberechtigungen im lokalen LDB-Zwischenspeicher "
 "zwischengespeichert werden."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1979
+#: sssd.conf.5.xml:2029
 msgid "User credentials are stored in a SHA512 hash, not in plaintext"
 msgstr ""
 "Benutzerberechtigungen werden in einem SHA512-Hash, nicht im Klartext "
 "gespeichert."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1989
+#: sssd.conf.5.xml:2039
 msgid "cache_credentials_minimal_first_factor_length (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1992
+#: sssd.conf.5.xml:2042
 msgid ""
 "If 2-Factor-Authentication (2FA) is used and credentials should be saved "
 "this value determines the minimal length the first authentication factor "
@@ -2783,24 +2777,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1999
+#: sssd.conf.5.xml:2049
 msgid ""
 "This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
 "the cache which would make them easy targets for brute-force attacks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2004
+#: sssd.conf.5.xml:2054
 msgid "Default: 8"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2010
+#: sssd.conf.5.xml:2060
 msgid "account_cache_expiration (integer)"
 msgstr "account_cache_expiration (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2013
+#: sssd.conf.5.xml:2063
 msgid ""
 "Number of days entries are left in cache after last successful login before "
 "being removed during a cleanup of the cache. 0 means keep forever.  The "
@@ -2813,17 +2807,17 @@ msgstr ""
 "Parameters muss größer oder gleich »offline_credentials_expiration« sein."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2020
+#: sssd.conf.5.xml:2070
 msgid "Default: 0 (unlimited)"
 msgstr "Voreinstellung: 0 (unbegrenzt)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2025
+#: sssd.conf.5.xml:2075
 msgid "pwd_expiration_warning (integer)"
 msgstr "pwd_expiration_warning (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2036
+#: sssd.conf.5.xml:2086
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -2836,17 +2830,17 @@ msgstr ""
 "Authentifizierungsanbieter konfiguriert werden."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2043
+#: sssd.conf.5.xml:2093
 msgid "Default: 7 (Kerberos), 0 (LDAP)"
 msgstr "Voreinstellung: 7 (Kerberos), 0 (LDAP)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2049
+#: sssd.conf.5.xml:2099
 msgid "id_provider (string)"
 msgstr "id_provider (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2052
+#: sssd.conf.5.xml:2102
 msgid ""
 "The identification provider used for the domain.  Supported ID providers are:"
 msgstr ""
@@ -2854,17 +2848,38 @@ msgstr ""
 "werden unterstützt:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2056
-msgid "<quote>proxy</quote>: Support a legacy NSS provider"
+#: sssd.conf.5.xml:2106
+#, fuzzy
+#| msgid "<quote>proxy</quote>: Support a legacy NSS provider"
+msgid "<quote>proxy</quote>: Support a legacy NSS provider."
 msgstr "»proxy«: unterstützt einen veralteten NSS-Anbieter."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2059 sssd.conf.5.xml:2196
-msgid "<quote>local</quote>: SSSD internal provider for local users"
+#: sssd.conf.5.xml:2109
+#, fuzzy
+#| msgid "<quote>local</quote>: SSSD internal provider for local users"
+msgid ""
+"<quote>local</quote>: SSSD internal provider for local users (DEPRECATED)."
 msgstr "»local«: SSSDs interner Anbieter für lokale Benutzer"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2063
+#: sssd.conf.5.xml:2113
+#, fuzzy
+#| msgid ""
+#| "<quote>ldap</quote>: LDAP provider. See <citerefentry> "
+#| "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
+#| "citerefentry> for more information on configuring LDAP."
+msgid ""
+"<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-"
+"files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
+"information on how to mirror local users and groups into SSSD."
+msgstr ""
+"»ldap«: LDAP-Anbieter: Weitere Informationen über die Konfiguration von LDAP "
+"finden Sie unter <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry>."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2121
 msgid ""
 "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
 "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -2875,8 +2890,8 @@ msgstr ""
 "<manvolnum>5</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2071 sssd.conf.5.xml:2176 sssd.conf.5.xml:2231
-#: sssd.conf.5.xml:2294
+#: sssd.conf.5.xml:2129 sssd.conf.5.xml:2234 sssd.conf.5.xml:2289
+#: sssd.conf.5.xml:2352
 msgid ""
 "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
 "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -2889,8 +2904,8 @@ msgstr ""
 "manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2080 sssd.conf.5.xml:2185 sssd.conf.5.xml:2240
-#: sssd.conf.5.xml:2303
+#: sssd.conf.5.xml:2138 sssd.conf.5.xml:2243 sssd.conf.5.xml:2298
+#: sssd.conf.5.xml:2361
 msgid ""
 "<quote>ad</quote>: Active Directory provider. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2902,12 +2917,12 @@ msgstr ""
 "citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2091
+#: sssd.conf.5.xml:2149
 msgid "use_fully_qualified_names (bool)"
 msgstr "use_fully_qualified_names (Boolesch)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2094
+#: sssd.conf.5.xml:2152
 msgid ""
 "Use the full name and domain (as formatted by the domain's full_name_format) "
 "as the user's login name reported to NSS."
@@ -2917,7 +2932,7 @@ msgstr ""
 "Benutzers, der an NSS gemeldet wird."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2099
+#: sssd.conf.5.xml:2157
 msgid ""
 "If set to TRUE, all requests to this domain must use fully qualified names. "
 "For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -2931,7 +2946,7 @@ msgstr ""
 "test@LOCAL</command> würde ihn hingegen finden."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2107
+#: sssd.conf.5.xml:2165
 msgid ""
 "NOTE: This option has no effect on netgroup lookups due to their tendency to "
 "include nested netgroups without qualified names. For netgroups, all domains "
@@ -2943,22 +2958,22 @@ msgstr ""
 "nicht voll qualifizierter Name angefragt wird."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2114
+#: sssd.conf.5.xml:2172
 msgid "Default: FALSE (TRUE if default_domain_suffix is used)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2120
+#: sssd.conf.5.xml:2178
 msgid "ignore_group_members (bool)"
 msgstr "ignore_group_members (Boolesch)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2123
+#: sssd.conf.5.xml:2181
 msgid "Do not return group members for group lookups."
 msgstr "gibt beim Nachschlagen der Gruppe nicht die Gruppenmitglieder zurück."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2126
+#: sssd.conf.5.xml:2184
 msgid ""
 "If set to TRUE, the group membership attribute is not requested from the "
 "ldap server, and group members are not returned when processing group lookup "
@@ -2970,7 +2985,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2144
+#: sssd.conf.5.xml:2202
 msgid ""
 "Enabling this option can also make access provider checks for group "
 "membership significantly faster, especially for groups containing many "
@@ -2978,12 +2993,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2155
+#: sssd.conf.5.xml:2213
 msgid "auth_provider (string)"
 msgstr "auth_provider (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2158
+#: sssd.conf.5.xml:2216
 msgid ""
 "The authentication provider used for the domain.  Supported auth providers "
 "are:"
@@ -2992,7 +3007,7 @@ msgstr ""
 "Authentifizierungsanbieter werden unterstützt:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2162 sssd.conf.5.xml:2224
+#: sssd.conf.5.xml:2220 sssd.conf.5.xml:2282
 msgid ""
 "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3003,7 +3018,7 @@ msgstr ""
 "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2169
+#: sssd.conf.5.xml:2227
 msgid ""
 "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3015,19 +3030,24 @@ msgstr ""
 "citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2193
+#: sssd.conf.5.xml:2251
 msgid ""
 "<quote>proxy</quote> for relaying authentication to some other PAM target."
 msgstr ""
 "»proxy« zur Weitergabe der Authentifizierung an irgendein anderes PAM-Ziel"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2200
+#: sssd.conf.5.xml:2254
+msgid "<quote>local</quote>: SSSD internal provider for local users"
+msgstr "»local«: SSSDs interner Anbieter für lokale Benutzer"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2258
 msgid "<quote>none</quote> disables authentication explicitly."
 msgstr "»none« deaktiviert explizit die Authentifizierung."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2203
+#: sssd.conf.5.xml:2261
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "authentication requests."
@@ -3036,12 +3056,12 @@ msgstr ""
 "mit Authentifizierungsanfragen umgehen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2209
+#: sssd.conf.5.xml:2267
 msgid "access_provider (string)"
 msgstr "access_provider (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2212
+#: sssd.conf.5.xml:2270
 msgid ""
 "The access control provider used for the domain.  There are two built-in "
 "access providers (in addition to any included in installed backends)  "
@@ -3052,7 +3072,7 @@ msgstr ""
 "Backends enthalten sind). Interne Spezialanbieter sind:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2218
+#: sssd.conf.5.xml:2276
 msgid ""
 "<quote>permit</quote> always allow access. It's the only permitted access "
 "provider for a local domain."
@@ -3061,12 +3081,12 @@ msgstr ""
 "für eine lokale Domain."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2221
+#: sssd.conf.5.xml:2279
 msgid "<quote>deny</quote> always deny access."
 msgstr "»deny« verweigert dem Zugriff immer."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2248
+#: sssd.conf.5.xml:2306
 msgid ""
 "<quote>simple</quote> access control based on access or deny lists. See "
 "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -3079,7 +3099,7 @@ msgstr ""
 "simple</refentrytitle> <manvolnum>5</manvolnum></citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2255
+#: sssd.conf.5.xml:2313
 msgid ""
 "<quote>krb5</quote>: .k5login based access control.  See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
@@ -3087,22 +3107,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2262
+#: sssd.conf.5.xml:2320
 msgid "<quote>proxy</quote> for relaying access control to another PAM module."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2265
+#: sssd.conf.5.xml:2323
 msgid "Default: <quote>permit</quote>"
 msgstr "Voreinstellung: »permit«"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2270
+#: sssd.conf.5.xml:2328
 msgid "chpass_provider (string)"
 msgstr "chpass_provider (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2273
+#: sssd.conf.5.xml:2331
 msgid ""
 "The provider which should handle change password operations for the domain.  "
 "Supported change password providers are:"
@@ -3111,7 +3131,7 @@ msgstr ""
 "Folgende Anbieter von Passwortänderungen werden unterstützt:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2278
+#: sssd.conf.5.xml:2336
 msgid ""
 "<quote>ldap</quote> to change a password stored in a LDAP server. See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -3119,7 +3139,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2286
+#: sssd.conf.5.xml:2344
 msgid ""
 "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3131,19 +3151,19 @@ msgstr ""
 "citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2311
+#: sssd.conf.5.xml:2369
 msgid ""
 "<quote>proxy</quote> for relaying password changes to some other PAM target."
 msgstr ""
 "»proxy« zur Weitergabe der Passwortänderung an irgendein anderes PAM-Ziel"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2315
+#: sssd.conf.5.xml:2373
 msgid "<quote>none</quote> disallows password changes explicitly."
 msgstr "»none« verbietet explizit Passwortänderungen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2318
+#: sssd.conf.5.xml:2376
 msgid ""
 "Default: <quote>auth_provider</quote> is used if it is set and can handle "
 "change password requests."
@@ -3152,19 +3172,19 @@ msgstr ""
 "kann mit Passwortänderungsanfragen umgehen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2325
+#: sssd.conf.5.xml:2383
 msgid "sudo_provider (string)"
 msgstr "sudo_provider (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2328
+#: sssd.conf.5.xml:2386
 msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
 msgstr ""
 "der für diese Domain benutzte Sudo-Anbieter. Folgende Sudo-Anbieter werden "
 "unterstützt:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2332
+#: sssd.conf.5.xml:2390
 msgid ""
 "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3175,7 +3195,7 @@ msgstr ""
 "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2340
+#: sssd.conf.5.xml:2398
 msgid ""
 "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
 "settings."
@@ -3184,7 +3204,7 @@ msgstr ""
 "Vorgabeeinstellungen für IPA."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2344
+#: sssd.conf.5.xml:2402
 msgid ""
 "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
 "settings."
@@ -3193,19 +3213,19 @@ msgstr ""
 "Vorgabeeinstellungen für AD."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2348
+#: sssd.conf.5.xml:2406
 msgid "<quote>none</quote> disables SUDO explicitly."
 msgstr "»none« deaktiviert explizit Sudo."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2351 sssd.conf.5.xml:2437 sssd.conf.5.xml:2507
-#: sssd.conf.5.xml:2532
+#: sssd.conf.5.xml:2409 sssd.conf.5.xml:2495 sssd.conf.5.xml:2565
+#: sssd.conf.5.xml:2590
 msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
 msgstr ""
 "Voreinstellung: Falls gesetzt, wird der Wert von »id_provider« benutzt."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2355
+#: sssd.conf.5.xml:2413
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -3222,7 +3242,7 @@ msgstr ""
 "<manvolnum>5</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2370
+#: sssd.conf.5.xml:2428
 msgid ""
 "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the "
 "background unless the sudo provider is explicitly disabled. Set "
@@ -3231,12 +3251,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2380
+#: sssd.conf.5.xml:2438
 msgid "selinux_provider (string)"
 msgstr "selinux_provider (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2383
+#: sssd.conf.5.xml:2441
 msgid ""
 "The provider which should handle loading of selinux settings. Note that this "
 "provider will be called right after access provider ends.  Supported selinux "
@@ -3247,7 +3267,7 @@ msgstr ""
 "Zugriffsanbieter beendet hat. Folgende SELinux-Anbieter werden unterstützt:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2389
+#: sssd.conf.5.xml:2447
 msgid ""
 "<quote>ipa</quote> to load selinux settings from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -3259,12 +3279,12 @@ msgstr ""
 "manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2397
+#: sssd.conf.5.xml:2455
 msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
 msgstr "»none« verbietet explizit das Abholen von SELinux-Einstellungen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2400
+#: sssd.conf.5.xml:2458
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "selinux loading requests."
@@ -3273,12 +3293,12 @@ msgstr ""
 "kann SELinux-Ladeanfragen handhaben."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2406
+#: sssd.conf.5.xml:2464
 msgid "subdomains_provider (string)"
 msgstr "subdomains_provider (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2409
+#: sssd.conf.5.xml:2467
 msgid ""
 "The provider which should handle fetching of subdomains. This value should "
 "be always the same as id_provider.  Supported subdomain providers are:"
@@ -3288,7 +3308,7 @@ msgstr ""
 "werden unterstützt:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2415
+#: sssd.conf.5.xml:2473
 msgid ""
 "<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -3300,7 +3320,7 @@ msgstr ""
 "citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2424
+#: sssd.conf.5.xml:2482
 msgid ""
 "<quote>ad</quote> to load a list of subdomains from an Active Directory "
 "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -3309,19 +3329,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2433
+#: sssd.conf.5.xml:2491
 msgid "<quote>none</quote> disallows fetching subdomains explicitly."
 msgstr "»none« deaktiviert explizit das Abholen von Subdomains."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2443
-#, fuzzy
-#| msgid "selinux_provider (string)"
+#: sssd.conf.5.xml:2501
 msgid "session_provider (string)"
-msgstr "selinux_provider (Zeichenkette)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2446
+#: sssd.conf.5.xml:2504
 msgid ""
 "The provider which configures and manages user session related tasks. The "
 "only user session task currently provided is the integration with Fleet "
@@ -3329,43 +3347,37 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2453
+#: sssd.conf.5.xml:2511
 msgid "<quote>ipa</quote> to allow performing user session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2457
+#: sssd.conf.5.xml:2515
 msgid ""
 "<quote>none</quote> does not perform any kind of user session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2461
-#, fuzzy
-#| msgid ""
-#| "Default: <quote>id_provider</quote> is used if it is set and can handle "
-#| "selinux loading requests."
+#: sssd.conf.5.xml:2519
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can perform "
 "session related tasks."
 msgstr ""
-"Voreinstellung: Falls gesetzt, wird der Wert von »id_provider« benutzt. Er "
-"kann SELinux-Ladeanfragen handhaben."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2465
+#: sssd.conf.5.xml:2523
 msgid ""
 "<emphasis>NOTE:</emphasis> In order to have this feature working as expected "
 "SSSD must be running as \"root\" and not as the unprivileged user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2473
+#: sssd.conf.5.xml:2531
 msgid "autofs_provider (string)"
 msgstr "autofs_provider (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2476
+#: sssd.conf.5.xml:2534
 msgid ""
 "The autofs provider used for the domain.  Supported autofs providers are:"
 msgstr ""
@@ -3373,7 +3385,7 @@ msgstr ""
 "»autofs« werden unterstützt:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2480
+#: sssd.conf.5.xml:2538
 msgid ""
 "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3385,7 +3397,7 @@ msgstr ""
 "citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2487
+#: sssd.conf.5.xml:2545
 msgid ""
 "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
 "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3397,7 +3409,7 @@ msgstr ""
 "citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2495
+#: sssd.conf.5.xml:2553
 msgid ""
 "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3405,17 +3417,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2504
+#: sssd.conf.5.xml:2562
 msgid "<quote>none</quote> disables autofs explicitly."
 msgstr "»none« deaktiviert explizit »autofs«."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2514
+#: sssd.conf.5.xml:2572
 msgid "hostid_provider (string)"
 msgstr "hostid_provider (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2517
+#: sssd.conf.5.xml:2575
 msgid ""
 "The provider used for retrieving host identity information.  Supported "
 "hostid providers are:"
@@ -3424,7 +3436,7 @@ msgstr ""
 "wird. Folgende Anbieter von »hostid« werden unterstützt:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2521
+#: sssd.conf.5.xml:2579
 msgid ""
 "<quote>ipa</quote> to load host identity stored in an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -3436,12 +3448,12 @@ msgstr ""
 "manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2529
+#: sssd.conf.5.xml:2587
 msgid "<quote>none</quote> disables hostid explicitly."
 msgstr "»none« deaktiviert explizit »hostid«."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2542
+#: sssd.conf.5.xml:2600
 msgid ""
 "Regular expression for this domain that describes how to parse the string "
 "containing user name and domain into these components.  The \"domain\" can "
@@ -3456,7 +3468,7 @@ msgstr ""
 "(NetBIOS-) Namen der Domain entsprechen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2551
+#: sssd.conf.5.xml:2609
 msgid ""
 "Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
 "\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -3468,22 +3480,22 @@ msgstr ""
 "P&lt;Name&gt;[^@\\\\]+)$))« "
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2556
+#: sssd.conf.5.xml:2614
 msgid "username"
 msgstr "Benutzername"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2559
+#: sssd.conf.5.xml:2617
 msgid "username@domain.name"
 msgstr "Benutzername@Domain.Name"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2562
+#: sssd.conf.5.xml:2620
 msgid "domain\\username"
 msgstr "Domain\\Benutzername"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2565
+#: sssd.conf.5.xml:2623
 msgid ""
 "While the first two correspond to the general default the third one is "
 "introduced to allow easy integration of users from Windows domains."
@@ -3493,7 +3505,7 @@ msgstr ""
 "Windows-Domains zu ermöglichen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2570
+#: sssd.conf.5.xml:2628
 msgid ""
 "Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
 "which translates to \"the name is everything up to the <quote>@</quote> "
@@ -3503,7 +3515,7 @@ msgstr ""
 "bedeutet »der Name ist alles bis zum »@«-Zeichen, die Domain alles danach«"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2576
+#: sssd.conf.5.xml:2634
 msgid ""
 "PLEASE NOTE: the support for non-unique named subpatterns is not available "
 "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -3515,7 +3527,7 @@ msgstr ""
 "eindeutig benannte Musterteile unterstützen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2583
+#: sssd.conf.5.xml:2641
 msgid ""
 "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
 "P&lt;name&gt;) to label subpatterns."
@@ -3524,17 +3536,17 @@ msgstr ""
 "Beschriftungsmusterteile nur die Python-Syntax (?P&lt;Name&gt;)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2630
+#: sssd.conf.5.xml:2688
 msgid "Default: <quote>%1$s@%2$s</quote>."
 msgstr "Voreinstellung: »%1$s@%2$s«"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2636
+#: sssd.conf.5.xml:2694
 msgid "lookup_family_order (string)"
 msgstr "lookup_family_order (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2639
+#: sssd.conf.5.xml:2697
 msgid ""
 "Provides the ability to select preferred address family to use when "
 "performing DNS lookups."
@@ -3542,82 +3554,73 @@ msgstr ""
 "ermöglicht es, die bei DNS-Abfragen zu bevorzugende Adressfamilie zu wählen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2643
+#: sssd.conf.5.xml:2701
 msgid "Supported values:"
 msgstr "unterstützte Werte:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2646
+#: sssd.conf.5.xml:2704
 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
 msgstr ""
 "ipv4_first: versucht die IPv4- und, falls dies fehlschlägt, die IPv6-Adresse "
 "nachzuschlagen"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2649
+#: sssd.conf.5.xml:2707
 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
 msgstr "ipv4_only: versucht, nur Rechnernamen zu IPv4-Adressen aufzulösen"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2652
+#: sssd.conf.5.xml:2710
 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
 msgstr ""
 "ipv6_first: versucht die IPv6- und, falls dies fehlschlägt, die IPv4-Adresse "
 "nachzuschlagen"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2655
+#: sssd.conf.5.xml:2713
 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
 msgstr "ipv6_only: versucht, nur Rechnernamen zu IPv6-Adressen aufzulösen"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2658
+#: sssd.conf.5.xml:2716
 msgid "Default: ipv4_first"
 msgstr "Voreinstellung: ipv4_first"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2664
+#: sssd.conf.5.xml:2722
 msgid "dns_resolver_timeout (integer)"
 msgstr "dns_resolver_timeout (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2667
-#, fuzzy
-#| msgid ""
-#| "Defines the amount of time (in seconds) to wait for a reply from the DNS "
-#| "resolver before assuming that it is unreachable. If this timeout is "
-#| "reached, the domain will continue to operate in offline mode."
+#: sssd.conf.5.xml:2725
 msgid ""
 "Defines the amount of time (in seconds) to wait for a reply from the "
 "internal fail over service before assuming that the service is unreachable. "
 "If this timeout is reached, the domain will continue to operate in offline "
 "mode."
 msgstr ""
-"definiert die Zeit (in Sekunden), die auf eine Antwort vom DNS-Resolver "
-"gewartet werden soll, bevor davon ausgegangen wird, dass er nicht erreichbar "
-"ist. Falls diese Zeitüberschreitung auftritt, wird die Domain weiterhin im "
-"Offline-Modus arbeiten."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2674
+#: sssd.conf.5.xml:2732
 msgid ""
 "Please see the section <quote>FAILOVER</quote> for more information about "
 "the service resolution."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2679 sssd-ldap.5.xml:1396 sssd-ldap.5.xml:1438
+#: sssd.conf.5.xml:2737 sssd-ldap.5.xml:1396 sssd-ldap.5.xml:1438
 #: sssd-ldap.5.xml:1456 sssd-krb5.5.xml:248
 msgid "Default: 6"
 msgstr "Voreinstellung: 6"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2685
+#: sssd.conf.5.xml:2743
 msgid "dns_discovery_domain (string)"
 msgstr "dns_discovery_domain (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2688
+#: sssd.conf.5.xml:2746
 msgid ""
 "If service discovery is used in the back end, specifies the domain part of "
 "the service discovery DNS query."
@@ -3626,52 +3629,52 @@ msgstr ""
 "DNS-Dienstabfrage an."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2692
+#: sssd.conf.5.xml:2750
 msgid "Default: Use the domain part of machine's hostname"
 msgstr "Voreinstellung: Der Domain-Teil des Rechnernamens wird benutzt."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2698
+#: sssd.conf.5.xml:2756
 msgid "override_gid (integer)"
 msgstr "override_gid (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2701
+#: sssd.conf.5.xml:2759
 msgid "Override the primary GID value with the one specified."
 msgstr "überschreibt die Haupt-GID mit der angegebenen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2707
+#: sssd.conf.5.xml:2765
 msgid "case_sensitive (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2715
+#: sssd.conf.5.xml:2773
 msgid "True"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2718
+#: sssd.conf.5.xml:2776
 msgid "Case sensitive. This value is invalid for AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2724
+#: sssd.conf.5.xml:2782
 msgid "False"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2726
+#: sssd.conf.5.xml:2784
 msgid "Case insensitive."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2730
+#: sssd.conf.5.xml:2788
 msgid "Preserving"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2733
+#: sssd.conf.5.xml:2791
 msgid ""
 "Same as False (case insensitive), but does not lowercase names in the result "
 "of NSS operations. Note that name aliases (and in case of services also "
@@ -3679,7 +3682,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2710
+#: sssd.conf.5.xml:2768
 msgid ""
 "Treat user and group names as case sensitive. At the moment, this option is "
 "not supported in the local provider. Possible option values are: "
@@ -3687,17 +3690,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2745
+#: sssd.conf.5.xml:2803
 msgid "Default: True (False for AD provider)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2751
+#: sssd.conf.5.xml:2809
 msgid "subdomain_inherit (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2754
+#: sssd.conf.5.xml:2812
 msgid ""
 "Specifies a list of configuration parameters that should be inherited by a "
 "subdomain. Please note that only selected parameters can be inherited.  "
@@ -3705,34 +3708,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2760
+#: sssd.conf.5.xml:2818
 msgid "ignore_group_members"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2763
+#: sssd.conf.5.xml:2821
 msgid "ldap_purge_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2766 sssd-ldap.5.xml:1120
+#: sssd.conf.5.xml:2824 sssd-ldap.5.xml:1120
 msgid "ldap_use_tokengroups"
 msgstr "ldap_use_tokengroups"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2769
+#: sssd.conf.5.xml:2827
 msgid "ldap_user_principal"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2772
+#: sssd.conf.5.xml:2830
 msgid ""
 "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
 "is not set explicitly)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:2778
+#: sssd.conf.5.xml:2836
 #, no-wrap
 msgid ""
 "subdomain_inherit = ldap_purge_cache_timeout\n"
@@ -3740,32 +3743,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2776 sssd-secrets.5.xml:448
+#: sssd.conf.5.xml:2834 sssd-secrets.5.xml:448
 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2785
+#: sssd.conf.5.xml:2843
 msgid "Note: This option only works with the IPA and AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2792
+#: sssd.conf.5.xml:2850
 msgid "subdomain_homedir (string)"
 msgstr "subdomain_homedir (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2803
+#: sssd.conf.5.xml:2861
 msgid "%F"
 msgstr "%F"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2804
+#: sssd.conf.5.xml:2862
 msgid "flat (NetBIOS) name of a subdomain."
 msgstr "flacher (NetBIOS-) Name einer Subdomain"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2795
+#: sssd.conf.5.xml:2853
 msgid ""
 "Use this homedir as default value for all subdomains within this domain in "
 "IPA AD trust.  See <emphasis>override_homedir</emphasis> for info about "
@@ -3780,7 +3783,7 @@ msgstr ""
 "verwendet werden.  <placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2809
+#: sssd.conf.5.xml:2867
 msgid ""
 "The value can be overridden by <emphasis>override_homedir</emphasis> option."
 msgstr ""
@@ -3788,17 +3791,17 @@ msgstr ""
 "überschrieben werden."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2813
+#: sssd.conf.5.xml:2871
 msgid "Default: <filename>/home/%d/%u</filename>"
 msgstr "Voreinstellung: <filename>/home/%d/%u</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2818
+#: sssd.conf.5.xml:2876
 msgid "realmd_tags (string)"
 msgstr "realmd_tags (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2821
+#: sssd.conf.5.xml:2879
 msgid ""
 "Various tags stored by the realmd configuration service for this domain."
 msgstr ""
@@ -3806,12 +3809,12 @@ msgstr ""
 "Kennzeichnungen"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2827
+#: sssd.conf.5.xml:2885
 msgid "cached_auth_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2830
+#: sssd.conf.5.xml:2888
 msgid ""
 "Specifies time in seconds since last successful online authentication for "
 "which user will be authenticated using cached credentials while SSSD is in "
@@ -3819,12 +3822,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2836
+#: sssd.conf.5.xml:2894
 msgid "Special value 0 implies that this feature is disabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2840
+#: sssd.conf.5.xml:2898
 msgid ""
 "Please note that if <quote>cached_auth_timeout</quote> is longer than "
 "<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -3832,28 +3835,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2851
-#, fuzzy
-#| msgid "autofs_provider (string)"
+#: sssd.conf.5.xml:2909
 msgid "auto_private_groups (string)"
-msgstr "autofs_provider (Zeichenkette)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2854
+#: sssd.conf.5.xml:2912
 msgid ""
 "If this option is enabled, SSSD will automatically create user private "
 "groups based on user's UID number. The GID number is ignored in this case."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2859
+#: sssd.conf.5.xml:2917
 msgid ""
 "For POSIX subdomains, setting the option in the main domain is inherited in "
 "the subdomain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2863
+#: sssd.conf.5.xml:2921
 msgid ""
 "For ID-mapping subdomains, auto_private_groups is already enabled for the "
 "subdomains and setting it to false will not have any effect for the "
@@ -3861,7 +3862,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2868
+#: sssd.conf.5.xml:2926
 msgid ""
 "NOTE: Because the GID number and the user private group are inferred from "
 "the UID number, it is not supported to have multiple entries with the same "
@@ -3870,7 +3871,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1677
+#: sssd.conf.5.xml:1727
 msgid ""
 "These configuration options can be present in a domain configuration "
 "section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -3882,17 +3883,17 @@ msgstr ""
 "\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2887
+#: sssd.conf.5.xml:2945
 msgid "proxy_pam_target (string)"
 msgstr "proxy_pam_target (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2890
+#: sssd.conf.5.xml:2948
 msgid "The proxy target PAM proxies to."
 msgstr "das Proxy-Ziel, an das PAM weiterleitet"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2893
+#: sssd.conf.5.xml:2951
 msgid ""
 "Default: not set by default, you have to take an existing pam configuration "
 "or create a new one and add the service name here."
@@ -3902,12 +3903,12 @@ msgstr ""
 "hinzufügen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2901
+#: sssd.conf.5.xml:2959
 msgid "proxy_lib_name (string)"
 msgstr "proxy_lib_name (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2904
+#: sssd.conf.5.xml:2962
 msgid ""
 "The name of the NSS library to use in proxy domains. The NSS functions "
 "searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -3918,12 +3919,12 @@ msgstr ""
 "$(libName)_$(function)«, zum Beispiel »_nss_files_getpwent«."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2914
+#: sssd.conf.5.xml:2972
 msgid "proxy_fast_alias (boolean)"
 msgstr "proxy_fast_alias (Boolesch)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2917
+#: sssd.conf.5.xml:2975
 msgid ""
 "When a user or group is looked up by name in the proxy provider, a second "
 "lookup by ID is performed to \"canonicalize\" the name in case the requested "
@@ -3937,12 +3938,12 @@ msgstr ""
 "veranlassen, die ID im Zwischenspeicher nachzuschlagen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2931
+#: sssd.conf.5.xml:2989
 msgid "proxy_max_children (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2934
+#: sssd.conf.5.xml:2992
 msgid ""
 "This option specifies the number of pre-forked proxy children. It is useful "
 "for high-load SSSD environments where sssd may run out of available child "
@@ -3950,7 +3951,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2883
+#: sssd.conf.5.xml:2941
 msgid ""
 "Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
 "\"0\"/>"
@@ -3959,12 +3960,12 @@ msgstr ""
 "\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2950
+#: sssd.conf.5.xml:3008
 msgid "Application domains"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2952
+#: sssd.conf.5.xml:3010
 msgid ""
 "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</"
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to "
@@ -3981,7 +3982,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2972
+#: sssd.conf.5.xml:3030
 msgid ""
 "Please note that the application domain must still be explicitly enabled in "
 "the <quote>domains</quote> parameter so that the lookup order between the "
@@ -3989,17 +3990,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:2978
+#: sssd.conf.5.xml:3036
 msgid "Application domain parameters"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2980
+#: sssd.conf.5.xml:3038
 msgid "inherit_from (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2983
+#: sssd.conf.5.xml:3041
 msgid ""
 "The SSSD POSIX-type domain the application domain inherits all settings "
 "from. The application domain can moreover add its own settings to the "
@@ -4008,7 +4009,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2997
+#: sssd.conf.5.xml:3055
 msgid ""
 "The following example illustrates the use of an application domain. In this "
 "setup, the POSIX domain is connected to an LDAP server and is used by the OS "
@@ -4018,7 +4019,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting>
-#: sssd.conf.5.xml:3005
+#: sssd.conf.5.xml:3063
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -4038,12 +4039,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:3023
+#: sssd.conf.5.xml:3081
 msgid "The local domain section"
 msgstr "Der Abschnitt lokale Domain"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:3025
+#: sssd.conf.5.xml:3083
 msgid ""
 "This section contains settings for domain that stores users and groups in "
 "SSSD native database, that is, a domain that uses "
@@ -4054,29 +4055,29 @@ msgstr ""
 "<replaceable>ID_Anbieter=lokal</replaceable> benutzt."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3032
+#: sssd.conf.5.xml:3090
 msgid "default_shell (string)"
 msgstr "default_shell (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3035
+#: sssd.conf.5.xml:3093
 msgid "The default shell for users created with SSSD userspace tools."
 msgstr ""
 "die Standard-Shell für Anwender, die mit den SSSD-Werkzeugen für den "
 "Benutzerbereich erstellt wurde."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3039
+#: sssd.conf.5.xml:3097
 msgid "Default: <filename>/bin/bash</filename>"
 msgstr "Voreinstellung: <filename>/bin/bash</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3044
+#: sssd.conf.5.xml:3102
 msgid "base_directory (string)"
 msgstr "base_directory (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3047
+#: sssd.conf.5.xml:3105
 msgid ""
 "The tools append the login name to <replaceable>base_directory</replaceable> "
 "and use that as the home directory."
@@ -4085,17 +4086,17 @@ msgstr ""
 "replaceable> und benutzen dies als Home-Verzeichnis."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3052
+#: sssd.conf.5.xml:3110
 msgid "Default: <filename>/home</filename>"
 msgstr "Voreinstellung: <filename>/home</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3057
+#: sssd.conf.5.xml:3115
 msgid "create_homedir (bool)"
 msgstr "create_homedir (Boolesch)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3060
+#: sssd.conf.5.xml:3118
 msgid ""
 "Indicate if a home directory should be created by default for new users.  "
 "Can be overridden on command line."
@@ -4104,17 +4105,17 @@ msgstr ""
 "werden soll; kann auf der Befehlszeile überschrieben werden"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3064 sssd.conf.5.xml:3076
+#: sssd.conf.5.xml:3122 sssd.conf.5.xml:3134
 msgid "Default: TRUE"
 msgstr "Voreinstellung: TRUE"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3069
+#: sssd.conf.5.xml:3127
 msgid "remove_homedir (bool)"
 msgstr "remove_homedir (Boolesch)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3072
+#: sssd.conf.5.xml:3130
 msgid ""
 "Indicate if a home directory should be removed by default for deleted "
 "users.  Can be overridden on command line."
@@ -4123,12 +4124,12 @@ msgstr ""
 "entfernt werden soll; kann auf der Befehlszeile überschrieben werden"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3081
+#: sssd.conf.5.xml:3139
 msgid "homedir_umask (integer)"
 msgstr "homedir_umask (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3084
+#: sssd.conf.5.xml:3142
 msgid ""
 "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
 "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -4139,17 +4140,17 @@ msgstr ""
 "Standardzugriffsrechte für ein neu erstelltes Home-Verzeichnis anzugeben."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3092
+#: sssd.conf.5.xml:3150
 msgid "Default: 077"
 msgstr "Voreinstellung: 077"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3097
+#: sssd.conf.5.xml:3155
 msgid "skel_dir (string)"
 msgstr "skel_dir (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3100
+#: sssd.conf.5.xml:3158
 msgid ""
 "The skeleton directory, which contains files and directories to be copied in "
 "the user's home directory, when the home directory is created by "
@@ -4162,17 +4163,17 @@ msgstr ""
 "<manvolnum>8</manvolnum> </citerefentry> erstellt wird"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3110
+#: sssd.conf.5.xml:3168
 msgid "Default: <filename>/etc/skel</filename>"
 msgstr "Voreinstellung: <filename>/etc/skel</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3115
+#: sssd.conf.5.xml:3173
 msgid "mail_dir (string)"
 msgstr "mail_dir (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3118
+#: sssd.conf.5.xml:3176
 msgid ""
 "The mail spool directory. This is needed to manipulate the mailbox when its "
 "corresponding user account is modified or deleted.  If not specified, a "
@@ -4183,17 +4184,17 @@ msgstr ""
 "wurde. Ist dies nicht angegeben wird ein Standardwert verwendet."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3125
+#: sssd.conf.5.xml:3183
 msgid "Default: <filename>/var/mail</filename>"
 msgstr "Voreinstellung: <filename>/var/mail</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3130
+#: sssd.conf.5.xml:3188
 msgid "userdel_cmd (string)"
 msgstr "userdel_cmd (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3133
+#: sssd.conf.5.xml:3191
 msgid ""
 "The command that is run after a user is removed.  The command us passed the "
 "username of the user being removed as the first and only parameter. The "
@@ -4205,17 +4206,17 @@ msgstr ""
 "berücksichtigt."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3139
+#: sssd.conf.5.xml:3197
 msgid "Default: None, no command is run"
 msgstr "Voreinstellung: keine, es wird kein Befehl ausgeführt"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:3149
+#: sssd.conf.5.xml:3207
 msgid "TRUSTED DOMAIN SECTION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3151
+#: sssd.conf.5.xml:3209
 msgid ""
 "Some options used in the domain section can also be used in the trusted "
 "domain section, that is, in a section called <quote>[domain/"
@@ -4226,64 +4227,64 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3158
+#: sssd.conf.5.xml:3216
 msgid "ldap_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3159
+#: sssd.conf.5.xml:3217
 msgid "ldap_user_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3160
+#: sssd.conf.5.xml:3218
 msgid "ldap_group_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3161
+#: sssd.conf.5.xml:3219
 msgid "ldap_netgroup_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3162
+#: sssd.conf.5.xml:3220
 msgid "ldap_service_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3163
+#: sssd.conf.5.xml:3221
 msgid "ad_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3164
+#: sssd.conf.5.xml:3222
 msgid "ad_backup_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3165
+#: sssd.conf.5.xml:3223
 msgid "ad_site,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3166
+#: sssd.conf.5.xml:3224
 msgid "use_fully_qualified_names"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3168
+#: sssd.conf.5.xml:3226
 msgid ""
 "For more details about these options see their individual description in the "
 "manual page."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:3174 idmap_sss.8.xml:43
+#: sssd.conf.5.xml:3232 idmap_sss.8.xml:43
 msgid "EXAMPLES"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:3180
+#: sssd.conf.5.xml:3238
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -4337,26 +4338,16 @@ msgstr ""
 "enumerate = False\n"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3176
-#, fuzzy
-#| msgid ""
-#| "The following example shows a typical SSSD config. It does not describe "
-#| "configuration of the domains themselves - refer to documentation on "
-#| "configuring domains for more details.  <placeholder type=\"programlisting"
-#| "\" id=\"0\"/>"
+#: sssd.conf.5.xml:3234
 msgid ""
 "1. The following example shows a typical SSSD config. It does not describe "
 "configuration of the domains themselves - refer to documentation on "
 "configuring domains for more details.  <placeholder type=\"programlisting\" "
 "id=\"0\"/>"
 msgstr ""
-"Das folgende Beispiel zeigt eine typische SSSD-Konfiguration. Sie beschreibt "
-"nicht die Konfiguration der Domains selbst – weitere Einzelheiten finden Sie "
-"in der Dokumentation zum Konfigurieren von Domains. <placeholder type="
-"\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:3213
+#: sssd.conf.5.xml:3271
 #, no-wrap
 msgid ""
 "[domain/ipa.com/child.ad.com]\n"
@@ -4364,7 +4355,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3207
+#: sssd.conf.5.xml:3265
 msgid ""
 "2. The following example shows configuration of IPA AD trust where the AD "
 "forest consists of two domains in a parent-child structure.  Suppose IPA "
@@ -4426,7 +4417,7 @@ msgstr ""
 "unter »ldap_access_filter«."
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:81 sssd-ad.5.xml:112
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:81 sssd-ad.5.xml:115
 #: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44 sssd-files.5.xml:57
 #: sssd-secrets.5.xml:120 sssd-session-recording.5.xml:58 sssd-kcm.8.xml:139
 msgid "CONFIGURATION OPTIONS"
@@ -4550,7 +4541,7 @@ msgstr ""
 "rfc/rfc2254.txt spezifiziert, sein."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:662 sssd-ad.5.xml:283
+#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:662 sssd-ad.5.xml:286
 #: sss_override.8.xml:137 sss_override.8.xml:234
 msgid "Examples:"
 msgstr "Beispiele:"
@@ -5474,62 +5465,36 @@ msgstr "Voreinstellung: host"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:833
-#, fuzzy
-#| msgid "ldap_user_authorized_host (string)"
 msgid "ldap_user_authorized_rhost (string)"
-msgstr "ldap_user_authorized_host (Zeichenkette)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:836
-#, fuzzy
-#| msgid ""
-#| "If access_provider=ldap and ldap_access_order=host, SSSD will use the "
-#| "presence of the host attribute in the user's LDAP entry to determine "
-#| "access privilege."
 msgid ""
 "If access_provider=ldap and ldap_access_order=rhost, SSSD will use the "
 "presence of the rhost attribute in the user's LDAP entry to determine access "
 "privilege. Similarly to host verification process."
 msgstr ""
-"Falls »access_provider=ldap« und »ldap_access_order=host« benutzt werden, "
-"wird SSSD die Anwesenheit das Attributs »host« im LDAP-Eintrag den Benutzers "
-"verwenden, um die Zugriffsrechte zu bestimmen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:843
-#, fuzzy
-#| msgid ""
-#| "An explicit deny (!host) is resolved first. Second, SSSD searches for "
-#| "explicit allow (host) and finally for allow_all (*)."
 msgid ""
 "An explicit deny (!rhost) is resolved first. Second, SSSD searches for "
 "explicit allow (rhost) and finally for allow_all (*)."
 msgstr ""
-"Ein explizites Verweigern (»!host«) wird zuerst aufgelöst. Als Zweites sucht "
-"SSSD eine explizite Erlaubnis (»host«) und zuletzt nach »allow_all« (*)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:848
-#, fuzzy
-#| msgid ""
-#| "Please note that the ldap_access_order configuration option "
-#| "<emphasis>must</emphasis> include <quote>host</quote> in order for the "
-#| "ldap_user_authorized_host option to work."
 msgid ""
 "Please note that the ldap_access_order configuration option <emphasis>must</"
 "emphasis> include <quote>rhost</quote> in order for the "
 "ldap_user_authorized_rhost option to work."
 msgstr ""
-"Bitte beachten Sie, dass die Konfigurationsoption »ldap_access_order« »host« "
-"enthalten <emphasis>muss</emphasis>, damit die Option "
-"»ldap_user_authorized_host« funktioniert."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:855
-#, fuzzy
-#| msgid "Default: host"
 msgid "Default: rhost"
-msgstr "Voreinstellung: host"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:861
@@ -5543,10 +5508,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:868
-#, fuzzy
-#| msgid "Default: filter"
 msgid "Default: userCertificate;binary"
-msgstr "Voreinstellung: filter"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:874
@@ -5925,17 +5888,13 @@ msgstr "ldap_netgroup_modify_timestamp (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1216
-#, fuzzy
-#| msgid "ldap_user_object_class (string)"
 msgid "ldap_host_object_class (string)"
-msgstr "ldap_user_object_class (Zeichenkette)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1219
-#, fuzzy
-#| msgid "The object class of a user entry in LDAP."
 msgid "The object class of a host entry in LDAP."
-msgstr "die Objektklasse eines Benutzereintrags in LDAP"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1222 sssd-ldap.5.xml:1331
@@ -5944,76 +5903,55 @@ msgstr "Voreinstellung: ipService"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1228
-#, fuzzy
-#| msgid "ad_hostname (string)"
 msgid "ldap_host_name (string)"
-msgstr "ad_hostname (Zeichenkette)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1257
-#, fuzzy
-#| msgid "The LDAP attribute that corresponds to the group name."
 msgid "The LDAP attribute that corresponds to the host's name."
-msgstr "das LDAP-Attribut, das dem Gruppennamen entspricht"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1241
-#, fuzzy
-#| msgid "ldap_sudo_hostnames (string)"
 msgid "ldap_host_fqdn (string)"
-msgstr "ldap_sudo_hostnames (Zeichenkette)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1244
-#, fuzzy
-#| msgid "The LDAP attribute that corresponds to the user's full name."
 msgid ""
 "The LDAP attribute that corresponds to the host's fully-qualified domain "
 "name."
-msgstr "das LDAP-Attribut, das dem vollständigen Benutzernamen entspricht"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1248
-#, fuzzy
-#| msgid "Default: cn"
 msgid "Default: fqdn"
-msgstr "Voreinstellung: cn"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1254
-#, fuzzy
-#| msgid "ldap_dns_service_name (string)"
 msgid "ldap_host_serverhostname (string)"
-msgstr "ldap_dns_service_name (Zeichenkette)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1261
-#, fuzzy
-#| msgid "Default: sudoHost"
 msgid "Default: serverHostname"
-msgstr "Voreinstellung: sudoHost"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1267
-#, fuzzy
-#| msgid "ldap_user_member_of (string)"
 msgid "ldap_host_member_of (string)"
-msgstr "ldap_user_member_of (Zeichenkette)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1270
-#, fuzzy
-#| msgid "The LDAP attribute that lists the user's group memberships."
 msgid "The LDAP attribute that lists the host's group memberships."
 msgstr ""
-"das LDAP-Attribut, das die Gruppenmitgliedschaften des Benutzers aufführt"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1280
-#, fuzzy
-#| msgid "ipa_host_search_base (string)"
 msgid "ldap_host_search_base (string)"
-msgstr "ipa_host_search_base (Zeichenkette)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1283
@@ -6039,32 +5977,23 @@ msgstr "Voreinstellung: der Wert von <emphasis>ldap_search_base</emphasis>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1299
-#, fuzzy
-#| msgid "ldap_user_ssh_public_key (string)"
 msgid "ldap_host_ssh_public_key (string)"
-msgstr "ldap_user_ssh_public_key (Zeichenkette)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1302
-#, fuzzy
-#| msgid "The LDAP attribute that contains the user's SSH public keys."
 msgid "The LDAP attribute that contains the host's SSH public keys."
 msgstr ""
-"das LDAP-Attribut, das die öffentlichen SSH-Schlüssel des Benutzers enthält"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1312
-#, fuzzy
-#| msgid "ldap_sasl_authid (string)"
 msgid "ldap_host_uuid (string)"
-msgstr "ldap_sasl_authid (Zeichenkette)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1315
-#, fuzzy
-#| msgid "The LDAP attribute that contains the port managed by this service."
 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP host object."
-msgstr "das LDAP-Attribut, das den von diesem Dienst verwalteten Port enthält"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1325
@@ -6723,7 +6652,7 @@ msgstr ""
 "gibt die Lebensdauer eines TGT in Sekunden an, falls GSSAPI benutzt wird."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1853 sssd-ad.5.xml:934
+#: sssd-ldap.5.xml:1853 sssd-ad.5.xml:937
 msgid "Default: 86400 (24 hours)"
 msgstr "Voreinstellung: 86400 (24 Stunden)"
 
@@ -7241,15 +7170,10 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:2237
-#, fuzzy
-#| msgid ""
-#| "<emphasis>host</emphasis>: use the host attribute to determine access"
 msgid ""
 "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
 "remote host can access"
 msgstr ""
-"<emphasis>host</emphasis>: verwendet das Attribut »host«, um zu bestimmen, "
-"ob Zugriff gewährt wird."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:2241
@@ -7397,10 +7321,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:2341 sssd-ifp.5.xml:136
-#, fuzzy
-#| msgid "ldap_opt_timeout (integer)"
 msgid "wildcard_limit (integer)"
-msgstr "ldap_opt_timeout (Ganzzahl)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:2344
@@ -7984,8 +7906,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd-ldap.5.xml:2816 sssd-simple.5.xml:131 sssd-ipa.5.xml:736
-#: sssd-ad.5.xml:1038 sssd-krb5.5.xml:570 sss_rpcidmapd.5.xml:98
-#: sssd-files.5.xml:71 sssd-session-recording.5.xml:144
+#: sssd-ad.5.xml:1041 sssd-krb5.5.xml:570 sss_rpcidmapd.5.xml:98
+#: sssd-files.5.xml:103 sssd-session-recording.5.xml:144
 msgid "EXAMPLE"
 msgstr "BEISPIEL"
 
@@ -8015,8 +7937,8 @@ msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para>
 #: sssd-ldap.5.xml:2823 sssd-ldap.5.xml:2841 sssd-simple.5.xml:139
-#: sssd-ipa.5.xml:744 sssd-ad.5.xml:1046 sssd-sudo.5.xml:56 sssd-krb5.5.xml:579
-#: sssd-files.5.xml:78 sssd-session-recording.5.xml:150
+#: sssd-ipa.5.xml:744 sssd-ad.5.xml:1049 sssd-sudo.5.xml:56 sssd-krb5.5.xml:579
+#: sssd-files.5.xml:110 sssd-session-recording.5.xml:150
 #: include/ldap_id_mapping.xml:105
 msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
@@ -8051,7 +7973,7 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd-ldap.5.xml:2857 sssd_krb5_locator_plugin.8.xml:61 sssd-simple.5.xml:148
-#: sssd-ad.5.xml:1061 sssd.8.xml:230 sss_seed.8.xml:163
+#: sssd-ad.5.xml:1064 sssd.8.xml:230 sss_seed.8.xml:163
 msgid "NOTES"
 msgstr "ANMERKUNGEN"
 
@@ -8560,7 +8482,7 @@ msgstr ""
 "Lokale Gruppen werden nicht ausgewertet."
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:82 sssd-ad.5.xml:113
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:82 sssd-ad.5.xml:116
 msgid ""
 "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
 "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -8677,23 +8599,24 @@ msgstr ""
 msgid ""
 "The rules are processed by priority while the number '0' (zero)  indicates "
 "the highest priority. The higher the number the lower is the priority. A "
-"missing value indicates the lowest priority."
+"missing value indicates the lowest priority. The rules processing is stopped "
+"when a matched rule is found and no further rules are checked."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:50
+#: sss-certmap.5.xml:52
 msgid ""
 "Internally the priority is treated as unsigned 32bit integer, using a "
 "priority value larger than 4294967295 will cause an error."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sss-certmap.5.xml:55
+#: sss-certmap.5.xml:57
 msgid "MATCHING RULE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:57
+#: sss-certmap.5.xml:59
 msgid ""
 "The matching rule is used to select a certificate to which the mapping rule "
 "should be applied. It uses a system similar to the one used by "
@@ -8705,12 +8628,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:69
+#: sss-certmap.5.xml:71
 msgid "&lt;SUBJECT&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:72
+#: sss-certmap.5.xml:74
 msgid ""
 "With this a part or the whole subject name of the certificate can be "
 "matched. For the matching POSIX Extended Regular Expression syntax is used, "
@@ -8718,7 +8641,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:78
+#: sss-certmap.5.xml:80
 msgid ""
 "For the matching the subject name stored in the certificate in DER encoded "
 "ASN.1 is converted into a string according to RFC 4514. This means the most "
@@ -8731,172 +8654,172 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:91
+#: sss-certmap.5.xml:93
 msgid "Example: &lt;SUBJECT&gt;.*,DC=MY,DC=DOMAIN"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:96
+#: sss-certmap.5.xml:98
 msgid "&lt;ISSUER&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:99
+#: sss-certmap.5.xml:101
 msgid ""
 "With this a part or the whole issuer name of the certificate can be matched. "
 "All comments for &lt;SUBJECT&gt; apply her as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:104
+#: sss-certmap.5.xml:106
 msgid "Example: &lt;ISSUER&gt;^CN=My-CA,DC=MY,DC=DOMAIN$"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:109
+#: sss-certmap.5.xml:111
 msgid "&lt;KU&gt;key-usage"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:112
+#: sss-certmap.5.xml:114
 msgid ""
 "This option can be used to specify which key usage values the certificate "
 "should have. The following values can be used in a comma separated list:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:116
+#: sss-certmap.5.xml:118
 msgid "digitalSignature"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:117
+#: sss-certmap.5.xml:119
 msgid "nonRepudiation"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:118
+#: sss-certmap.5.xml:120
 msgid "keyEncipherment"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:119
+#: sss-certmap.5.xml:121
 msgid "dataEncipherment"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:120
+#: sss-certmap.5.xml:122
 msgid "keyAgreement"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:121
+#: sss-certmap.5.xml:123
 msgid "keyCertSign"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:122
+#: sss-certmap.5.xml:124
 msgid "cRLSign"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:123
+#: sss-certmap.5.xml:125
 msgid "encipherOnly"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:124
+#: sss-certmap.5.xml:126
 msgid "decipherOnly"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:128
+#: sss-certmap.5.xml:130
 msgid ""
 "A numerical value in the range of a 32bit unsigned integer can be used as "
 "well to cover special use cases."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:132
+#: sss-certmap.5.xml:134
 msgid "Example: &lt;KU&gt;digitalSignature,keyEncipherment"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:137
+#: sss-certmap.5.xml:139
 msgid "&lt;EKU&gt;extended-key-usage"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:140
+#: sss-certmap.5.xml:142
 msgid ""
 "This option can be used to specify which extended key usage the certificate "
 "should have. The following value can be used in a comma separated list:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:144
+#: sss-certmap.5.xml:146
 msgid "serverAuth"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:145
+#: sss-certmap.5.xml:147
 msgid "clientAuth"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:146
+#: sss-certmap.5.xml:148
 msgid "codeSigning"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:147
+#: sss-certmap.5.xml:149
 msgid "emailProtection"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:148
+#: sss-certmap.5.xml:150
 msgid "timeStamping"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:149
+#: sss-certmap.5.xml:151
 msgid "OCSPSigning"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:150
+#: sss-certmap.5.xml:152
 msgid "KPClientAuth"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:151
+#: sss-certmap.5.xml:153
 msgid "pkinit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:152
+#: sss-certmap.5.xml:154
 msgid "msScLogin"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:156
+#: sss-certmap.5.xml:158
 msgid ""
 "Extended key usages which are not listed above can be specified with their "
 "OID in dotted-decimal notation."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:160
+#: sss-certmap.5.xml:162
 msgid "Example: &lt;EKU&gt;clientAuth,1.3.6.1.5.2.3.4"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:165
+#: sss-certmap.5.xml:167
 msgid "&lt;SAN&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:168
+#: sss-certmap.5.xml:170
 msgid ""
 "To be compatible with the usage of MIT Kerberos this option will match the "
 "Kerberos principals in the PKINIT or AD NT Principal SAN as &lt;SAN:"
@@ -8904,62 +8827,62 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:173
+#: sss-certmap.5.xml:175
 msgid "Example: &lt;SAN&gt;.*@MY\\.REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:178
+#: sss-certmap.5.xml:180
 msgid "&lt;SAN:Principal&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:181
+#: sss-certmap.5.xml:183
 msgid "Match the Kerberos principals in the PKINIT or AD NT Principal SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:185
+#: sss-certmap.5.xml:187
 msgid "Example: &lt;SAN:Principal&gt;.*@MY\\.REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:190
+#: sss-certmap.5.xml:192
 msgid "&lt;SAN:ntPrincipalName&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:193
+#: sss-certmap.5.xml:195
 msgid "Match the Kerberos principals from the AD NT Principal SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:197
+#: sss-certmap.5.xml:199
 msgid "Example: &lt;SAN:ntPrincipalName&gt;.*@MY.AD.REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:202
+#: sss-certmap.5.xml:204
 msgid "&lt;SAN:pkinit&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:205
+#: sss-certmap.5.xml:207
 msgid "Match the Kerberos principals from the PKINIT SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:208
+#: sss-certmap.5.xml:210
 msgid "Example: &lt;SAN:ntPrincipalName&gt;.*@MY\\.PKINIT\\.REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:213
+#: sss-certmap.5.xml:215
 msgid "&lt;SAN:dotted-decimal-oid&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:216
+#: sss-certmap.5.xml:218
 msgid ""
 "Take the value of the otherName SAN component given by the OID in dotted-"
 "decimal notation, interpret it as string and try to match it against the "
@@ -8967,17 +8890,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:222
+#: sss-certmap.5.xml:224
 msgid "Example: &lt;SAN:1.2.3.4&gt;test"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:227
+#: sss-certmap.5.xml:229
 msgid "&lt;SAN:otherName&gt;base64-string"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:230
+#: sss-certmap.5.xml:232
 msgid ""
 "Do a binary match with the base64 encoded blob against all otherName SAN "
 "components. With this option it is possible to match against custom "
@@ -8986,145 +8909,145 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:237
+#: sss-certmap.5.xml:239
 msgid "Example: &lt;SAN:otherName&gt;MTIz"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:242
+#: sss-certmap.5.xml:244
 msgid "&lt;SAN:rfc822Name&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:245
+#: sss-certmap.5.xml:247
 msgid "Match the value of the rfc822Name SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:248
+#: sss-certmap.5.xml:250
 msgid "Example: &lt;SAN:rfc822Name&gt;.*@email\\.domain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:253
+#: sss-certmap.5.xml:255
 msgid "&lt;SAN:dNSName&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:256
+#: sss-certmap.5.xml:258
 msgid "Match the value of the dNSName SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:259
+#: sss-certmap.5.xml:261
 msgid "Example: &lt;SAN:dNSName&gt;.*\\.my\\.dns\\.domain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:264
+#: sss-certmap.5.xml:266
 msgid "&lt;SAN:x400Address&gt;base64-string"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:267
+#: sss-certmap.5.xml:269
 msgid "Binary match the value of the x400Address SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:270
+#: sss-certmap.5.xml:272
 msgid "Example: &lt;SAN:x400Address&gt;MTIz"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:275
+#: sss-certmap.5.xml:277
 msgid "&lt;SAN:directoryName&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:278
+#: sss-certmap.5.xml:280
 msgid ""
 "Match the value of the directoryName SAN. The same comments as given for &lt;"
 "ISSUER&gt; and &lt;SUBJECT&gt; apply here as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:283
+#: sss-certmap.5.xml:285
 msgid "Example: &lt;SAN:directoryName&gt;.*,DC=com"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:288
+#: sss-certmap.5.xml:290
 msgid "&lt;SAN:ediPartyName&gt;base64-string"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:291
+#: sss-certmap.5.xml:293
 msgid "Binary match the value of the ediPartyName SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:294
+#: sss-certmap.5.xml:296
 msgid "Example: &lt;SAN:ediPartyName&gt;MTIz"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:299
+#: sss-certmap.5.xml:301
 msgid "&lt;SAN:uniformResourceIdentifier&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:302
+#: sss-certmap.5.xml:304
 msgid "Match the value of the uniformResourceIdentifier SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:305
+#: sss-certmap.5.xml:307
 msgid "Example: &lt;SAN:uniformResourceIdentifier&gt;URN:.*"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:310
+#: sss-certmap.5.xml:312
 msgid "&lt;SAN:iPAddress&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:313
+#: sss-certmap.5.xml:315
 msgid "Match the value of the iPAddress SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:316
+#: sss-certmap.5.xml:318
 msgid "Example: &lt;SAN:iPAddress&gt;192\\.168\\..*"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:321
+#: sss-certmap.5.xml:323
 msgid "&lt;SAN:registeredID&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:324
+#: sss-certmap.5.xml:326
 msgid "Match the value of the registeredID SAN as dotted-decimal string."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:328
+#: sss-certmap.5.xml:330
 msgid "Example: &lt;SAN:registeredID&gt;1\\.2\\.3\\..*"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:66
+#: sss-certmap.5.xml:68
 msgid ""
 "The available options are: <placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sss-certmap.5.xml:336
+#: sss-certmap.5.xml:338
 msgid "MAPPING RULE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:338
+#: sss-certmap.5.xml:340
 msgid ""
 "The mapping rule is used to associate a certificate with one or more "
 "accounts. A Smartcard with the certificate and the matching private key can "
@@ -9132,7 +9055,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:343
+#: sss-certmap.5.xml:345
 msgid ""
 "Currently SSSD basically only supports LDAP to lookup user information (the "
 "exception is the proxy provider which is not of relevance here). Because of "
@@ -9144,7 +9067,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:353
+#: sss-certmap.5.xml:355
 msgid ""
 "In general it is recommended to use attributes from the certificate and add "
 "them to special attributes to the LDAP user object. E.g. the "
@@ -9153,7 +9076,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:359
+#: sss-certmap.5.xml:361
 msgid ""
 "This should be preferred to read user specific data from the certificate "
 "like e.g. an email address and search for it in the LDAP server. The reason "
@@ -9163,12 +9086,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:374
+#: sss-certmap.5.xml:376
 msgid "{issuer_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:377
+#: sss-certmap.5.xml:379
 msgid ""
 "This template will add the full issuer DN converted to a string according to "
 "RFC 4514. If X.500 ordering (most specific RDN comes last) an option with "
@@ -9176,40 +9099,40 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:383 sss-certmap.5.xml:409
+#: sss-certmap.5.xml:385 sss-certmap.5.xml:411
 msgid ""
 "The conversion options starting with 'ad_' will use attribute names as used "
 "by AD, e.g. 'S' instead of 'ST'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:387 sss-certmap.5.xml:413
+#: sss-certmap.5.xml:389 sss-certmap.5.xml:415
 msgid ""
 "The conversion options starting with 'nss_' will use attribute names as used "
 "by NSS."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:391 sss-certmap.5.xml:417
+#: sss-certmap.5.xml:393 sss-certmap.5.xml:419
 msgid ""
 "The default conversion option is 'nss', i.e. attribute names according to "
 "NSS and LDAP/RFC 4514 ordering."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:395
+#: sss-certmap.5.xml:397
 msgid ""
 "Example: (ipacertmapdata=X509:&lt;I&gt;{issuer_dn!ad}&lt;S&gt;{subject_dn!"
 "ad})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:400
+#: sss-certmap.5.xml:402
 msgid "{subject_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:403
+#: sss-certmap.5.xml:405
 msgid ""
 "This template will add the full subject DN converted to string according to "
 "RFC 4514. If X.500 ordering (most specific RDN comes last) an option with "
@@ -9217,19 +9140,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:421
+#: sss-certmap.5.xml:423
 msgid ""
 "Example: (ipacertmapdata=X509:&lt;I&gt;{issuer_dn!nss_x500}&lt;S&gt;"
 "{subject_dn!nss_x500})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:426
+#: sss-certmap.5.xml:428
 msgid "{cert[!(bin|base64)]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:429
+#: sss-certmap.5.xml:431
 msgid ""
 "This template will add the whole DER encoded certificate as a string to the "
 "search filter. Depending on the conversion option the binary certificate is "
@@ -9239,17 +9162,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:437
+#: sss-certmap.5.xml:439
 msgid "Example: (userCertificate;binary={cert!bin})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:442
+#: sss-certmap.5.xml:444
 msgid "{subject_principal[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:445
+#: sss-certmap.5.xml:447
 msgid ""
 "This template will add the Kerberos principal which is taken either from the "
 "SAN used by pkinit or the one used by AD. The 'short_name' component "
@@ -9257,19 +9180,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:451 sss-certmap.5.xml:479
+#: sss-certmap.5.xml:453 sss-certmap.5.xml:481
 msgid ""
 "Example: (|(userPrincipal={subject_principal})"
 "(samAccountName={subject_principal.short_name}))"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:456
+#: sss-certmap.5.xml:458
 msgid "{subject_pkinit_principal[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:459
+#: sss-certmap.5.xml:461
 msgid ""
 "This template will add the Kerberos principal which is given by the SAN used "
 "by pkinit. The 'short_name' component represents the first part of the "
@@ -9277,19 +9200,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:465
+#: sss-certmap.5.xml:467
 msgid ""
 "Example: (|(userPrincipal={subject_pkinit_principal})"
 "(uid={subject_pkinit_principal.short_name}))"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:470
+#: sss-certmap.5.xml:472
 msgid "{subject_nt_principal[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:473
+#: sss-certmap.5.xml:475
 msgid ""
 "This template will add the Kerberos principal which is given by the SAN used "
 "by AD. The 'short_name' component represent the first part of the principal "
@@ -9297,12 +9220,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:484
+#: sss-certmap.5.xml:486
 msgid "{subject_rfc822_name[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:487
+#: sss-certmap.5.xml:489
 msgid ""
 "This template will add the string which is stored in the rfc822Name "
 "component of the SAN, typically an email address. The 'short_name' component "
@@ -9310,19 +9233,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:493
+#: sss-certmap.5.xml:495
 msgid ""
 "Example: (|(mail={subject_rfc822_name})(uid={subject_rfc822_name."
 "short_name}))"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:498
+#: sss-certmap.5.xml:500
 msgid "{subject_dns_name[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:501
+#: sss-certmap.5.xml:503
 msgid ""
 "This template will add the string which is stored in the dNSName component "
 "of the SAN, typically a fully-qualified host name.  The 'short_name' "
@@ -9330,116 +9253,116 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:507
+#: sss-certmap.5.xml:509
 msgid ""
 "Example: (|(fqdn={subject_dns_name})(host={subject_dns_name.short_name}))"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:512
+#: sss-certmap.5.xml:514
 msgid "{subject_uri}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:515
+#: sss-certmap.5.xml:517
 msgid ""
 "This template will add the string which is stored in the "
 "uniformResourceIdentifier component of the SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:519
+#: sss-certmap.5.xml:521
 msgid "Example: (uri={subject_uri})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:524
+#: sss-certmap.5.xml:526
 msgid "{subject_ip_address}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:527
+#: sss-certmap.5.xml:529
 msgid ""
 "This template will add the string which is stored in the iPAddress component "
 "of the SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:531
+#: sss-certmap.5.xml:533
 msgid "Example: (ip={subject_ip_address})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:536
+#: sss-certmap.5.xml:538
 msgid "{subject_x400_address}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:539
+#: sss-certmap.5.xml:541
 msgid ""
 "This template will add the value which is stored in the x400Address "
 "component of the SAN as escaped hex sequence."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:544
+#: sss-certmap.5.xml:546
 msgid "Example: (attr:binary={subject_x400_address})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:549
+#: sss-certmap.5.xml:551
 msgid ""
 "{subject_directory_name[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:552
+#: sss-certmap.5.xml:554
 msgid ""
 "This template will add the DN string of the value which is stored in the "
 "directoryName component of the SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:556
+#: sss-certmap.5.xml:558
 msgid "Example: (orig_dn={subject_directory_name})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:561
+#: sss-certmap.5.xml:563
 msgid "{subject_ediparty_name}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:564
+#: sss-certmap.5.xml:566
 msgid ""
 "This template will add the value which is stored in the ediPartyName "
 "component of the SAN as escaped hex sequence."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:569
+#: sss-certmap.5.xml:571
 msgid "Example: (attr:binary={subject_ediparty_name})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:574
+#: sss-certmap.5.xml:576
 msgid "{subject_registered_id}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:577
+#: sss-certmap.5.xml:579
 msgid ""
 "This template will add the OID which is stored in the registeredID component "
 "of the SAN as a dotted-decimal string."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:582
+#: sss-certmap.5.xml:584
 msgid "Example: (oid={subject_registered_id})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:367
+#: sss-certmap.5.xml:369
 msgid ""
 "The templates to add certificate data to the search filter are based on "
 "Python-style formatting strings. They consist of a keyword in curly braces "
@@ -9449,12 +9372,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sss-certmap.5.xml:590
+#: sss-certmap.5.xml:592
 msgid "DOMAIN LIST"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:592
+#: sss-certmap.5.xml:594
 msgid ""
 "If the domain list is not empty users mapped to a given certificate are not "
 "only searched in the local domain but in the listed domains as well as long "
@@ -9590,21 +9513,14 @@ msgstr "ipa_hostname (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:119
-#, fuzzy
-#| msgid ""
-#| "Optional. May be set on machines where the hostname(5) does not reflect "
-#| "the fully qualified name used in the IPA domain to identify this host."
 msgid ""
 "Optional. May be set on machines where the hostname(5) does not reflect the "
 "fully qualified name used in the IPA domain to identify this host.  The "
 "hostname must be fully qualified."
 msgstr ""
-"optional, kann auf Maschinen, bei denen »hostname(5)« nicht den voll "
-"qualifizierten Namen in der IPA-Domain widerspiegelt, benutzt werden, um sie "
-"zu identifizieren."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:863
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:866
 msgid "dyndns_update (boolean)"
 msgstr "dyndns_update (Boolesch)"
 
@@ -9619,7 +9535,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:140 sssd-ad.5.xml:877
+#: sssd-ipa.5.xml:140 sssd-ad.5.xml:880
 msgid ""
 "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
 "the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -9641,12 +9557,12 @@ msgstr ""
 "Konfigurationsdatei migrieren."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:157 sssd-ad.5.xml:888
+#: sssd-ipa.5.xml:157 sssd-ad.5.xml:891
 msgid "dyndns_ttl (integer)"
 msgstr "dyndns_ttl (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:160 sssd-ad.5.xml:891
+#: sssd-ipa.5.xml:160 sssd-ad.5.xml:894
 msgid ""
 "The TTL to apply to the client DNS record when updating it.  If "
 "dyndns_update is false this has no effect. This will override the TTL "
@@ -9675,12 +9591,12 @@ msgid "Default: 1200 (seconds)"
 msgstr "Voreinstellung: 1200 (Sekunden)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:177 sssd-ad.5.xml:902
+#: sssd-ipa.5.xml:177 sssd-ad.5.xml:905
 msgid "dyndns_iface (string)"
 msgstr "dyndns_iface (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:180 sssd-ad.5.xml:905
+#: sssd-ipa.5.xml:180 sssd-ad.5.xml:908
 msgid ""
 "Optional. Applicable only when dyndns_update is true. Choose the interface "
 "or a list of interfaces whose IP addresses should be used for dynamic DNS "
@@ -9708,17 +9624,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:197 sssd-ad.5.xml:916
+#: sssd-ipa.5.xml:197 sssd-ad.5.xml:919
 msgid "Example: dyndns_iface = em1, vnet1, vnet2"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:203 sssd-ad.5.xml:967
+#: sssd-ipa.5.xml:203 sssd-ad.5.xml:970
 msgid "dyndns_auth (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:206 sssd-ad.5.xml:970
+#: sssd-ipa.5.xml:206 sssd-ad.5.xml:973
 msgid ""
 "Whether the nsupdate utility should use GSS-TSIG authentication for secure "
 "updates with the DNS server, insecure updates can be sent by setting this "
@@ -9726,7 +9642,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:212 sssd-ad.5.xml:976
+#: sssd-ipa.5.xml:212 sssd-ad.5.xml:979
 msgid "Default: GSS-TSIG"
 msgstr ""
 
@@ -9736,7 +9652,7 @@ msgid "ipa_enable_dns_sites (boolean)"
 msgstr "ipa_enable_dns_sites (Boolesch)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:221 sssd-ad.5.xml:210
+#: sssd-ipa.5.xml:221 sssd-ad.5.xml:213
 msgid "Enables DNS sites - location based service discovery."
 msgstr "aktiviert DNS-Sites – standortbasierte Dienstsuche"
 
@@ -9761,7 +9677,7 @@ msgstr ""
 "gefundenen als Sicherungsserver."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:244 sssd-ad.5.xml:922
+#: sssd-ipa.5.xml:244 sssd-ad.5.xml:925
 msgid "dyndns_refresh_interval (integer)"
 msgstr "dyndns_refresh_interval (Ganzzahl)"
 
@@ -9777,12 +9693,12 @@ msgstr ""
 "Diese Option ist optional und nur anwendbar, wenn »dyndns_update« »true« ist."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:940
+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:943
 msgid "dyndns_update_ptr (bool)"
 msgstr "dyndns_update_ptr (Boolesch)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:263 sssd-ad.5.xml:943
+#: sssd-ipa.5.xml:263 sssd-ad.5.xml:946
 msgid ""
 "Whether the PTR record should also be explicitly updated when updating the "
 "client's DNS records.  Applicable only when dyndns_update is true."
@@ -9807,12 +9723,12 @@ msgid "Default: False (disabled)"
 msgstr "Voreinstellung: False (deaktiviert)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:280 sssd-ad.5.xml:954
+#: sssd-ipa.5.xml:280 sssd-ad.5.xml:957
 msgid "dyndns_force_tcp (bool)"
 msgstr "dyndns_force_tcp (Boolesch)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:283 sssd-ad.5.xml:957
+#: sssd-ipa.5.xml:283 sssd-ad.5.xml:960
 msgid ""
 "Whether the nsupdate utility should default to using TCP for communicating "
 "with the DNS server."
@@ -9821,59 +9737,52 @@ msgstr ""
 "DNS-Server verwenden soll"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:287 sssd-ad.5.xml:961
+#: sssd-ipa.5.xml:287 sssd-ad.5.xml:964
 msgid "Default: False (let nsupdate choose the protocol)"
 msgstr "Voreinstellung: False (lässt Nsupdate das Protokoll auswählen)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:293 sssd-ad.5.xml:982
+#: sssd-ipa.5.xml:293 sssd-ad.5.xml:985
 msgid "dyndns_server (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:296 sssd-ad.5.xml:985
+#: sssd-ipa.5.xml:296 sssd-ad.5.xml:988
 msgid ""
 "The DNS server to use when performing a DNS update. In most setups, it's "
 "recommended to leave this option unset."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:301 sssd-ad.5.xml:990
+#: sssd-ipa.5.xml:301 sssd-ad.5.xml:993
 msgid ""
 "Setting this option makes sense for environments where the DNS server is "
 "different from the identity server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:306 sssd-ad.5.xml:995
+#: sssd-ipa.5.xml:306 sssd-ad.5.xml:998
 msgid ""
 "Please note that this option will be only used in fallback attempt when "
 "previous attempt using autodetected settings failed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1000
+#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1003
 msgid "Default: None (let nsupdate choose the server)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:317
-#, fuzzy
-#| msgid "ipa_host_search_base (string)"
 msgid "ipa_deskprofile_search_base (string)"
-msgstr "ipa_host_search_base (Zeichenkette)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:320
-#, fuzzy
-#| msgid ""
-#| "Optional. Use the given string as search base for HBAC related objects."
 msgid ""
 "Optional. Use the given string as search base for Desktop Profile related "
 "objects."
 msgstr ""
-"optional, verwendet die angegebene Zeichenkette als Suchgrundlage für HBAC-"
-"bezogene Objekte"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:324 sssd-ipa.5.xml:337
@@ -9983,86 +9892,64 @@ msgstr ""
 "zu verwenden."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:443 sssd-ad.5.xml:1009
+#: sssd-ipa.5.xml:443 sssd-ad.5.xml:1012
 msgid "krb5_confd_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:446 sssd-ad.5.xml:1012
+#: sssd-ipa.5.xml:446 sssd-ad.5.xml:1015
 msgid ""
 "Absolute path of a directory where SSSD should place Kerberos configuration "
 "snippets."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:450 sssd-ad.5.xml:1016
+#: sssd-ipa.5.xml:450 sssd-ad.5.xml:1019
 msgid ""
 "To disable the creation of the configuration snippets set the parameter to "
 "'none'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454 sssd-ad.5.xml:1020
+#: sssd-ipa.5.xml:454 sssd-ad.5.xml:1023
 msgid ""
 "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:461
-#, fuzzy
-#| msgid "ipa_hbac_refresh (integer)"
 msgid "ipa_deskprofile_refresh (integer)"
-msgstr "ipa_hbac_refresh (Ganzzahl)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:464
-#, fuzzy
-#| msgid ""
-#| "The amount of time between lookups of the HBAC rules against the IPA "
-#| "server. This will reduce the latency and load on the IPA server if there "
-#| "are many access-control requests made in a short period."
 msgid ""
 "The amount of time between lookups of the Desktop Profile rules against the "
 "IPA server. This will reduce the latency and load on the IPA server if there "
 "are many desktop profiles requests made in a short period."
 msgstr ""
-"die Zeit zwischen dem Abrufen der HBAC-Regeln beim IPA-Server. Dies wird die "
-"Wartezeit und Belastung des IPA-Servers verringern, falls dort viele "
-"Zugriffssteuerungsanfragen in einer kurzen Zeitspanne ankommen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471 sssd-ipa.5.xml:501 sssd-ipa.5.xml:517 sssd-ad.5.xml:428
+#: sssd-ipa.5.xml:471 sssd-ipa.5.xml:501 sssd-ipa.5.xml:517 sssd-ad.5.xml:431
 msgid "Default: 5 (seconds)"
 msgstr "Voreinstellung: 5 (Sekunden)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:477
-#, fuzzy
-#| msgid "ldap_sudo_full_refresh_interval (integer)"
 msgid "ipa_deskprofile_request_interval (integer)"
-msgstr "ldap_sudo_full_refresh_interval (Ganzzahl)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:480
-#, fuzzy
-#| msgid ""
-#| "The amount of time between lookups of the HBAC rules against the IPA "
-#| "server. This will reduce the latency and load on the IPA server if there "
-#| "are many access-control requests made in a short period."
 msgid ""
 "The amount of time between lookups of the Desktop Profile rules against the "
 "IPA server in case the last request did not return any rule."
 msgstr ""
-"die Zeit zwischen dem Abrufen der HBAC-Regeln beim IPA-Server. Dies wird die "
-"Wartezeit und Belastung des IPA-Servers verringern, falls dort viele "
-"Zugriffssteuerungsanfragen in einer kurzen Zeitspanne ankommen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:485
-#, fuzzy
-#| msgid "Default: 900 (15 minutes)"
 msgid "Default: 60 (minutes)"
-msgstr "Voreinstellung: 900 (15 Minuten)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:491
@@ -10482,16 +10369,6 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ad.5.xml:85
-#, fuzzy
-#| msgid ""
-#| "By default, the AD provider will map UID and GID values from the "
-#| "objectSID parameter in Active Directory. For details on this, see the "
-#| "<quote>ID MAPPING</quote> section below. If you want to disable ID "
-#| "mapping and instead rely on POSIX attributes defined in Active Directory, "
-#| "you should set <placeholder type=\"programlisting\" id=\"0\"/> In order "
-#| "to retrieve users and groups using POSIX attributes from trusted domains, "
-#| "the AD administrator must make sure that the POSIX attributes are "
-#| "replicated to the Global Catalog."
 msgid ""
 "By default, the AD provider will map UID and GID values from the objectSID "
 "parameter in Active Directory. For details on this, see the <quote>ID "
@@ -10505,20 +10382,13 @@ msgid ""
 "POSIX attributes are not replicated to the Global Catalog, SSSD must search "
 "all the domains in the forest sequentially. Please note that the "
 "<quote>cache_first</quote> option might be also helpful in speeding up "
-"domainless searches."
-msgstr ""
-"Standardmäßig bildet der Active-Directory-Anbieter die Werte für Benutzer- "
-"und Gruppen-ID des objectSID-Parameters in Active Directory ab. Details "
-"hierzu finden Sie im nachfolgenden Abschnitt <quote>ID-ABBILDUNG</quote>. "
-"Falls Sie die ID-Abbildung deaktivieren und stattdessen die in Active "
-"Directory definierten POSIX-Attribute verwenden wollen, sollten Sie "
-"<placeholder type=\"programlisting\" id=\"0\"/> setzen. Um Benutzer und "
-"Gruppen von vertrauenswürdigen Domains mittels POSIX-Attributen abfragen zu "
-"können, muss der AD-Administrator sicherstellen, dass die POSIX-Attribute im "
-"Globalen Katalog repliziert werden."
+"domainless searches.  Note that if only a subset of POSIX attributes is "
+"present in the Global Catalog, the non-replicated attributes are currently "
+"not read from the LDAP port."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:105
+#: sssd-ad.5.xml:108
 msgid ""
 "Users, groups and other entities served by SSSD are always treated as case-"
 "insensitive in the AD provider for compatibility with Active Directory's "
@@ -10529,12 +10399,12 @@ msgstr ""
 "Implementation in Active Directory zu gewährleisten."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:120
+#: sssd-ad.5.xml:123
 msgid "ad_domain (string)"
 msgstr "ad_domain (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:123
+#: sssd-ad.5.xml:126
 msgid ""
 "Specifies the name of the Active Directory domain.  This is optional. If not "
 "provided, the configuration domain name is used."
@@ -10543,7 +10413,7 @@ msgstr ""
 "nicht angegeben, wird der Name der konfigurierten Domain benutzt."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:128
+#: sssd-ad.5.xml:131
 msgid ""
 "For proper operation, this option should be specified as the lower-case "
 "version of the long version of the Active Directory domain."
@@ -10553,7 +10423,7 @@ msgstr ""
 "angegeben werden."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:133
+#: sssd-ad.5.xml:136
 msgid ""
 "The short domain name (also known as the NetBIOS or the flat name) is "
 "autodetected by the SSSD."
@@ -10562,12 +10432,12 @@ msgstr ""
 "SSSD automatisch ermittelt."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:140
+#: sssd-ad.5.xml:143
 msgid "ad_enabled_domains (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:143
+#: sssd-ad.5.xml:146
 msgid ""
 "A comma-separated list of enabled Active Directory domains.  If provided, "
 "SSSD will ignore any domains not listed in this option. If left unset, all "
@@ -10575,7 +10445,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:153
+#: sssd-ad.5.xml:156
 #, no-wrap
 msgid ""
 "ad_enabled_domains = sales.example.com, eng.example.com\n"
@@ -10583,7 +10453,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:149
+#: sssd-ad.5.xml:152
 msgid ""
 "For proper operation, this option must be specified in all lower-case and as "
 "the fully qualified domain name of the Active Directory domain. For example: "
@@ -10591,19 +10461,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:157
+#: sssd-ad.5.xml:160
 msgid ""
 "The short domain name (also known as the NetBIOS or the flat name) will be "
 "autodetected by SSSD."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:167
+#: sssd-ad.5.xml:170
 msgid "ad_server, ad_backup_server (string)"
 msgstr "ad_server, ad_backup_server (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:170
+#: sssd-ad.5.xml:173
 msgid ""
 "The comma-separated list of hostnames of the AD servers to which SSSD should "
 "connect in order of preference. For more information on failover and server "
@@ -10611,26 +10481,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:177
+#: sssd-ad.5.xml:180
 msgid ""
 "This is optional if autodiscovery is enabled.  For more information on "
 "service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:182
+#: sssd-ad.5.xml:185
 msgid ""
 "Note: Trusted domains will always auto-discover servers even if the primary "
 "server is explicitly defined in the ad_server option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:190
+#: sssd-ad.5.xml:193
 msgid "ad_hostname (string)"
 msgstr "ad_hostname (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:193
+#: sssd-ad.5.xml:196
 msgid ""
 "Optional. May be set on machines where the hostname(5) does not reflect the "
 "fully qualified name used in the Active Directory domain to identify this "
@@ -10641,7 +10511,7 @@ msgstr ""
 "werden, um sie zu identifizieren."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:199
+#: sssd-ad.5.xml:202
 msgid ""
 "This field is used to determine the host principal in use in the keytab. It "
 "must match the hostname for which the keytab was issued."
@@ -10651,12 +10521,12 @@ msgstr ""
 "ausgegeben wurde."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:207
+#: sssd-ad.5.xml:210
 msgid "ad_enable_dns_sites (boolean)"
 msgstr "ad_enable_dns_sites (Boolesch)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:214
+#: sssd-ad.5.xml:217
 msgid ""
 "If true and service discovery (see Service Discovery paragraph at the bottom "
 "of the man page)  is enabled, the SSSD will first attempt to discover the "
@@ -10674,12 +10544,12 @@ msgstr ""
 "Aufdeckung verwendet."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:230
+#: sssd-ad.5.xml:233
 msgid "ad_access_filter (string)"
 msgstr "ad_access_filter (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:233
+#: sssd-ad.5.xml:236
 msgid ""
 "This option specifies LDAP access control filter that the user must match in "
 "order to be allowed access. Please note that the <quote>access_provider</"
@@ -10692,7 +10562,7 @@ msgstr ""
 "quote> gesetzt werden muss, damit sie wirksam ist."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:241
+#: sssd-ad.5.xml:244
 msgid ""
 "The option also supports specifying different filters per domain or forest. "
 "This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>.  "
@@ -10705,7 +10575,7 @@ msgstr ""
 "<quote>FOREST</quote> sein oder auch weggelassen werden."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:249
+#: sssd-ad.5.xml:252
 msgid ""
 "If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</"
 "quote> specifies the domain or subdomain the filter applies to.  If the "
@@ -10719,7 +10589,7 @@ msgstr ""
 "<quote>NAME</quote> angegeben ist."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:257
+#: sssd-ad.5.xml:260
 msgid ""
 "Multiple filters can be separated with the <quote>?</quote> character, "
 "similarly to how search bases work."
@@ -10728,7 +10598,7 @@ msgstr ""
 "so wie es auch in Suchmaschinen üblich ist."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:262
+#: sssd-ad.5.xml:265
 msgid ""
 "Nested group membership must be searched for using a special OID "
 "<quote>:1.2.840.113556.1.4.1941:</quote> in addition to the full DOM:domain."
@@ -10741,7 +10611,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:275
+#: sssd-ad.5.xml:278
 msgid ""
 "The most specific match is always used. For example, if the option specified "
 "filter for a domain the user is a member of and a global filter, the per-"
@@ -10755,7 +10625,7 @@ msgstr ""
 "der erste verwendet."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ad.5.xml:286
+#: sssd-ad.5.xml:289
 #, no-wrap
 msgid ""
 "# apply filter on domain called dom1 only:\n"
@@ -10773,24 +10643,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:305
+#: sssd-ad.5.xml:308
 msgid "ad_site (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:308
+#: sssd-ad.5.xml:311
 msgid ""
 "Specify AD site to which client should try to connect.  If this option is "
 "not provided, the AD site will be auto-discovered."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:319
+#: sssd-ad.5.xml:322
 msgid "ad_enable_gc (boolean)"
 msgstr "ad_enable_gc (Boolesch)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:322
+#: sssd-ad.5.xml:325
 msgid ""
 "By default, the SSSD connects to the Global Catalog first to retrieve users "
 "from trusted domains and uses the LDAP port to retrieve group memberships or "
@@ -10804,7 +10674,7 @@ msgstr ""
 "dem LDAP-Port des aktuellen Servers."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:330
+#: sssd-ad.5.xml:333
 msgid ""
 "Please note that disabling Global Catalog support does not disable "
 "retrieving users from trusted domains. The SSSD would connect to the LDAP "
@@ -10819,12 +10689,12 @@ msgstr ""
 "können."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:344
+#: sssd-ad.5.xml:347
 msgid "ad_gpo_access_control (string)"
 msgstr "ad_gpo_access_control (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:347
+#: sssd-ad.5.xml:350
 msgid ""
 "This option specifies the operation mode for GPO-based access control "
 "functionality: whether it operates in disabled mode, enforcing mode, or "
@@ -10838,7 +10708,7 @@ msgstr ""
 "auf <quote>ad</quote> gesetzt werden muss, damit sie wirksam ist."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:356
+#: sssd-ad.5.xml:359
 msgid ""
 "GPO-based access control functionality uses GPO policy settings to determine "
 "whether or not a particular user is allowed to logon to a particular host."
@@ -10848,7 +10718,7 @@ msgstr ""
 "anmelden darf."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:362
+#: sssd-ad.5.xml:365
 msgid ""
 "NOTE: The current version of SSSD does not support host (computer) entries "
 "in the GPO 'Security Filtering' list. Only user and group entries are "
@@ -10856,7 +10726,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:369
+#: sssd-ad.5.xml:372
 msgid ""
 "NOTE: If the operation mode is set to enforcing, it is possible that users "
 "that were previously allowed logon access will now be denied logon access "
@@ -10879,12 +10749,12 @@ msgstr ""
 "»enforcing« gesetzt wird."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:382
+#: sssd-ad.5.xml:385
 msgid "There are three supported values for this option:"
 msgstr "Für diese Option werden drei Werte unterstützt:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:386
+#: sssd-ad.5.xml:389
 msgid ""
 "disabled: GPO-based access control rules are neither evaluated nor enforced."
 msgstr ""
@@ -10892,14 +10762,14 @@ msgstr ""
 "deren Anwendung erzwungen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:392
+#: sssd-ad.5.xml:395
 msgid "enforcing: GPO-based access control rules are evaluated and enforced."
 msgstr ""
 "enforcing: GPO-basierte Zugriffskontrollregeln werden sowohl ausgewertet als "
 "auch deren Anwendung erzwungen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:398
+#: sssd-ad.5.xml:401
 msgid ""
 "permissive: GPO-based access control rules are evaluated, but not enforced.  "
 "Instead, a syslog message will be emitted indicating that the user would "
@@ -10911,22 +10781,22 @@ msgstr ""
 "verweigert werden würde, wenn die Option auf »enforcing« gesetzt wäre."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:409
+#: sssd-ad.5.xml:412
 msgid "Default: permissive"
 msgstr "Voreinstellung: permissive"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:412
+#: sssd-ad.5.xml:415
 msgid "Default: enforcing"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:418
+#: sssd-ad.5.xml:421
 msgid "ad_gpo_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:421
+#: sssd-ad.5.xml:424
 msgid ""
 "The amount of time between lookups of GPO policy files against the AD "
 "server. This will reduce the latency and load on the AD server if there are "
@@ -10934,12 +10804,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:434
+#: sssd-ad.5.xml:437
 msgid "ad_gpo_map_interactive (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:437
+#: sssd-ad.5.xml:440
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the InteractiveLogonRight and "
@@ -10947,14 +10817,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:443
+#: sssd-ad.5.xml:446
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Allow "
 "log on locally\" and \"Deny log on locally\"."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:457
+#: sssd-ad.5.xml:460
 #, no-wrap
 msgid ""
 "ad_gpo_map_interactive = +my_pam_service, -login\n"
@@ -10962,7 +10832,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:448
+#: sssd-ad.5.xml:451
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -10974,78 +10844,78 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:461 sssd-ad.5.xml:557 sssd-ad.5.xml:603 sssd-ad.5.xml:648
-#: sssd-ad.5.xml:714
+#: sssd-ad.5.xml:464 sssd-ad.5.xml:560 sssd-ad.5.xml:606 sssd-ad.5.xml:651
+#: sssd-ad.5.xml:717
 msgid "Default: the default set of PAM service names includes:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:465
+#: sssd-ad.5.xml:468
 msgid "login"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:470
+#: sssd-ad.5.xml:473
 msgid "su"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:475
+#: sssd-ad.5.xml:478
 msgid "su-l"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:480
+#: sssd-ad.5.xml:483
 msgid "gdm-fingerprint"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:485
+#: sssd-ad.5.xml:488
 msgid "gdm-password"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:490
+#: sssd-ad.5.xml:493
 msgid "gdm-smartcard"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:495
+#: sssd-ad.5.xml:498
 msgid "kdm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:500
+#: sssd-ad.5.xml:503
 msgid "lightdm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:505
+#: sssd-ad.5.xml:508
 msgid "lxdm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:510
+#: sssd-ad.5.xml:513
 msgid "sddm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:515
+#: sssd-ad.5.xml:518
 msgid "unity"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:520
+#: sssd-ad.5.xml:523
 msgid "xdm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:529
+#: sssd-ad.5.xml:532
 msgid "ad_gpo_map_remote_interactive (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:532
+#: sssd-ad.5.xml:535
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the RemoteInteractiveLogonRight and "
@@ -11053,7 +10923,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:538
+#: sssd-ad.5.xml:541
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Allow "
 "log on through Remote Desktop Services\" and \"Deny log on through Remote "
@@ -11061,7 +10931,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:553
+#: sssd-ad.5.xml:556
 #, no-wrap
 msgid ""
 "ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n"
@@ -11069,7 +10939,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:544
+#: sssd-ad.5.xml:547
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -11081,22 +10951,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:561
+#: sssd-ad.5.xml:564
 msgid "sshd"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:566
+#: sssd-ad.5.xml:569
 msgid "cockpit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:575
+#: sssd-ad.5.xml:578
 msgid "ad_gpo_map_network (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:578
+#: sssd-ad.5.xml:581
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the NetworkLogonRight and "
@@ -11104,7 +10974,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:584
+#: sssd-ad.5.xml:587
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Access "
 "this computer from the network\" and \"Deny access to this computer from the "
@@ -11112,7 +10982,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:599
+#: sssd-ad.5.xml:602
 #, no-wrap
 msgid ""
 "ad_gpo_map_network = +my_pam_service, -ftp\n"
@@ -11120,7 +10990,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:590
+#: sssd-ad.5.xml:593
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -11132,22 +11002,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:607
+#: sssd-ad.5.xml:610
 msgid "ftp"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:612
+#: sssd-ad.5.xml:615
 msgid "samba"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:621
+#: sssd-ad.5.xml:624
 msgid "ad_gpo_map_batch (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:624
+#: sssd-ad.5.xml:627
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the BatchLogonRight and DenyBatchLogonRight "
@@ -11155,14 +11025,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:630
+#: sssd-ad.5.xml:633
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Allow "
 "log on as a batch job\" and \"Deny log on as a batch job\"."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:644
+#: sssd-ad.5.xml:647
 #, no-wrap
 msgid ""
 "ad_gpo_map_batch = +my_pam_service, -crond\n"
@@ -11170,7 +11040,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:635
+#: sssd-ad.5.xml:638
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -11182,17 +11052,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:652
+#: sssd-ad.5.xml:655
 msgid "crond"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:661
+#: sssd-ad.5.xml:664
 msgid "ad_gpo_map_service (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:664
+#: sssd-ad.5.xml:667
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the ServiceLogonRight and "
@@ -11200,14 +11070,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:670
+#: sssd-ad.5.xml:673
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Allow "
 "log on as a service\" and \"Deny log on as a service\"."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:683
+#: sssd-ad.5.xml:686
 #, no-wrap
 msgid ""
 "ad_gpo_map_service = +my_pam_service\n"
@@ -11215,7 +11085,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:675 sssd-ad.5.xml:750
+#: sssd-ad.5.xml:678 sssd-ad.5.xml:753
 msgid ""
 "It is possible to add a PAM service name to the default set by using <quote>"
 "+service_name</quote>.  Since the default set is empty, it is not possible "
@@ -11226,19 +11096,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:693
+#: sssd-ad.5.xml:696
 msgid "ad_gpo_map_permit (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:696
+#: sssd-ad.5.xml:699
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access is "
 "always granted, regardless of any GPO Logon Rights."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:710
+#: sssd-ad.5.xml:713
 #, no-wrap
 msgid ""
 "ad_gpo_map_permit = +my_pam_service, -sudo\n"
@@ -11246,7 +11116,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:701
+#: sssd-ad.5.xml:704
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -11258,39 +11128,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:718
+#: sssd-ad.5.xml:721
 msgid "polkit-1"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:723
+#: sssd-ad.5.xml:726
 msgid "sudo"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:728
+#: sssd-ad.5.xml:731
 msgid "sudo-i"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:733
+#: sssd-ad.5.xml:736
 msgid "systemd-user"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:742
+#: sssd-ad.5.xml:745
 msgid "ad_gpo_map_deny (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:745
+#: sssd-ad.5.xml:748
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access is "
 "always denied, regardless of any GPO Logon Rights."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:758
+#: sssd-ad.5.xml:761
 #, no-wrap
 msgid ""
 "ad_gpo_map_deny = +my_pam_service\n"
@@ -11298,12 +11168,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:768
+#: sssd-ad.5.xml:771
 msgid "ad_gpo_default_right (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:771
+#: sssd-ad.5.xml:774
 msgid ""
 "This option defines how access control is evaluated for PAM service names "
 "that are not explicitly listed in one of the ad_gpo_map_* options. This "
@@ -11316,57 +11186,57 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:784
+#: sssd-ad.5.xml:787
 msgid "Supported values for this option include:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:788
+#: sssd-ad.5.xml:791
 msgid "interactive"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:793
+#: sssd-ad.5.xml:796
 msgid "remote_interactive"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:798
+#: sssd-ad.5.xml:801
 msgid "network"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:803
+#: sssd-ad.5.xml:806
 msgid "batch"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:808
+#: sssd-ad.5.xml:811
 msgid "service"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:813
+#: sssd-ad.5.xml:816
 msgid "permit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:818
+#: sssd-ad.5.xml:821
 msgid "deny"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:824
+#: sssd-ad.5.xml:827
 msgid "Default: deny"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:830
+#: sssd-ad.5.xml:833
 msgid "ad_maximum_machine_account_password_age (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:833
+#: sssd-ad.5.xml:836
 msgid ""
 "SSSD will check once a day if the machine account password is older than the "
 "given age in days and try to renew it. A value of 0 will disable the renewal "
@@ -11374,17 +11244,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:839
+#: sssd-ad.5.xml:842
 msgid "Default: 30 days"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:845
+#: sssd-ad.5.xml:848
 msgid "ad_machine_account_password_renewal_opts (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:848
+#: sssd-ad.5.xml:851
 msgid ""
 "This option should only be used to test the machine account renewal task. "
 "The option expects 2 integers separated by a colon (':'). The first integer "
@@ -11394,12 +11264,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:857
+#: sssd-ad.5.xml:860
 msgid "Default: 86400:750 (24h and 15m)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:866
+#: sssd-ad.5.xml:869
 msgid ""
 "Optional. This option tells SSSD to automatically update the Active "
 "Directory DNS server with the IP address of this client. The update is "
@@ -11417,19 +11287,19 @@ msgstr ""
 "»dyndns_iface« angegeben wurde."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:896
+#: sssd-ad.5.xml:899
 msgid "Default: 3600 (seconds)"
 msgstr "Voreinstellung: 3600 (Sekunden)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:912
+#: sssd-ad.5.xml:915
 msgid ""
 "Default: Use the IP addresses of the interface which is used for AD LDAP "
 "connection"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:925
+#: sssd-ad.5.xml:928
 msgid ""
 "How often should the back end perform periodic DNS update in addition to the "
 "automatic update performed when the back end goes online.  This option is "
@@ -11439,12 +11309,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:948 sss_rpcidmapd.5.xml:76
+#: sssd-ad.5.xml:951 sss_rpcidmapd.5.xml:76
 msgid "Default: True"
 msgstr "Voreinstellung: True"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:1040
+#: sssd-ad.5.xml:1043
 msgid ""
 "The following example assumes that SSSD is correctly configured and example."
 "com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -11456,7 +11326,7 @@ msgstr ""
 "Optionen von AD."
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:1047
+#: sssd-ad.5.xml:1050
 #, no-wrap
 msgid ""
 "[domain/EXAMPLE]\n"
@@ -11480,7 +11350,7 @@ msgstr ""
 "ad_domain = example.com\n"
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:1067
+#: sssd-ad.5.xml:1070
 #, no-wrap
 msgid ""
 "access_provider = ldap\n"
@@ -11492,7 +11362,7 @@ msgstr ""
 "ldap_account_expire_policy = ad\n"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:1063
+#: sssd-ad.5.xml:1066
 msgid ""
 "The AD access control provider checks if the account is expired.  It has the "
 "same effect as the following configuration of the LDAP provider: "
@@ -11503,7 +11373,7 @@ msgstr ""
 "<placeholder type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:1073
+#: sssd-ad.5.xml:1076
 msgid ""
 "However, unless the <quote>ad</quote> access control provider is explicitly "
 "configured, the default access provider is <quote>permit</quote>. Please "
@@ -11513,15 +11383,15 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:1081
+#: sssd-ad.5.xml:1084
 msgid ""
 "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
 "attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
 "are included in the default Active Directory schema."
 msgstr ""
 
-#. type: Content of: <reference><refentry><refmeta><refentrytitle>
-#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 sssd-session-recording.5.xml:10
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16
 msgid "sssd-sudo"
 msgstr "sssd-sudo"
 
@@ -11930,10 +11800,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sssd.8.xml:101
-#, fuzzy
-#| msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>"
 msgid "<option>--logger=</option><replaceable>value</replaceable>"
-msgstr "<option>--debug-timestamps=</option><replaceable>Modus</replaceable>"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd.8.xml:105
@@ -11945,41 +11813,24 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd.8.xml:112
-#, fuzzy
-#| msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages"
 msgid ""
 "<emphasis>stderr</emphasis>: Redirect debug messages to standard error "
 "output."
 msgstr ""
-"<emphasis>1</emphasis>: Den Debug-Nachrichten wird ein Zeitstempel "
-"hinzugefügt."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd.8.xml:116
-#, fuzzy
-#| msgid ""
-#| "Send the debug output to files instead of stderr. By default, the log "
-#| "files are stored in <filename>/var/log/sssd</filename> and there are "
-#| "separate log files for every SSSD service and domain."
 msgid ""
 "<emphasis>files</emphasis>: Redirect debug messages to the log files. By "
 "default, the log files are stored in <filename>/var/log/sssd</filename> and "
 "there are separate log files for every SSSD service and domain."
 msgstr ""
-"sendet die Ausgabe der Fehlersuche in Dateien statt auf die "
-"Standardfehlerausgabe. Standardmäßig werden die Protokolldateien in "
-"<filename>/var/log/sssd</filename> gespeichert. Dort gibt es separate "
-"Protokolldateien für jeden SSSD-Dienst und jede Domain."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd.8.xml:122
-#, fuzzy
-#| msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages"
 msgid ""
 "<emphasis>journald</emphasis>: Redirect debug messages to systemd-journald"
 msgstr ""
-"<emphasis>1</emphasis>: Den Debug-Nachrichten wird ein Zeitstempel "
-"hinzugefügt."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sssd.8.xml:132
@@ -12182,7 +12033,7 @@ msgstr ""
 "gelesen."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:70
+#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:127
 #: sss_ssh_knownhostsproxy.1.xml:78
 msgid ""
 "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
@@ -13975,10 +13826,8 @@ msgstr "sss_debuglevel"
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sss_debuglevel.8.xml:16
-#, fuzzy
-#| msgid "change debug level while SSSD is running"
 msgid "[DEPRECATED] change debug level while SSSD is running"
-msgstr "ändert die Debug-Stufe, während SSSD ausgeführt wird."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
 #: sss_debuglevel.8.xml:21
@@ -14550,8 +14399,98 @@ msgid ""
 "\" id=\"0\"/>"
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sss_ssh_authorizedkeys.1.xml:65
+msgid "KEYS FROM CERTIFICATES"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:67
+msgid ""
+"In addition to the public SSH keys for user <replaceable>USER</replaceable> "
+"<command>sss_ssh_authorizedkeys</command> can return public SSH keys derived "
+"from the public key of a X.509 certificate as well."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:73
+msgid ""
+"To enable this the <quote>ssh_use_certificate_keys</quote> option must be "
+"set to true (default) in the [ssh] section of <filename>sssd.conf</"
+"filename>. If the user entry contains certificates (see "
+"<quote>ldap_user_certificate</quote> in <citerefentry><refentrytitle>sssd-"
+"ldap</refentrytitle> <manvolnum>5</manvolnum></citerefentry> for details) or "
+"there is a certificate in an override entry for the user (see "
+"<citerefentry><refentrytitle>sss_override</refentrytitle> <manvolnum>8</"
+"manvolnum></citerefentry> or <citerefentry><refentrytitle>sssd-ipa</"
+"refentrytitle> <manvolnum>5</manvolnum></citerefentry> for details) and the "
+"certificate is valid SSSD will extract the public key from the certificate "
+"and convert it into the format expected by sshd."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:90
+msgid "Besides <quote>ssh_use_certificate_keys</quote> the options"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+#: sss_ssh_authorizedkeys.1.xml:92
+msgid "ca_db"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+#: sss_ssh_authorizedkeys.1.xml:93
+#, fuzzy
+#| msgid "client_idle_timeout"
+msgid "p11_child_timeout"
+msgstr "client_idle_timeout"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+#: sss_ssh_authorizedkeys.1.xml:94
+msgid "certificate_verification"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:96
+#, fuzzy
+#| msgid ""
+#| "Please refer to the <quote>dns_discovery_domain</quote> parameter in the "
+#| "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+#| "manvolnum> </citerefentry> manual page for more details."
+msgid ""
+"can be used to control how the certificates are validated (see "
+"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry> for details)."
+msgstr ""
+"Weitere Einzelheiten finden Sie in der Handbuchseite <citerefentry> "
+"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> beim Parameter »dns_discovery_domain«."
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:101
+msgid ""
+"The validation is the benefit of using X.509 certificates instead of SSH "
+"keys directly because e.g. it gives a better control of the lifetime of the "
+"keys. When the ssh client is configured to use the private keys from a "
+"Smartcard with the help of a PKCS#11 shared library (see "
+"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></"
+"citerefentry> for details) it might be irritating that authentication is "
+"still working even if the related X.509 certificate on the Smartcard is "
+"already expired because neither <command>ssh</command> nor <command>sshd</"
+"command> will look at the certificate at all."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:114
+msgid ""
+"It has to be noted that the derived public SSH key can still be added to the "
+"<filename>authorized_keys</filename> file of the user to bypass the "
+"certificate validation if the <command>sshd</command> configuration permits "
+"this."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_authorizedkeys.1.xml:75
+#: sss_ssh_authorizedkeys.1.xml:132
 msgid ""
 "Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
 msgstr ""
@@ -14559,12 +14498,12 @@ msgstr ""
 "<replaceable>DOMAIN</replaceable>."
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_authorizedkeys.1.xml:84 sss_ssh_knownhostsproxy.1.xml:92
+#: sss_ssh_authorizedkeys.1.xml:141 sss_ssh_knownhostsproxy.1.xml:92
 msgid "EXIT STATUS"
 msgstr "EXIT-STATUS"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:86 sss_ssh_knownhostsproxy.1.xml:94
+#: sss_ssh_authorizedkeys.1.xml:143 sss_ssh_knownhostsproxy.1.xml:94
 msgid ""
 "In case of success, an exit value of 0 is returned. Otherwise, 1 is returned."
 msgstr ""
@@ -14786,25 +14725,79 @@ msgid ""
 "manvolnum> </citerefentry>."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-files.5.xml:69
+#, fuzzy
+#| msgid "ldap_access_filter (string)"
+msgid "passwd_files (string)"
+msgstr "ldap_access_filter (Zeichenkette)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:72
+msgid ""
+"Comma-separated list of one or multiple password filenames to be read and "
+"enumerated by the files provider, inotify monitor watches will be set on "
+"each file to detect changes dynamically."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:78
+#, fuzzy
+#| msgid "Default: password"
+msgid "Default: /etc/passwd"
+msgstr "Voreinstellung: password"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-files.5.xml:84
+#, fuzzy
+#| msgid "ldap_netgroup_triple (string)"
+msgid "group_files (string)"
+msgstr "ldap_netgroup_triple (Zeichenkette)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:87
+msgid ""
+"Comma-separated list of one or multiple group filenames to be read and "
+"enumerated by the files provider, inotify monitor watches will be set on "
+"each file to detect changes dynamically."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:93
+#, fuzzy
+#| msgid "Default: nisNetgroup"
+msgid "Default: /etc/group"
+msgstr "Voreinstellung: nisNetgroup"
+
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-files.5.xml:59
+#, fuzzy
+#| msgid ""
+#| "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
+#| "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
+#| "citerefentry> manual page for details on the configuration of an SSSD "
+#| "domain.  <placeholder type=\"variablelist\" id=\"0\"/>"
 msgid ""
-"The files provider has no specific options of its own, however, generic SSSD "
-"domain options can be set where applicable.  Refer to the section "
-"<quote>DOMAIN SECTIONS</quote> of the <citerefentry> <refentrytitle>sssd."
-"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page "
-"for details on the configuration of an SSSD domain."
+"In addition to the options listed below, generic SSSD domain options can be "
+"set where applicable.  Refer to the section <quote>DOMAIN SECTIONS</quote> "
+"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> manual page for details on the configuration of "
+"an SSSD domain.  <placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
+"Einzelheiten über die Konfiguration einer SSSD-Domain finden Sie im "
+"Abschnitt »DOMAIN-ABSCHNITTE« der Handbuchseite <citerefentry> "
+"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry>. <placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-files.5.xml:73
+#: sssd-files.5.xml:105
 msgid ""
 "The following example assumes that SSSD is correctly configured and files is "
 "one of the domains in the <replaceable>[sssd]</replaceable> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-files.5.xml:79
+#: sssd-files.5.xml:111
 #, no-wrap
 msgid ""
 "[domain/files]\n"
@@ -14880,18 +14873,10 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-secrets.5.xml:75
-#, fuzzy
-#| msgid ""
-#| "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
-#| "<manvolnum>8</manvolnum> </citerefentry> to specify the default "
-#| "permissions on a newly created home directory."
 msgid ""
 "used by the <citerefentry> <refentrytitle>sssd-kcm</refentrytitle> "
 "<manvolnum>8</manvolnum> </citerefentry> service."
 msgstr ""
-"wird von <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
-"<manvolnum>8</manvolnum> </citerefentry> benutzt, um die "
-"Standardzugriffsrechte für ein neu erstelltes Home-Verzeichnis anzugeben."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-secrets.5.xml:61
@@ -15051,10 +15036,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sssd-secrets.5.xml:216
-#, fuzzy
-#| msgid "pam_id_timeout (integer)"
 msgid "max_uid_secrets (integer)"
-msgstr "pam_id_timeout (Ganzzahl)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd-secrets.5.xml:219
@@ -15583,27 +15566,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-session-recording.5.xml:16
+#: sssd-session-recording.5.xml:10 sssd-session-recording.5.xml:16
 msgid "sssd-session-recording"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sssd-session-recording.5.xml:17
-#, fuzzy
-#| msgid "Configuring sudo to cooperate with SSSD"
 msgid "Configuring session recording with SSSD"
-msgstr "Sudo so konfigurieren, dass es mit SSSD zusammenarbeitet"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-session-recording.5.xml:23
-#, fuzzy
-#| msgid ""
-#| "This manual page describes the configuration of the simple access-control "
-#| "provider for <citerefentry> <refentrytitle>sssd</refentrytitle> "
-#| "<manvolnum>8</manvolnum> </citerefentry>.  For a detailed syntax "
-#| "reference, refer to the <quote>FILE FORMAT</quote> section of the "
-#| "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-#| "manvolnum> </citerefentry> manual page."
 msgid ""
 "This manual page describes how to configure <citerefentry> "
 "<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> "
@@ -15614,12 +15587,6 @@ msgid ""
 "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
 "<manvolnum>5</manvolnum> </citerefentry> manual page."
 msgstr ""
-"Diese Handbuchseite beschreibt die Konfiguration des einfachen "
-"Zugriffssteuerungsanbieters für <citerefentry> <refentrytitle>sssd</"
-"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. Eine ausführliche "
-"Syntax-Referenz finden Sie im Abschnitt »DATEIFORMAT« der Handbuchseite "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-session-recording.5.xml:41
@@ -15643,11 +15610,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-session-recording.5.xml:60
-#, fuzzy
-#| msgid "These options can be used to configure the PAC responder."
 msgid "These options can be used to configure the session recording."
 msgstr ""
-"Diese Optionen können zur Konfiguration des PAC-Responders verwendet werden."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-session-recording.5.xml:146
@@ -15871,10 +15835,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sssd-systemtap.5.xml:10 sssd-systemtap.5.xml:16
-#, fuzzy
-#| msgid "sssd-simple"
 msgid "sssd-systemtap"
-msgstr "sssd-simple"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sssd-systemtap.5.xml:17
@@ -15883,19 +15845,11 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-systemtap.5.xml:23
-#, fuzzy
-#| msgid ""
-#| "The detailed instructions for configuration of sudo_provider are in the "
-#| "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
-#| "<manvolnum>5</manvolnum> </citerefentry>."
 msgid ""
 "This manual page provides information about the systemtap functionality in "
 "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
 "</citerefentry>."
 msgstr ""
-"Detaillierte Anweisungen zur Konfiguration von sudo_provider finden Sie in "
-"der Handbuchseite zu <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-systemtap.5.xml:32
@@ -15931,10 +15885,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sssd-systemtap.5.xml:64
-#, fuzzy
-#| msgid "realm name"
 msgid "probe $name"
-msgstr "Realm-Name"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd-systemtap.5.xml:67
@@ -16130,16 +16082,11 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
 #: sssd-systemtap.5.xml:257 sssd-systemtap.5.xml:269 sssd-systemtap.5.xml:281
 #: sssd-systemtap.5.xml:293
-#, fuzzy, no-wrap
-#| msgid ""
-#| "fallback_homedir = /home/%u\n"
-#| "                            "
+#, no-wrap
 msgid ""
 "filter:string\n"
 "                       "
 msgstr ""
-"fallback_homedir = /home/%u\n"
-"                            "
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sssd-systemtap.5.xml:262
@@ -16485,10 +16432,8 @@ msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
 #: include/failover.xml:76
-#, fuzzy
-#| msgid "dns_resolver_timeout (integer)"
 msgid "dns_resolver_op_timeout"
-msgstr "dns_resolver_timeout (Ganzzahl)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: include/failover.xml:80
@@ -16497,10 +16442,8 @@ msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
 #: include/failover.xml:86
-#, fuzzy
-#| msgid "dns_resolver_timeout (integer)"
 msgid "dns_resolver_timeout"
-msgstr "dns_resolver_timeout (Ganzzahl)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: include/failover.xml:90
@@ -16512,30 +16455,18 @@ msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para>
 #: include/failover.xml:67
-#, fuzzy
-#| msgid ""
-#| "All of the common configuration options that apply to SSSD domains also "
-#| "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> "
-#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
-#| "<manvolnum>5</manvolnum> </citerefentry> manual page for full details.  "
-#| "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgid ""
 "This section lists the available tunables. Please refer to their description "
 "in the <citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
 "manvolnum> </citerefentry>, manual page.  <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
 msgstr ""
-"Alle häufigen Konfigurationsoptionen, die für SSSD-Domains gelten, gelten "
-"auch für LDAP-Domains. Umfassende Einzelheiten finden Sie im Abschnitt "
-"»DOMAIN-ABSCHNITTE« der Handbuchseite <citerefentry> <refentrytitle>sssd."
-"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>. <placeholder "
-"type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <refsect1><refsect2><para>
 #: include/failover.xml:100
 msgid ""
 "For LDAP-based providers, the resolve operation is performed as part of an "
-"LDAP connection operation. Thefore, also the <quote>ldap_opt_timeout></"
+"LDAP connection operation. Therefore, also the <quote>ldap_opt_timeout></"
 "quote> timeout should be set to a larger value than "
 "<quote>dns_resolver_timeout</quote> which in turn should be set to a larger "
 "value than <quote>dns_resolver_op_timeout</quote>."
@@ -17554,6 +17485,23 @@ msgstr ""
 msgid "ldap_use_tokengroups = true"
 msgstr ""
 
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ad_modified_defaults.xml:63
+msgid "ldap_sasl_authid = sAMAccountName@REALM (typically SHORTNAME$@REALM)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ad_modified_defaults.xml:66
+msgid ""
+"The AD provider looks for a different principal than the LDAP provider by "
+"default, because in an Active Directory environment the principals are "
+"divided into two groups - User Principals and Service Principals. Only User "
+"Principal can be used to obtain a TGT and by default, computer object's "
+"principal is constructed from its sAMAccountName and the AD realm. The well-"
+"known host/hostname@REALM principal is a Service Principal and thus cannot "
+"be used to get a TGT with."
+msgstr ""
+
 #. type: Content of: <refsect1><para>
 #: include/ipa_modified_defaults.xml:4
 msgid ""
@@ -17656,22 +17604,3 @@ msgstr ""
 #: include/ipa_modified_defaults.xml:118
 msgid "ldap_group_external_member = ipaExternalMember"
 msgstr ""
-
-#~ msgid ""
-#~ "Determines if a domain can be enumerated. This parameter can have one of "
-#~ "the following values:"
-#~ msgstr ""
-#~ "bestimmt, ob eine Domain aufgezählt werden kann. Dieser Parameter kann "
-#~ "einen der folgenden Werte haben:"
-
-#~ msgid ""
-#~ "<command>sss_debuglevel</command> changes debug level of SSSD monitor and "
-#~ "providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is "
-#~ "running."
-#~ msgstr ""
-#~ "<command>sss_debuglevel</command> ändert die Debug-Stufe des SSSD-"
-#~ "Überwachungsmonitors und Anbieters auf <replaceable>NEUE_DEBUG_STUFE</"
-#~ "replaceable> während SSSD ausgeführt wird."
-
-#~ msgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>"
-#~ msgstr "<replaceable>NEUE_DEBUG_STUFE</replaceable>"
diff --git a/src/man/po/es.po b/src/man/po/es.po
index 4d56219..a2eb32b 100644
--- a/src/man/po/es.po
+++ b/src/man/po/es.po
@@ -13,10 +13,10 @@
 # Daniel Cabrera <logan@fedoraproject.org>, 2011
 msgid ""
 msgstr ""
-"Project-Id-Version: sssd-docs 1.15.3\n"
+"Project-Id-Version: sssd-docs 1.16.1\n"
 "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2018-03-09 12:30+0100\n"
-"PO-Revision-Date: 2014-12-14 11:54-0500\n"
+"POT-Creation-Date: 2018-06-08 21:00+0200\n"
+"PO-Revision-Date: 2014-12-14 11:54+0000\n"
 "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
 "Language-Team: Spanish (http://www.transifex.com/projects/p/sssd/language/"
 "es/)\n"
@@ -25,7 +25,7 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
-"X-Generator: Zanata 3.9.6\n"
+"X-Generator: Zanata 4.4.5\n"
 
 #. type: Content of: <reference><title>
 #: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
@@ -101,7 +101,7 @@ msgstr ""
 #: sss_groupmod.8.xml:39 pam_sss.8.xml:64 sssd.8.xml:42 sss_obfuscate.8.xml:58
 #: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
 #: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
-#: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:66
+#: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:123
 #: sss_ssh_knownhostsproxy.1.xml:62
 msgid "OPTIONS"
 msgstr "OPCIONES"
@@ -212,8 +212,12 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd.conf.5.xml:41
+#, fuzzy
+#| msgid ""
+#| "A line comment starts with a hash sign (<quote>#</quote>) or a semicolon "
+#| "(<quote>;</quote>).  Inline comments are not supported."
 msgid ""
-"A line comment starts with a hash sign (<quote>#</quote>) or a semicolon "
+"A comment line starts with a hash sign (<quote>#</quote>) or a semicolon "
 "(<quote>;</quote>).  Inline comments are not supported."
 msgstr ""
 "Una línea de comentario comienza con una almohadilla (<quote>#</quote>) o un "
@@ -329,11 +333,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:133 sssd.conf.5.xml:543 sssd.conf.5.xml:837
-#: sssd.conf.5.xml:1474 sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1937
-#: sssd-ldap.5.xml:1999 sssd-ldap.5.xml:2565 sssd-ldap.5.xml:2630
-#: sssd-ldap.5.xml:2648 sssd-ad.5.xml:224 sssd-ad.5.xml:338 sssd-ad.5.xml:882
-#: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
+#: sssd.conf.5.xml:133 sssd.conf.5.xml:543 sssd.conf.5.xml:839
+#: sssd.conf.5.xml:1491 sssd.conf.5.xml:1521 sssd-ldap.5.xml:1840
+#: sssd-ldap.5.xml:1937 sssd-ldap.5.xml:1999 sssd-ldap.5.xml:2565
+#: sssd-ldap.5.xml:2630 sssd-ldap.5.xml:2648 sssd-ad.5.xml:227
+#: sssd-ad.5.xml:341 sssd-ad.5.xml:885 sssd-krb5.5.xml:499
+#: sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
 msgid "Default: true"
 msgstr "Predeterminado: true"
 
@@ -350,8 +355,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:146 sssd.conf.5.xml:540 sssd.conf.5.xml:721
-#: sssd.conf.5.xml:1407 sssd.conf.5.xml:2925 sssd-ldap.5.xml:708
+#: sssd.conf.5.xml:146 sssd.conf.5.xml:540 sssd.conf.5.xml:722
+#: sssd.conf.5.xml:1424 sssd.conf.5.xml:2983 sssd-ldap.5.xml:708
 #: sssd-ldap.5.xml:1714 sssd-ldap.5.xml:1733 sssd-ldap.5.xml:1909
 #: sssd-ldap.5.xml:2335 sssd-ipa.5.xml:151 sssd-ipa.5.xml:238
 #: sssd-ipa.5.xml:559 sssd-krb5.5.xml:266 sssd-krb5.5.xml:300
@@ -385,7 +390,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:169 sssd.conf.5.xml:1359 sssd.conf.5.xml:2941
+#: sssd.conf.5.xml:169 sssd.conf.5.xml:1376 sssd.conf.5.xml:2999
 #: sssd-ldap.5.xml:1585 include/ldap_id_mapping.xml:264
 msgid "Default: 10"
 msgstr "Predeterminado: 10"
@@ -401,7 +406,7 @@ msgid "The [sssd] section"
 msgstr "La sección [sssd]"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:191 sssd.conf.5.xml:3030
+#: sssd.conf.5.xml:191 sssd.conf.5.xml:3088
 msgid "Section parameters"
 msgstr "Parámetros de sección"
 
@@ -451,12 +456,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231 sssd.conf.5.xml:613
+#: sssd.conf.5.xml:231 sssd.conf.5.xml:614
 msgid "reconnection_retries (integer)"
 msgstr "reconnection_retries (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:234 sssd.conf.5.xml:616
+#: sssd.conf.5.xml:234 sssd.conf.5.xml:617
 msgid ""
 "Number of times services should attempt to reconnect in the event of a Data "
 "Provider crash or restart before they give up"
@@ -465,7 +470,7 @@ msgstr ""
 "de datos del  proveedor, o de reiniciarse antes de abandonar"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:239 sssd.conf.5.xml:621
+#: sssd.conf.5.xml:239 sssd.conf.5.xml:622
 msgid "Default: 3"
 msgstr "Predeterminado: 3"
 
@@ -485,7 +490,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:259 sssd.conf.5.xml:2539
+#: sssd.conf.5.xml:259 sssd.conf.5.xml:2597
 msgid "re_expression (string)"
 msgstr "re_expression (cadena)"
 
@@ -507,12 +512,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:276 sssd.conf.5.xml:2590
+#: sssd.conf.5.xml:276 sssd.conf.5.xml:2648
 msgid "full_name_format (string)"
 msgstr "full_name_format (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:279 sssd.conf.5.xml:2593
+#: sssd.conf.5.xml:279 sssd.conf.5.xml:2651
 msgid ""
 "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
 "manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -520,39 +525,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:290 sssd.conf.5.xml:2604
+#: sssd.conf.5.xml:290 sssd.conf.5.xml:2662
 msgid "%1$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:291 sssd.conf.5.xml:2605
+#: sssd.conf.5.xml:291 sssd.conf.5.xml:2663
 msgid "user name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:294 sssd.conf.5.xml:2608
+#: sssd.conf.5.xml:294 sssd.conf.5.xml:2666
 msgid "%2$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:297 sssd.conf.5.xml:2611
+#: sssd.conf.5.xml:297 sssd.conf.5.xml:2669
 msgid "domain name as specified in the SSSD config file."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:303 sssd.conf.5.xml:2617
+#: sssd.conf.5.xml:303 sssd.conf.5.xml:2675
 msgid "%3$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:306 sssd.conf.5.xml:2620
+#: sssd.conf.5.xml:306 sssd.conf.5.xml:2678
 msgid ""
 "domain flat name. Mostly usable for Active Directory domains, both directly "
 "configured or discovered via IPA trusts."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:287 sssd.conf.5.xml:2601
+#: sssd.conf.5.xml:287 sssd.conf.5.xml:2659
 msgid ""
 "The following expansions are supported: <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
@@ -703,9 +708,9 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:418 sssd.conf.5.xml:1163 sssd-ldap.5.xml:679
+#: sssd.conf.5.xml:418 sssd.conf.5.xml:1165 sssd-ldap.5.xml:679
 #: sssd-ldap.5.xml:1319 sssd-ldap.5.xml:1673 sssd-ldap.5.xml:1685
-#: sssd-ldap.5.xml:1767 sssd-ad.5.xml:687 sssd-ad.5.xml:762 sssd.8.xml:126
+#: sssd-ldap.5.xml:1767 sssd-ad.5.xml:690 sssd-ad.5.xml:765 sssd.8.xml:126
 #: sssd-krb5.5.xml:410 sssd-krb5.5.xml:556 sssd-secrets.5.xml:339
 #: sssd-secrets.5.xml:377 sssd-secrets.5.xml:390 sssd-secrets.5.xml:404
 #: sssd-secrets.5.xml:415 include/ldap_id_mapping.xml:205
@@ -883,21 +888,22 @@ msgstr ""
 #: sssd.conf.5.xml:563
 msgid ""
 "Please, note that when this option is set the output format of all commands "
-"is always fully-qualified even when using short names for input.  In case "
-"the administrator wants the output not fully-qualified, the full_name_format "
-"option can be used as shown below: <quote>full_name_format=%1$s</quote> "
-"However, keep in mind that during login, login applications often "
-"canonicalize the username by calling <citerefentry> <refentrytitle>getpwnam</"
-"refentrytitle> <manvolnum>3</manvolnum> </citerefentry> which, if a "
-"shortname is returned for a qualified input (while trying to reach a user "
-"which exists in multiple domains) might re-route the login attempt into the "
-"domain which users shortnames, making this workaround totally not "
-"recommended in cases where usernames may overlap between domains."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587 sssd.conf.5.xml:1371 sssd.conf.5.xml:2991
-#: sssd-ad.5.xml:161 sssd-ad.5.xml:299 sssd-ad.5.xml:313
+"is always fully-qualified even when using short names for input, for all "
+"users but the ones managed by the files provider.  In case the administrator "
+"wants the output not fully-qualified, the full_name_format option can be "
+"used as shown below: <quote>full_name_format=%1$s</quote> However, keep in "
+"mind that during login, login applications often canonicalize the username "
+"by calling <citerefentry> <refentrytitle>getpwnam</refentrytitle> "
+"<manvolnum>3</manvolnum> </citerefentry> which, if a shortname is returned "
+"for a qualified input (while trying to reach a user which exists in multiple "
+"domains) might re-route the login attempt into the domain which uses "
+"shortnames, making this workaround totally not recommended in cases where "
+"usernames may overlap between domains."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:588 sssd.conf.5.xml:1388 sssd.conf.5.xml:3049
+#: sssd-ad.5.xml:164 sssd-ad.5.xml:302 sssd-ad.5.xml:316
 msgid "Default: Not set"
 msgstr ""
 
@@ -919,12 +925,12 @@ msgstr ""
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:598
+#: sssd.conf.5.xml:599
 msgid "SERVICES SECTIONS"
 msgstr "SECCIONES DE SERVICIOS"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:600
+#: sssd.conf.5.xml:601
 msgid ""
 "Settings that can be used to configure different services are described in "
 "this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -937,22 +943,22 @@ msgstr ""
 "<quote>[nss]</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:607
+#: sssd.conf.5.xml:608
 msgid "General service configuration options"
 msgstr "Opciones de configuración de servicios generales"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:609
+#: sssd.conf.5.xml:610
 msgid "These options can be used to configure any service."
 msgstr "Estas opciones pueden usarse para configurar cualquier servicio."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:626
+#: sssd.conf.5.xml:627
 msgid "fd_limit"
 msgstr "fd_limit"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:629
+#: sssd.conf.5.xml:630
 msgid ""
 "This option specifies the maximum number of file descriptors that may be "
 "opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -967,17 +973,17 @@ msgstr ""
 "valor más bajo de este o de limite “hard” en limits.conf."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:638
+#: sssd.conf.5.xml:639
 msgid "Default: 8192 (or limits.conf \"hard\" limit)"
 msgstr "Por defecto: 8192 (o limite “hard” en limits.conf)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:643
+#: sssd.conf.5.xml:644
 msgid "client_idle_timeout"
 msgstr "client_idle_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:646
+#: sssd.conf.5.xml:647
 msgid ""
 "This option specifies the number of seconds that a client of an SSSD process "
 "can hold onto a file descriptor without communicating on it. This value is "
@@ -987,18 +993,18 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:655 sssd.conf.5.xml:687 sssd.conf.5.xml:968
-#: sssd.conf.5.xml:1229 sssd-ldap.5.xml:1412
+#: sssd.conf.5.xml:656 sssd.conf.5.xml:688 sssd.conf.5.xml:970
+#: sssd.conf.5.xml:1231 sssd-ldap.5.xml:1412
 msgid "Default: 60"
 msgstr "Predeterminado: 60"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:660
+#: sssd.conf.5.xml:661
 msgid "offline_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:663
+#: sssd.conf.5.xml:664
 msgid ""
 "When SSSD switches to offline mode the amount of time before it tries to go "
 "back online will increase based upon the time spent disconnected.  This "
@@ -1006,24 +1012,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:670
+#: sssd.conf.5.xml:671
 msgid "offline_timeout + random_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:673
+#: sssd.conf.5.xml:674
 msgid ""
 "The random offset can increment up to 30 seconds.  After each unsuccessful "
 "attempt to go online, the new interval is recalculated by the following:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:678
+#: sssd.conf.5.xml:679
 msgid "new_interval = old_interval*2 + random_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:681
+#: sssd.conf.5.xml:682
 msgid ""
 "Note that the maximum length of each interval is currently limited to one "
 "hour. If the calculated length of new_interval is greater than an hour, it "
@@ -1031,12 +1037,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:692
+#: sssd.conf.5.xml:693
 msgid "responder_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:695
+#: sssd.conf.5.xml:696
 msgid ""
 "This option specifies the number of seconds that an SSSD responder process "
 "can be up without being used. This value is limited in order to avoid "
@@ -1048,30 +1054,30 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:709 sssd.conf.5.xml:981 sssd.conf.5.xml:1566
+#: sssd.conf.5.xml:710 sssd.conf.5.xml:983 sssd.conf.5.xml:1616
 #: sssd-ldap.5.xml:722
 msgid "Default: 300"
 msgstr "Predeterminado: 300"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:714
+#: sssd.conf.5.xml:715
 msgid "cache_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:717
+#: sssd.conf.5.xml:718
 msgid ""
 "This option specifies whether the responder should query all caches before "
 "querying the Data Providers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:729
+#: sssd.conf.5.xml:730
 msgid "NSS configuration options"
 msgstr "Opciones de configuración de NSS"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:731
+#: sssd.conf.5.xml:732
 msgid ""
 "These options can be used to configure the Name Service Switch (NSS) service."
 msgstr ""
@@ -1079,12 +1085,12 @@ msgstr ""
 "Switch (NSS)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:736
+#: sssd.conf.5.xml:737
 msgid "enum_cache_timeout (integer)"
 msgstr "enum_cache_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:739
+#: sssd.conf.5.xml:740
 msgid ""
 "How many seconds should nss_sss cache enumerations (requests for info about "
 "all users)"
@@ -1093,17 +1099,17 @@ msgstr ""
 "sobre todos los usuarios)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:743
+#: sssd.conf.5.xml:744
 msgid "Default: 120"
 msgstr "Predeterminado: 120"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:748
+#: sssd.conf.5.xml:749
 msgid "entry_cache_nowait_percentage (integer)"
 msgstr "entry_cache_nowait_percentage (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:751
+#: sssd.conf.5.xml:752
 msgid ""
 "The entry cache can be set to automatically update entries in the background "
 "if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -1114,7 +1120,7 @@ msgstr ""
 "valor de entry_cache_timeout para el dominio."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:757
+#: sssd.conf.5.xml:758
 msgid ""
 "For example, if the domain's entry_cache_timeout is set to 30s and "
 "entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -1130,7 +1136,7 @@ msgstr ""
 "actualización del cache."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:767
+#: sssd.conf.5.xml:768
 msgid ""
 "Valid values for this option are 0-99 and represent a percentage of the "
 "entry_cache_timeout for each domain. For performance reasons, this "
@@ -1143,17 +1149,17 @@ msgstr ""
 "segundos. (0 deshabilita esta función)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:775 sssd.conf.5.xml:1428
+#: sssd.conf.5.xml:776 sssd.conf.5.xml:1445
 msgid "Default: 50"
 msgstr "Predeterminado: 50"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:780
+#: sssd.conf.5.xml:781
 msgid "entry_negative_timeout (integer)"
 msgstr "entry_negative_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:784
 msgid ""
 "Specifies for how many seconds nss_sss should cache negative cache hits "
 "(that is, queries for invalid database entries, like nonexistent ones)  "
@@ -1164,34 +1170,37 @@ msgstr ""
 "entradas no existentes) antes de preguntar al punto final otra vez."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:789 sssd.conf.5.xml:1452
+#: sssd.conf.5.xml:790 sssd.conf.5.xml:1469
 msgid "Default: 15"
 msgstr "Predeterminado: 15"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:794
+#: sssd.conf.5.xml:795
 msgid "local_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:797
+#: sssd.conf.5.xml:798
 msgid ""
 "Specifies for how many seconds nss_sss should keep local users and groups in "
-"negative cache before trying to look it up in the back end again."
+"negative cache before trying to look it up in the back end again. Setting "
+"the option to 0 disables this feature."
 msgstr ""
 
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:802 sssd.conf.5.xml:1217 sssd.conf.5.xml:2846 sssd.8.xml:79
-msgid "Default: 0"
-msgstr "Predeterminado: 0"
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:804
+#, fuzzy
+#| msgid "Default: 86400 (24 hours)"
+msgid "Default: 14400 (4 hours)"
+msgstr "Predeterminado: 86400 (24 horas)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:807
+#: sssd.conf.5.xml:809
 msgid "filter_users, filter_groups (string)"
 msgstr "filter_users, filter_groups (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:810
+#: sssd.conf.5.xml:812
 msgid ""
 "Exclude certain users or groups from being fetched from the sss NSS "
 "database. This is particularly useful for system accounts. This option can "
@@ -1200,7 +1209,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:817
+#: sssd.conf.5.xml:819
 msgid ""
 "NOTE: The filter_groups option doesn't affect inheritance of nested group "
 "members, since filtering happens after they are propagated for returning via "
@@ -1209,17 +1218,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:825
+#: sssd.conf.5.xml:827
 msgid "Default: root"
 msgstr "Predeterminado: root"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:830
+#: sssd.conf.5.xml:832
 msgid "filter_users_in_groups (bool)"
 msgstr "filter_users_in_groups (bool)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:833
+#: sssd.conf.5.xml:835
 msgid ""
 "If you want filtered user still be group members set this option to false."
 msgstr ""
@@ -1227,12 +1236,12 @@ msgstr ""
 "opción a false."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:844
+#: sssd.conf.5.xml:846
 msgid "fallback_homedir (string)"
 msgstr "fallback_homedir (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:849
 msgid ""
 "Set a default template for a user's home directory if one is not specified "
 "explicitly by the domain's data provider."
@@ -1241,7 +1250,7 @@ msgstr ""
 "especificado una explícitamente por el proveedor de datos del dominio."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:852
+#: sssd.conf.5.xml:854
 msgid ""
 "The available values for this option are the same as for override_homedir."
 msgstr ""
@@ -1249,7 +1258,7 @@ msgstr ""
 "override_homedir."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:858
+#: sssd.conf.5.xml:860
 #, no-wrap
 msgid ""
 "fallback_homedir = /home/%u\n"
@@ -1259,24 +1268,24 @@ msgstr ""
 "                            "
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:856 sssd.conf.5.xml:1296 sssd.conf.5.xml:1315
+#: sssd.conf.5.xml:858 sssd.conf.5.xml:1298 sssd.conf.5.xml:1317
 #: sssd-krb5.5.xml:539 include/override_homedir.xml:59
 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr "ejemplo: <placeholder type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:862
+#: sssd.conf.5.xml:864
 msgid "Default: not set (no substitution for unset home directories)"
 msgstr ""
 "Por defecto: no fijado (sin sustitución para los directorios home no fijados)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:870
 msgid "override_shell (string)"
 msgstr "override_shell (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:873
 msgid ""
 "Override the login shell for all users. This option supersedes any other "
 "shell options if it takes effect and can be set either in the [nss] section "
@@ -1284,17 +1293,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:877
+#: sssd.conf.5.xml:879
 msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
 msgstr "Por defecto: no fijado (SSSD usará el valor recuperado desde LDAP)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:883
+#: sssd.conf.5.xml:885
 msgid "allowed_shells (string)"
 msgstr "allowed_shells (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:886
+#: sssd.conf.5.xml:888
 msgid ""
 "Restrict user shell to one of the listed values. The order of evaluation is:"
 msgstr ""
@@ -1302,12 +1311,12 @@ msgstr ""
 "evaluación es:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:889
+#: sssd.conf.5.xml:891
 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
 msgstr "1. Si el shell está presente en <quote>/etc/shells</quote>, se usa."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:895
 msgid ""
 "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
 "quote>, use the value of the shell_fallback parameter."
@@ -1316,7 +1325,7 @@ msgstr ""
 "shells</quote>, usa el valor del parámetro shell_fallback."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:898
+#: sssd.conf.5.xml:900
 msgid ""
 "3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
 "shells</quote>, a nologin shell is used."
@@ -1325,12 +1334,12 @@ msgstr ""
 "shells</quote>, se usará un shell de no acceso."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:903
+#: sssd.conf.5.xml:905
 msgid "The wildcard (*) can be used to allow any shell."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:906
+#: sssd.conf.5.xml:908
 msgid ""
 "The (*) is useful if you want to use shell_fallback in case that user's "
 "shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -1338,12 +1347,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:913
+#: sssd.conf.5.xml:915
 msgid "An empty string for shell is passed as-is to libc."
 msgstr "Una cadena vacía para el shell se pasa como-es a libc."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:918
 msgid ""
 "The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
 "that a restart of the SSSD is required in case a new shell is installed."
@@ -1353,27 +1362,27 @@ msgstr ""
 "una nueva shell."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:920
+#: sssd.conf.5.xml:922
 msgid "Default: Not set. The user shell is automatically used."
 msgstr "Por defecto: No fijado. La shell del usuario se usa automáticamente."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:925
+#: sssd.conf.5.xml:927
 msgid "vetoed_shells (string)"
 msgstr "vetoed_shells (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:928
+#: sssd.conf.5.xml:930
 msgid "Replace any instance of these shells with the shell_fallback"
 msgstr "Reemplaza cualquier instancia de estos shells con shell_fallback"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:933
+#: sssd.conf.5.xml:935
 msgid "shell_fallback (string)"
 msgstr "shell_fallback (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:936
+#: sssd.conf.5.xml:938
 msgid ""
 "The default shell to use if an allowed shell is not installed on the machine."
 msgstr ""
@@ -1381,24 +1390,24 @@ msgstr ""
 "máquina."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
+#: sssd.conf.5.xml:942
 msgid "Default: /bin/sh"
 msgstr "Predeterminado: /bin/sh"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:945
+#: sssd.conf.5.xml:947
 msgid "default_shell"
 msgstr "default_shell"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:950
 msgid ""
 "The default shell to use if the provider does not return one during lookup. "
 "This option can be specified globally in the [nss] section or per-domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:956
 msgid ""
 "Default: not set (Return NULL if no shell is specified and rely on libc to "
 "substitute something sensible when necessary, usually /bin/sh)"
@@ -1408,12 +1417,12 @@ msgstr ""
 "normalmente /bin/sh)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:961 sssd.conf.5.xml:1222
+#: sssd.conf.5.xml:963 sssd.conf.5.xml:1224
 msgid "get_domains_timeout (int)"
 msgstr "get_domains_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:964 sssd.conf.5.xml:1225
+#: sssd.conf.5.xml:966 sssd.conf.5.xml:1227
 msgid ""
 "Specifies time in seconds for which the list of subdomains will be "
 "considered valid."
@@ -1422,38 +1431,38 @@ msgstr ""
 "considerada válida."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:973
+#: sssd.conf.5.xml:975
 msgid "memcache_timeout (int)"
 msgstr "memcache_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:976
+#: sssd.conf.5.xml:978
 msgid ""
 "Specifies time in seconds for which records in the in-memory cache will be "
 "valid. Setting this option to zero will disable the in-memory cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:984
+#: sssd.conf.5.xml:986
 msgid ""
 "WARNING: Disabling the in-memory cache will have significant negative impact "
 "on SSSD's performance and should only be used for testing."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:990
+#: sssd.conf.5.xml:992
 msgid ""
 "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
 "client applications will not use the fast in-memory cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:998 sssd-ifp.5.xml:74
+#: sssd.conf.5.xml:1000 sssd-ifp.5.xml:74
 msgid "user_attributes (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1001
+#: sssd.conf.5.xml:1003
 msgid ""
 "Some of the additional NSS responder requests can return more attributes "
 "than just the POSIX ones defined by the NSS interface. The list of "
@@ -1464,48 +1473,48 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1014
+#: sssd.conf.5.xml:1016
 msgid ""
 "To make configuration more easy the NSS responder will check the InfoPipe "
 "option if it is not set for the NSS responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1019
+#: sssd.conf.5.xml:1021
 msgid "Default: not set, fallback to InfoPipe option"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1026
 msgid "pwfield (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1029
 msgid ""
 "The value that NSS operations that return users or groups will return for "
 "the <quote>password</quote> field."
 msgstr ""
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:1032 include/override_homedir.xml:56
+#: sssd.conf.5.xml:1034 include/override_homedir.xml:56
 msgid "This option can also be set per-domain."
 msgstr "Esta opción puede ser también fijada por dominio."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1035
+#: sssd.conf.5.xml:1037
 msgid ""
 "Default: <quote>*</quote> (remote domains)  or <quote>x</quote> (the files "
 "domain)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1043
+#: sssd.conf.5.xml:1045
 msgid "PAM configuration options"
 msgstr "Opciones de configuración PAM"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1047
 msgid ""
 "These options can be used to configure the Pluggable Authentication Module "
 "(PAM) service."
@@ -1514,12 +1523,12 @@ msgstr ""
 "Authentication Module (PAM)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1050
+#: sssd.conf.5.xml:1052
 msgid "offline_credentials_expiration (integer)"
 msgstr "offline_credentials_expiration (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1053
+#: sssd.conf.5.xml:1055
 msgid ""
 "If the authentication provider is offline, how long should we allow cached "
 "logins (in days since the last successful online login)."
@@ -1528,17 +1537,17 @@ msgstr ""
 "los accesos escondidos (en días desde el último login en línea con éxito)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1058 sssd.conf.5.xml:1071
+#: sssd.conf.5.xml:1060 sssd.conf.5.xml:1073
 msgid "Default: 0 (No limit)"
 msgstr "Predeterminado: 0 (Sin límite)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1064
+#: sssd.conf.5.xml:1066
 msgid "offline_failed_login_attempts (integer)"
 msgstr "offline_failed_login_attempts (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1067
+#: sssd.conf.5.xml:1069
 msgid ""
 "If the authentication provider is offline, how many failed login attempts "
 "are allowed."
@@ -1547,12 +1556,12 @@ msgstr ""
 "login fallados están permitidos."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1077
+#: sssd.conf.5.xml:1079
 msgid "offline_failed_login_delay (integer)"
 msgstr "offline_failed_login_delay (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1080
+#: sssd.conf.5.xml:1082
 msgid ""
 "The time in minutes which has to pass after offline_failed_login_attempts "
 "has been reached before a new login attempt is possible."
@@ -1562,7 +1571,7 @@ msgstr ""
 "intento de login sea posible."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1085
+#: sssd.conf.5.xml:1087
 msgid ""
 "If set to 0 the user cannot authenticate offline if "
 "offline_failed_login_attempts has been reached. Only a successful online "
@@ -1573,17 +1582,17 @@ msgstr ""
 "éxito puede habilitar otra vez la autenticación fuera de línea."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1091 sssd.conf.5.xml:1189
+#: sssd.conf.5.xml:1093 sssd.conf.5.xml:1191
 msgid "Default: 5"
 msgstr "Predeterminado: 5"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1097
+#: sssd.conf.5.xml:1099
 msgid "pam_verbosity (integer)"
 msgstr "pam_verbosity (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1100
+#: sssd.conf.5.xml:1102
 msgid ""
 "Controls what kind of messages are shown to the user during authentication. "
 "The higher the number to more messages are displayed."
@@ -1592,44 +1601,44 @@ msgstr ""
 "autenticación. Cuanto mayor sea el número de mensajes más aparecen."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1105
+#: sssd.conf.5.xml:1107
 msgid "Currently sssd supports the following values:"
 msgstr "Actualmente sssd soporta los siguientes valores:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1108
+#: sssd.conf.5.xml:1110
 msgid "<emphasis>0</emphasis>: do not show any message"
 msgstr "<emphasis>0</emphasis>: no mostrar ningún mensaje"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1111
+#: sssd.conf.5.xml:1113
 msgid "<emphasis>1</emphasis>: show only important messages"
 msgstr "<emphasis>1</emphasis>: mostrar sólo mensajes importantes"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1115
+#: sssd.conf.5.xml:1117
 msgid "<emphasis>2</emphasis>: show informational messages"
 msgstr "<emphasis>2</emphasis>: mostrar mensajes informativos"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1118
+#: sssd.conf.5.xml:1120
 msgid "<emphasis>3</emphasis>: show all messages and debug information"
 msgstr ""
 "<emphasis>3</emphasis>: mostrar todos los mensajes e información de "
 "depuración"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1122 sssd.8.xml:63
+#: sssd.conf.5.xml:1124 sssd.8.xml:63
 msgid "Default: 1"
 msgstr "Predeterminado: 1"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1128
+#: sssd.conf.5.xml:1130
 msgid "pam_response_filter (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1131
+#: sssd.conf.5.xml:1133
 msgid ""
 "A comma separated list of strings which allows to remove (filter) data sent "
 "by the PAM responder to pam_sss PAM module. There are different kind of "
@@ -1638,61 +1647,61 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1139
+#: sssd.conf.5.xml:1141
 msgid ""
 "While messages already can be controlled with the help of the pam_verbosity "
 "option this option allows to filter out other kind of responses as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1148
 msgid "ENV"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1147
+#: sssd.conf.5.xml:1149
 msgid "Do not send any environment variables to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1150
+#: sssd.conf.5.xml:1152
 msgid "ENV:var_name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1151
+#: sssd.conf.5.xml:1153
 msgid "Do not send environment variable var_name to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1155
+#: sssd.conf.5.xml:1157
 msgid "ENV:var_name:service"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1156
+#: sssd.conf.5.xml:1158
 msgid "Do not send environment variable var_name to service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1144
+#: sssd.conf.5.xml:1146
 msgid ""
 "Currently the following filters are supported: <placeholder type="
 "\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1166
+#: sssd.conf.5.xml:1168
 msgid "Example: ENV:KRB5CCNAME:sudo-i"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1174
 msgid "pam_id_timeout (integer)"
 msgstr "pam_id_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1175
+#: sssd.conf.5.xml:1177
 msgid ""
 "For any PAM request while SSSD is online, the SSSD will attempt to "
 "immediately update the cached identity information for the user in order to "
@@ -1704,7 +1713,7 @@ msgstr ""
 "información más actual."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1181
+#: sssd.conf.5.xml:1183
 msgid ""
 "A complete PAM conversation may perform multiple PAM requests, such as "
 "account management and session opening. This option controls (on a per-"
@@ -1718,17 +1727,17 @@ msgstr ""
 "proveedor de identidad."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1195
+#: sssd.conf.5.xml:1197
 msgid "pam_pwd_expiration_warning (integer)"
 msgstr "pam_pwd_expiration_warning (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1198 sssd.conf.5.xml:2028
+#: sssd.conf.5.xml:1200 sssd.conf.5.xml:2078
 msgid "Display a warning N days before the password expires."
 msgstr "Mostrar una advertencia N días antes que la contraseña caduque."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1201
+#: sssd.conf.5.xml:1203
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -1739,7 +1748,7 @@ msgstr ""
 "información desaparece, sssd no podrá mostrar un aviso."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1207 sssd.conf.5.xml:2031
+#: sssd.conf.5.xml:1209 sssd.conf.5.xml:2081
 msgid ""
 "If zero is set, then this filter is not applied, i.e. if the expiration "
 "warning was received from backend server, it will automatically be displayed."
@@ -1749,7 +1758,7 @@ msgstr ""
 "automáticamente."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1212
+#: sssd.conf.5.xml:1214
 msgid ""
 "This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
 "emphasis> for a particular domain."
@@ -1757,13 +1766,18 @@ msgstr ""
 "Este ajuste puede ser anulado por el ajuste "
 "<emphasis>pwd_expiration_warning</emphasis> para un dominio concreto."
 
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1219 sssd.conf.5.xml:2904 sssd.8.xml:79
+msgid "Default: 0"
+msgstr "Predeterminado: 0"
+
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1234
+#: sssd.conf.5.xml:1236
 msgid "pam_trusted_users (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1237
+#: sssd.conf.5.xml:1239
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to run PAM conversations against trusted domains.  Users not "
@@ -1773,74 +1787,74 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1247
+#: sssd.conf.5.xml:1249
 msgid "Default: All users are considered trusted by default"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1251
+#: sssd.conf.5.xml:1253
 msgid ""
 "Please note that UID 0 is always allowed to access the PAM responder even in "
 "case it is not in the pam_trusted_users list."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1258
+#: sssd.conf.5.xml:1260
 msgid "pam_public_domains (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1261
+#: sssd.conf.5.xml:1263
 msgid ""
 "Specifies the comma-separated list of domain names that are accessible even "
 "to untrusted users."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1265
+#: sssd.conf.5.xml:1267
 msgid "Two special values for pam_public_domains option are defined:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1269
+#: sssd.conf.5.xml:1271
 msgid ""
 "all (Untrusted users are allowed to access all domains in PAM responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1273
+#: sssd.conf.5.xml:1275
 msgid ""
 "none (Untrusted users are not allowed to access any domains PAM in "
 "responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1277 sssd.conf.5.xml:1302 sssd.conf.5.xml:1321
-#: sssd.conf.5.xml:1825 sssd.conf.5.xml:2782 sssd-ldap.5.xml:1968
+#: sssd.conf.5.xml:1279 sssd.conf.5.xml:1304 sssd.conf.5.xml:1323
+#: sssd.conf.5.xml:1875 sssd.conf.5.xml:2840 sssd-ldap.5.xml:1968
 msgid "Default: none"
 msgstr "Predeterminado: none"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1282
+#: sssd.conf.5.xml:1284
 msgid "pam_account_expired_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1285
+#: sssd.conf.5.xml:1287
 msgid ""
 "Allows a custom expiration message to be set, replacing the default "
 "'Permission denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1290
+#: sssd.conf.5.xml:1292
 msgid ""
 "Note: Please be aware that message is only printed for the SSH service "
 "unless pam_verbosity is set to 3 (show all messages and debug information)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1298
+#: sssd.conf.5.xml:1300
 #, no-wrap
 msgid ""
 "pam_account_expired_message = Account expired, please contact help desk.\n"
@@ -1848,19 +1862,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1307
+#: sssd.conf.5.xml:1309
 msgid "pam_account_locked_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1310
+#: sssd.conf.5.xml:1312
 msgid ""
 "Allows a custom lockout message to be set, replacing the default 'Permission "
 "denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1317
+#: sssd.conf.5.xml:1319
 #, no-wrap
 msgid ""
 "pam_account_locked_message = Account locked, please contact help desk.\n"
@@ -1868,12 +1882,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1326
+#: sssd.conf.5.xml:1328
 msgid "pam_cert_auth (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1329
+#: sssd.conf.5.xml:1331
 msgid ""
 "Enable certificate based Smartcard authentication.  Since this requires "
 "additional communication with the Smartcard which will delay the "
@@ -1881,58 +1895,82 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1335 sssd.conf.5.xml:2875 sssd-ldap.5.xml:1087
+#: sssd.conf.5.xml:1337 sssd.conf.5.xml:2933 sssd-ldap.5.xml:1087
 #: sssd-ldap.5.xml:1114 sssd-ldap.5.xml:1514 sssd-ldap.5.xml:1535
 #: sssd-ldap.5.xml:2041 include/ldap_id_mapping.xml:244
 msgid "Default: False"
 msgstr "Por defecto: False"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1340
+#: sssd.conf.5.xml:1342
 msgid "pam_cert_db_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1343
+#: sssd.conf.5.xml:1345
 msgid ""
 "The path to the certificate database which contain the PKCS#11 modules to "
 "access the Smartcard."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1347
-msgid "Default: /etc/pki/nssdb (NSS version)"
+#: sssd.conf.5.xml:1349 sssd.conf.5.xml:1534
+#, fuzzy
+#| msgid "Default: 3"
+msgid "Default:"
+msgstr "Predeterminado: 3"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:1351 sssd.conf.5.xml:1536
+msgid "/etc/pki/nssdb (NSS version, path to a NSS database)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:1354 sssd.conf.5.xml:1539
+msgid ""
+"/etc/sssd/pki/sssd_auth_ca_db.pem (OpenSSL version, path to a file with "
+"trusted CA certificates in PEM format)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1361 sssd.conf.5.xml:1546
+msgid "This man page was generated for the NSS version."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1364 sssd.conf.5.xml:1549
+msgid "This man page was generated for the OpenSSL version."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1352
+#: sssd.conf.5.xml:1369
 msgid "p11_child_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1355
+#: sssd.conf.5.xml:1372
 msgid "How many seconds will pam_sss wait for p11_child to finish."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1364
+#: sssd.conf.5.xml:1381
 msgid "pam_app_services (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1367
+#: sssd.conf.5.xml:1384
 msgid ""
 "Which PAM services are permitted to contact domains of type "
 "<quote>application</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1380
+#: sssd.conf.5.xml:1397
 msgid "SUDO configuration options"
 msgstr "SUDO opciones de configuración"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1382
+#: sssd.conf.5.xml:1399
 msgid ""
 "These options can be used to configure the sudo service.  The detailed "
 "instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -1943,12 +1981,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1399
+#: sssd.conf.5.xml:1416
 msgid "sudo_timed (bool)"
 msgstr "sudo_timed (booleano)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1402
+#: sssd.conf.5.xml:1419
 msgid ""
 "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
 "that implement time-dependent sudoers entries."
@@ -1957,14 +1995,12 @@ msgstr ""
 "entradas de sudoers dependientes del tiempo."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1414
-#, fuzzy
-#| msgid "ldap_deref_threshold (integer)"
+#: sssd.conf.5.xml:1431
 msgid "sudo_threshold (integer)"
-msgstr "ldap_deref_threshold (entero)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1417
+#: sssd.conf.5.xml:1434
 msgid ""
 "Maximum number of expired rules that can be refreshed at once. If number of "
 "expired rules is below threshold, those rules are refreshed with "
@@ -1974,22 +2010,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1436
+#: sssd.conf.5.xml:1453
 msgid "AUTOFS configuration options"
 msgstr "Opciones de configuración AUTOFS"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1438
+#: sssd.conf.5.xml:1455
 msgid "These options can be used to configure the autofs service."
 msgstr "Estas opciones pueden ser usadas para configurar el servicio autofs."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1442
+#: sssd.conf.5.xml:1459
 msgid "autofs_negative_timeout (integer)"
 msgstr "autofs_negative_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1445
+#: sssd.conf.5.xml:1462
 msgid ""
 "Specifies for how many seconds should the autofs responder negative cache "
 "hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -2000,22 +2036,22 @@ msgstr ""
 "existentes) antes de preguntar al punto final otra vez."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1461
+#: sssd.conf.5.xml:1478
 msgid "SSH configuration options"
 msgstr "Opciones de configuración SSH"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1463
+#: sssd.conf.5.xml:1480
 msgid "These options can be used to configure the SSH service."
 msgstr "Estas opciones se pueden usar para configurar el servicio SSH."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1467
+#: sssd.conf.5.xml:1484
 msgid "ssh_hash_known_hosts (bool)"
 msgstr "ssh_hash_known_hosts (booleano)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1470
+#: sssd.conf.5.xml:1487
 msgid ""
 "Whether or not to hash host names and addresses in the managed known_hosts "
 "file."
@@ -2024,12 +2060,12 @@ msgstr ""
 "known_host. "
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1479
+#: sssd.conf.5.xml:1496
 msgid "ssh_known_hosts_timeout (integer)"
 msgstr "ssh_known_hosts_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1482
+#: sssd.conf.5.xml:1499
 msgid ""
 "How many seconds to keep a host in the managed known_hosts file after its "
 "host keys were requested."
@@ -2038,34 +2074,53 @@ msgstr ""
 "después de que se hayan pedido sus claves de host."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1486
+#: sssd.conf.5.xml:1503
 msgid "Default: 180"
 msgstr "Por defecto: 180"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1491
-msgid "ca_db (string)"
+#: sssd.conf.5.xml:1508
+msgid "ssh_use_certificate_keys (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1494
+#: sssd.conf.5.xml:1511
+#, fuzzy
+#| msgid ""
+#| "The skeleton directory, which contains files and directories to be copied "
+#| "in the user's home directory, when the home directory is created by "
+#| "<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</"
+#| "manvolnum> </citerefentry>"
 msgid ""
-"Path to a storage of trusted CA certificates. The option is used to validate "
-"user certificates before deriving public ssh keys from them."
+"If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh "
+"keys derived from the public key of X.509 certificates stored in the user "
+"entry as well. See <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</"
+"refentrytitle> <manvolnum>1</manvolnum> </citerefentry> for details."
+msgstr ""
+"El directorio esqueleto, el cual contiene archivos y directorios a copiarse "
+"en el directorio principal del usuario, cuando se crea el directorio "
+"principal de <citerefentry><refentrytitle>sss_useradd</refentrytitle> "
+"<manvolnum>8</manvolnum></citerefentry>"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1526
+msgid "ca_db (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1499
-msgid "Default: /etc/pki/nssdb"
+#: sssd.conf.5.xml:1529
+msgid ""
+"Path to a storage of trusted CA certificates. The option is used to validate "
+"user certificates before deriving public ssh keys from them."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1507
+#: sssd.conf.5.xml:1557
 msgid "PAC responder configuration options"
 msgstr "Opciones de configuración del respondedor PAC"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1509
+#: sssd.conf.5.xml:1559
 msgid ""
 "The PAC responder works together with the authorization data plugin for MIT "
 "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -2076,7 +2131,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1518
+#: sssd.conf.5.xml:1568
 msgid ""
 "If the remote user does not exist in the cache, it is created. The UID is "
 "determined with the help of the SID, trusted domains will have UPGs and the "
@@ -2087,24 +2142,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1526
+#: sssd.conf.5.xml:1576
 msgid ""
 "If there are SIDs of groups from domains sssd knows about, the user will be "
 "added to those groups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1532
+#: sssd.conf.5.xml:1582
 msgid "These options can be used to configure the PAC responder."
 msgstr "Estas opciones pueden ser usadas para configurar el respondedor PAC."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1536 sssd-ifp.5.xml:50
+#: sssd.conf.5.xml:1586 sssd-ifp.5.xml:50
 msgid "allowed_uids (string)"
 msgstr "allowed_uids (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1539
+#: sssd.conf.5.xml:1589
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -2114,14 +2169,14 @@ msgstr ""
 "usuario que tiene el acceso permitido al respondedor PAC."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1545
+#: sssd.conf.5.xml:1595
 msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
 msgstr ""
 "Por defecto: 0 (sólo el usuario root tiene permitido el acceso al "
 "respondedor PAC)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1549
+#: sssd.conf.5.xml:1599
 msgid ""
 "Please note that although the UID 0 is used as the default it will be "
 "overwritten with this option. If you still want to allow the root user to "
@@ -2134,34 +2189,24 @@ msgstr ""
 "lista de UIDs permitidas también."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1558
+#: sssd.conf.5.xml:1608
 msgid "pac_lifetime (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1561
+#: sssd.conf.5.xml:1611
 msgid ""
 "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
 "data can be used to determine the group memberships of a user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1574
-#, fuzzy
-#| msgid "PAC responder configuration options"
+#: sssd.conf.5.xml:1624
 msgid "Session recording configuration options"
-msgstr "Opciones de configuración del respondedor PAC"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1576
-#, fuzzy
-#| msgid ""
-#| "This manual page describes the configuration of the AD provider for "
-#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</"
-#| "manvolnum> </citerefentry>.  For a detailed syntax reference, refer to "
-#| "the <quote>FILE FORMAT</quote> section of the <citerefentry> "
-#| "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-#| "citerefentry> manual page."
+#: sssd.conf.5.xml:1626
 msgid ""
 "Session recording works in conjunction with <citerefentry> "
 "<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </"
@@ -2169,96 +2214,68 @@ msgid ""
 "they log in on a text terminal.  See also <citerefentry> <refentrytitle>sssd-"
 "session-recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
 msgstr ""
-"Esta página de manual describe la configuración del proveedor AD para "
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry>. Para una referencia detallada de sintaxis, vea la sección "
-"<quote>FILE FORMAT</quote> de la página de manual <citerefentry> "
-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1589
-#, fuzzy
-#| msgid "These options can be used to configure any service."
+#: sssd.conf.5.xml:1639
 msgid "These options can be used to configure session recording."
-msgstr "Estas opciones pueden usarse para configurar cualquier servicio."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1593 sssd-session-recording.5.xml:64
-#, fuzzy
-#| msgid "sudo_provider (string)"
+#: sssd.conf.5.xml:1643 sssd-session-recording.5.xml:64
 msgid "scope (string)"
-msgstr "sudo_provider (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1600 sssd-session-recording.5.xml:71
+#: sssd.conf.5.xml:1650 sssd-session-recording.5.xml:71
 msgid "\"none\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1603 sssd-session-recording.5.xml:74
+#: sssd.conf.5.xml:1653 sssd-session-recording.5.xml:74
 msgid "No users are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1608 sssd-session-recording.5.xml:79
+#: sssd.conf.5.xml:1658 sssd-session-recording.5.xml:79
 msgid "\"some\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1611 sssd-session-recording.5.xml:82
-#, fuzzy
-#| msgid ""
-#| "Append this user to groups specified by the <replaceable>GROUPS</"
-#| "replaceable> parameter.  The <replaceable>GROUPS</replaceable> parameter "
-#| "is a comma separated list of group names."
+#: sssd.conf.5.xml:1661 sssd-session-recording.5.xml:82
 msgid ""
 "Users/groups specified by <replaceable>users</replaceable> and "
 "<replaceable>groups</replaceable> options are recorded."
 msgstr ""
-"Añade este usuario a los grupos especificados por el parámetro "
-"<replaceable>GROUPS</replaceable>. El parámetro <replaceable>GROUPS</"
-"replaceable> es una lista separada por comas de nombres de grupo."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1620 sssd-session-recording.5.xml:91
+#: sssd.conf.5.xml:1670 sssd-session-recording.5.xml:91
 msgid "\"all\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1623 sssd-session-recording.5.xml:94
+#: sssd.conf.5.xml:1673 sssd-session-recording.5.xml:94
 msgid "All users are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1596 sssd-session-recording.5.xml:67
-#, fuzzy
-#| msgid ""
-#| "Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
-#| "\"0\"/>"
+#: sssd.conf.5.xml:1646 sssd-session-recording.5.xml:67
 msgid ""
 "One of the following strings specifying the scope of session recording: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
-"Opciones válidas para dominios proxy.  <placeholder type=\"variablelist\" id="
-"\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1630 sssd-session-recording.5.xml:101
-#, fuzzy
-#| msgid "Default: none"
+#: sssd.conf.5.xml:1680 sssd-session-recording.5.xml:101
 msgid "Default: \"none\""
-msgstr "Predeterminado: none"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1635 sssd-session-recording.5.xml:106
-#, fuzzy
-#| msgid "skel_dir (string)"
+#: sssd.conf.5.xml:1685 sssd-session-recording.5.xml:106
 msgid "users (string)"
-msgstr "skel_dir (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1638 sssd-session-recording.5.xml:109
+#: sssd.conf.5.xml:1688 sssd-session-recording.5.xml:109
 msgid ""
 "A comma-separated list of users which should have session recording enabled. "
 "Matches user names as returned by NSS. I.e. after the possible space "
@@ -2266,21 +2283,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1644 sssd-session-recording.5.xml:115
-#, fuzzy
-#| msgid "Default: empty, i.e. ldap_uri is used."
+#: sssd.conf.5.xml:1694 sssd-session-recording.5.xml:115
 msgid "Default: Empty. Matches no users."
-msgstr "Por defecto: vacio, esto es ldap_uri se está usando."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1649 sssd-session-recording.5.xml:120
-#, fuzzy
-#| msgid "ldap_group_name (string)"
+#: sssd.conf.5.xml:1699 sssd-session-recording.5.xml:120
 msgid "groups (string)"
-msgstr "ldap_group_name (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1652 sssd-session-recording.5.xml:123
+#: sssd.conf.5.xml:1702 sssd-session-recording.5.xml:123
 msgid ""
 "A comma-separated list of groups, members of which should have session "
 "recording enabled. Matches group names as returned by NSS. I.e. after the "
@@ -2288,7 +2301,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1658 sssd-session-recording.5.xml:129
+#: sssd.conf.5.xml:1708 sssd-session-recording.5.xml:129
 msgid ""
 "NOTE: using this option (having it set to anything) has a considerable "
 "performance cost, because each uncached request for a user requires "
@@ -2296,22 +2309,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1665 sssd-session-recording.5.xml:136
+#: sssd.conf.5.xml:1715 sssd-session-recording.5.xml:136
 msgid "Default: Empty. Matches no groups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1675
+#: sssd.conf.5.xml:1725
 msgid "DOMAIN SECTIONS"
 msgstr "SECCIONES DE DOMINIO"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1682
+#: sssd.conf.5.xml:1732
 msgid "domain_type (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1685
+#: sssd.conf.5.xml:1735
 msgid ""
 "Specifies whether the domain is meant to be used by POSIX-aware clients such "
 "as the Name Service Switch or by applications that do not need POSIX data to "
@@ -2320,14 +2333,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1693
+#: sssd.conf.5.xml:1743
 msgid ""
 "Allowed values for this option are <quote>posix</quote> and "
 "<quote>application</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1697
+#: sssd.conf.5.xml:1747
 msgid ""
 "POSIX domains are reachable by all services. Application domains are only "
 "reachable from the InfoPipe responder (see <citerefentry> "
@@ -2336,31 +2349,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1705
+#: sssd.conf.5.xml:1755
 msgid ""
 "NOTE: The application domains are currently well tested with "
 "<quote>id_provider=ldap</quote> only."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1709
+#: sssd.conf.5.xml:1759
 msgid ""
 "For an easy way to configure a non-POSIX domains, please see the "
 "<quote>Application domains</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1713
+#: sssd.conf.5.xml:1763
 msgid "Default: posix"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1719
+#: sssd.conf.5.xml:1769
 msgid "min_id,max_id (integer)"
 msgstr "min_id, max_id (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1722
+#: sssd.conf.5.xml:1772
 msgid ""
 "UID and GID limits for the domain. If a domain contains an entry that is "
 "outside these limits, it is ignored."
@@ -2369,7 +2382,7 @@ msgstr ""
 "está fuera de estos límites, ésta es ignorada."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1727
+#: sssd.conf.5.xml:1777
 msgid ""
 "For users, this affects the primary GID limit. The user will not be returned "
 "to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -2382,24 +2395,24 @@ msgstr ""
 "reportados como en espera."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1734
+#: sssd.conf.5.xml:1784
 msgid ""
 "These ID limits affect even saving entries to cache, not only returning them "
 "by name or ID."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1738
+#: sssd.conf.5.xml:1788
 msgid "Default: 1 for min_id, 0 (no limit) for max_id"
 msgstr "Predeterminado: 1 para min_id, 0 (sin límite) para max_id"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1744
+#: sssd.conf.5.xml:1794
 msgid "enumerate (bool)"
 msgstr "enumerar (bool)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1747
+#: sssd.conf.5.xml:1797
 msgid ""
 "Determines if a domain can be enumerated, that is, whether the domain can "
 "list all the users and group it contains. Note that it is not required to "
@@ -2408,38 +2421,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1755
+#: sssd.conf.5.xml:1805
 msgid "TRUE = Users and groups are enumerated"
 msgstr "TRUE = Usuarios y grupos son enumerados"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1758
+#: sssd.conf.5.xml:1808
 msgid "FALSE = No enumerations for this domain"
 msgstr "FALSE = Sin enumeraciones para este dominio"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1761 sssd.conf.5.xml:1983 sssd.conf.5.xml:2150
+#: sssd.conf.5.xml:1811 sssd.conf.5.xml:2033 sssd.conf.5.xml:2208
 msgid "Default: FALSE"
 msgstr "Predeterminado: FALSE"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1764
+#: sssd.conf.5.xml:1814
 msgid ""
 "Enumerating a domain requires SSSD to download and store ALL user and group "
 "entries from the remote server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1769
-#, fuzzy
-#| msgid ""
-#| "Note: Enabling enumeration has a moderate performance impact on SSSD "
-#| "while enumeration is running. It may take up to several minutes after "
-#| "SSSD startup to fully complete enumerations.  During this time, "
-#| "individual requests for information will go directly to LDAP, though it "
-#| "may be slow, due to the heavy enumeration processing. Saving a large "
-#| "number of entries to cache after the enumeration completes might also be "
-#| "CPU intensive as the memberships have to be recomputed."
+#: sssd.conf.5.xml:1819
 msgid ""
 "Note: Enabling enumeration has a moderate performance impact on SSSD while "
 "enumeration is running. It may take up to several minutes after SSSD startup "
@@ -2451,17 +2455,9 @@ msgid ""
 "quote> process becoming unresponsive or even restarted by the internal "
 "watchdog."
 msgstr ""
-"Nota: Habilitar la enumeración tiene un impacto en el rendimiento moderado "
-"sobre SSSD mientras la enumeración está corriendo. Puede tomar varios "
-"minutos desde que SSSD ha arrancado hasta completar todas las enumeraciones. "
-"Durante este tiempo, las peticiones de información individuales irán "
-"directamente a LDAP, aunque puede ser lento, debido al pesado proceso de "
-"enumeración. Guardar un gran número de entradas en la cache después de "
-"completar la enumeración puede también ser intenso para la CPU puesto que "
-"las afiliaciones deben ser recalculadas."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1784
+#: sssd.conf.5.xml:1834
 msgid ""
 "While the first enumeration is running, requests for the complete user or "
 "group lists may return no results until it completes."
@@ -2471,7 +2467,7 @@ msgstr ""
 "completen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1789
+#: sssd.conf.5.xml:1839
 msgid ""
 "Further, enabling enumeration may increase the time necessary to detect "
 "network disconnection, as longer timeouts are required to ensure that "
@@ -2485,7 +2481,7 @@ msgstr ""
 "específico id_provider en uso."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1797
+#: sssd.conf.5.xml:1847
 msgid ""
 "For the reasons cited above, enabling enumeration is not recommended, "
 "especially in large environments."
@@ -2494,32 +2490,32 @@ msgstr ""
 "especialmente en entornos grandes."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1805
+#: sssd.conf.5.xml:1855
 msgid "subdomain_enumerate (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1812
+#: sssd.conf.5.xml:1862
 msgid "all"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1813
+#: sssd.conf.5.xml:1863
 msgid "All discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1816
+#: sssd.conf.5.xml:1866
 msgid "none"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1817
+#: sssd.conf.5.xml:1867
 msgid "No discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1808
+#: sssd.conf.5.xml:1858
 msgid ""
 "Whether any of autodetected trusted domains should be enumerated. The "
 "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -2528,12 +2524,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1831
+#: sssd.conf.5.xml:1881
 msgid "entry_cache_timeout (integer)"
 msgstr "entry_cache_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1834
+#: sssd.conf.5.xml:1884
 msgid ""
 "How many seconds should nss_sss consider entries valid before asking the "
 "backend again"
@@ -2542,7 +2538,7 @@ msgstr ""
 "volver a consultar al backend"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1838
+#: sssd.conf.5.xml:1888
 msgid ""
 "The cache expiration timestamps are stored as attributes of individual "
 "objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -2553,17 +2549,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1851
+#: sssd.conf.5.xml:1901
 msgid "Default: 5400"
 msgstr "Predeterminado: 5400"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1857
+#: sssd.conf.5.xml:1907
 msgid "entry_cache_user_timeout (integer)"
 msgstr "entry_cache_user_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1860
+#: sssd.conf.5.xml:1910
 msgid ""
 "How many seconds should nss_sss consider user entries valid before asking "
 "the backend again"
@@ -2572,19 +2568,19 @@ msgstr ""
 "antes de preguntar al punto final otra vez."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1864 sssd.conf.5.xml:1877 sssd.conf.5.xml:1890
-#: sssd.conf.5.xml:1903 sssd.conf.5.xml:1916 sssd.conf.5.xml:1930
-#: sssd.conf.5.xml:1944
+#: sssd.conf.5.xml:1914 sssd.conf.5.xml:1927 sssd.conf.5.xml:1940
+#: sssd.conf.5.xml:1953 sssd.conf.5.xml:1966 sssd.conf.5.xml:1980
+#: sssd.conf.5.xml:1994
 msgid "Default: entry_cache_timeout"
 msgstr "Por defecto: entry_cache_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1870
+#: sssd.conf.5.xml:1920
 msgid "entry_cache_group_timeout (integer)"
 msgstr "entry_cache_group_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1873
+#: sssd.conf.5.xml:1923
 msgid ""
 "How many seconds should nss_sss consider group entries valid before asking "
 "the backend again"
@@ -2593,12 +2589,12 @@ msgstr ""
 "antes de preguntar al punto final otra vez."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1883
+#: sssd.conf.5.xml:1933
 msgid "entry_cache_netgroup_timeout (integer)"
 msgstr "entry_cache_netgroup_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1886
+#: sssd.conf.5.xml:1936
 msgid ""
 "How many seconds should nss_sss consider netgroup entries valid before "
 "asking the backend again"
@@ -2607,12 +2603,12 @@ msgstr ""
 "válidas antes de preguntar al punto final otra vez."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1896
+#: sssd.conf.5.xml:1946
 msgid "entry_cache_service_timeout (integer)"
 msgstr "entry_cache_service_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1899
+#: sssd.conf.5.xml:1949
 msgid ""
 "How many seconds should nss_sss consider service entries valid before asking "
 "the backend again"
@@ -2621,12 +2617,12 @@ msgstr ""
 "antes de preguntar al punto final otra vez."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1909
+#: sssd.conf.5.xml:1959
 msgid "entry_cache_sudo_timeout (integer)"
 msgstr "entry_cache_sudo_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:1962
 msgid ""
 "How many seconds should sudo consider rules valid before asking the backend "
 "again"
@@ -2635,12 +2631,12 @@ msgstr ""
 "preguntar al backend otra vez."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1922
+#: sssd.conf.5.xml:1972
 msgid "entry_cache_autofs_timeout (integer)"
 msgstr "entry_cache_autofs_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1925
+#: sssd.conf.5.xml:1975
 msgid ""
 "How many seconds should the autofs service consider automounter maps valid "
 "before asking the backend again"
@@ -2649,71 +2645,71 @@ msgstr ""
 "automontaje válidos antes de preguntar al punto final otra vez."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1936
+#: sssd.conf.5.xml:1986
 msgid "entry_cache_ssh_host_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1939
+#: sssd.conf.5.xml:1989
 msgid ""
 "How many seconds to keep a host ssh key after refresh. IE how long to cache "
 "the host key for."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1950
+#: sssd.conf.5.xml:2000
 msgid "refresh_expired_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1953
+#: sssd.conf.5.xml:2003
 msgid ""
 "Specifies how many seconds SSSD has to wait before triggering a background "
 "refresh task which will refresh all expired or nearly expired records."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1958
+#: sssd.conf.5.xml:2008
 msgid ""
 "The background refresh will process users, groups and netgroups in the cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1962
+#: sssd.conf.5.xml:2012
 msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1966 sssd-ldap.5.xml:746 sssd-ipa.5.xml:254
+#: sssd.conf.5.xml:2016 sssd-ldap.5.xml:746 sssd-ipa.5.xml:254
 msgid "Default: 0 (disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1972
+#: sssd.conf.5.xml:2022
 msgid "cache_credentials (bool)"
 msgstr "cache_credentials (bool)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1975
+#: sssd.conf.5.xml:2025
 msgid "Determines if user credentials are also cached in the local LDB cache"
 msgstr ""
 "Determina si las credenciales del usuario están también escondidas en el "
 "cache LDB local"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1979
+#: sssd.conf.5.xml:2029
 msgid "User credentials are stored in a SHA512 hash, not in plaintext"
 msgstr ""
 "Las credenciales de usuario son almacenadas en un hash SHA512, no en texto "
 "plano"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1989
+#: sssd.conf.5.xml:2039
 msgid "cache_credentials_minimal_first_factor_length (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1992
+#: sssd.conf.5.xml:2042
 msgid ""
 "If 2-Factor-Authentication (2FA) is used and credentials should be saved "
 "this value determines the minimal length the first authentication factor "
@@ -2721,24 +2717,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1999
+#: sssd.conf.5.xml:2049
 msgid ""
 "This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
 "the cache which would make them easy targets for brute-force attacks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2004
+#: sssd.conf.5.xml:2054
 msgid "Default: 8"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2010
+#: sssd.conf.5.xml:2060
 msgid "account_cache_expiration (integer)"
 msgstr "account_cache_expiration (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2013
+#: sssd.conf.5.xml:2063
 msgid ""
 "Number of days entries are left in cache after last successful login before "
 "being removed during a cleanup of the cache. 0 means keep forever.  The "
@@ -2751,17 +2747,17 @@ msgstr ""
 "grande o igual que offline_credentials_expiration."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2020
+#: sssd.conf.5.xml:2070
 msgid "Default: 0 (unlimited)"
 msgstr "Predeterminado: 0 (ilimitado)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2025
+#: sssd.conf.5.xml:2075
 msgid "pwd_expiration_warning (integer)"
 msgstr "pwd_expiration_warning (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2036
+#: sssd.conf.5.xml:2086
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -2774,17 +2770,17 @@ msgstr ""
 "configurar un proveedor de autorización para el backend."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2043
+#: sssd.conf.5.xml:2093
 msgid "Default: 7 (Kerberos), 0 (LDAP)"
 msgstr "Por defecto: 7 (Kerberos), 0 (LDAP)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2049
+#: sssd.conf.5.xml:2099
 msgid "id_provider (string)"
 msgstr "id_provider (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2052
+#: sssd.conf.5.xml:2102
 msgid ""
 "The identification provider used for the domain.  Supported ID providers are:"
 msgstr ""
@@ -2792,17 +2788,38 @@ msgstr ""
 "soportados son:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2056
-msgid "<quote>proxy</quote>: Support a legacy NSS provider"
+#: sssd.conf.5.xml:2106
+#, fuzzy
+#| msgid "<quote>proxy</quote>: Support a legacy NSS provider"
+msgid "<quote>proxy</quote>: Support a legacy NSS provider."
 msgstr "<quote>proxy</quote>: Soporta un proveedor NSS legado"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2059 sssd.conf.5.xml:2196
-msgid "<quote>local</quote>: SSSD internal provider for local users"
+#: sssd.conf.5.xml:2109
+#, fuzzy
+#| msgid "<quote>local</quote>: SSSD internal provider for local users"
+msgid ""
+"<quote>local</quote>: SSSD internal provider for local users (DEPRECATED)."
 msgstr "<quote>local</quote>: Proveedor interno SSSD para usuarios locales"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2063
+#: sssd.conf.5.xml:2113
+#, fuzzy
+#| msgid ""
+#| "<quote>ldap</quote>: LDAP provider. See <citerefentry> "
+#| "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
+#| "citerefentry> for more information on configuring LDAP."
+msgid ""
+"<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-"
+"files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
+"information on how to mirror local users and groups into SSSD."
+msgstr ""
+"<quote>ldap</quote>: Proveedor LDAP. Vea <citerefentry> <refentrytitle>sssd-"
+"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> para más "
+"información sobre la configuración de LDAP."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2121
 msgid ""
 "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
 "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -2813,8 +2830,8 @@ msgstr ""
 "información sobre la configuración de LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2071 sssd.conf.5.xml:2176 sssd.conf.5.xml:2231
-#: sssd.conf.5.xml:2294
+#: sssd.conf.5.xml:2129 sssd.conf.5.xml:2234 sssd.conf.5.xml:2289
+#: sssd.conf.5.xml:2352
 msgid ""
 "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
 "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -2827,8 +2844,8 @@ msgstr ""
 "configuración de FreeIPA."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2080 sssd.conf.5.xml:2185 sssd.conf.5.xml:2240
-#: sssd.conf.5.xml:2303
+#: sssd.conf.5.xml:2138 sssd.conf.5.xml:2243 sssd.conf.5.xml:2298
+#: sssd.conf.5.xml:2361
 msgid ""
 "<quote>ad</quote>: Active Directory provider. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2840,12 +2857,12 @@ msgstr ""
 "Directory."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2091
+#: sssd.conf.5.xml:2149
 msgid "use_fully_qualified_names (bool)"
 msgstr "use_fully_qualified_names (bool)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2094
+#: sssd.conf.5.xml:2152
 msgid ""
 "Use the full name and domain (as formatted by the domain's full_name_format) "
 "as the user's login name reported to NSS."
@@ -2855,7 +2872,7 @@ msgstr ""
 "NSS."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2099
+#: sssd.conf.5.xml:2157
 msgid ""
 "If set to TRUE, all requests to this domain must use fully qualified names. "
 "For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -2869,7 +2886,7 @@ msgstr ""
 "command> lo haría."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2107
+#: sssd.conf.5.xml:2165
 msgid ""
 "NOTE: This option has no effect on netgroup lookups due to their tendency to "
 "include nested netgroups without qualified names. For netgroups, all domains "
@@ -2877,22 +2894,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2114
+#: sssd.conf.5.xml:2172
 msgid "Default: FALSE (TRUE if default_domain_suffix is used)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2120
+#: sssd.conf.5.xml:2178
 msgid "ignore_group_members (bool)"
 msgstr "ignore_group_members (bool)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2123
+#: sssd.conf.5.xml:2181
 msgid "Do not return group members for group lookups."
 msgstr "No devuelve miembros de grupo para búsquedas de grupo."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2126
+#: sssd.conf.5.xml:2184
 msgid ""
 "If set to TRUE, the group membership attribute is not requested from the "
 "ldap server, and group members are not returned when processing group lookup "
@@ -2904,7 +2921,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2144
+#: sssd.conf.5.xml:2202
 msgid ""
 "Enabling this option can also make access provider checks for group "
 "membership significantly faster, especially for groups containing many "
@@ -2912,12 +2929,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2155
+#: sssd.conf.5.xml:2213
 msgid "auth_provider (string)"
 msgstr "auth_provider (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2158
+#: sssd.conf.5.xml:2216
 msgid ""
 "The authentication provider used for the domain.  Supported auth providers "
 "are:"
@@ -2926,7 +2943,7 @@ msgstr ""
 "autenticación soportados son:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2162 sssd.conf.5.xml:2224
+#: sssd.conf.5.xml:2220 sssd.conf.5.xml:2282
 msgid ""
 "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2937,7 +2954,7 @@ msgstr ""
 "citerefentry> para más información sobre la configuración LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2169
+#: sssd.conf.5.xml:2227
 msgid ""
 "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2948,7 +2965,7 @@ msgstr ""
 "citerefentry> para más información sobre la configuración de Kerberos."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2193
+#: sssd.conf.5.xml:2251
 msgid ""
 "<quote>proxy</quote> for relaying authentication to some other PAM target."
 msgstr ""
@@ -2956,12 +2973,17 @@ msgstr ""
 "objetivo PAM."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2200
+#: sssd.conf.5.xml:2254
+msgid "<quote>local</quote>: SSSD internal provider for local users"
+msgstr "<quote>local</quote>: Proveedor interno SSSD para usuarios locales"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2258
 msgid "<quote>none</quote> disables authentication explicitly."
 msgstr "<quote>none</quote> deshabilita la autenticación explícitamente."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2203
+#: sssd.conf.5.xml:2261
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "authentication requests."
@@ -2970,12 +2992,12 @@ msgstr ""
 "manejar las peticiones de autenticación."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2209
+#: sssd.conf.5.xml:2267
 msgid "access_provider (string)"
 msgstr "access_provider (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2212
+#: sssd.conf.5.xml:2270
 msgid ""
 "The access control provider used for the domain.  There are two built-in "
 "access providers (in addition to any included in installed backends)  "
@@ -2986,7 +3008,7 @@ msgstr ""
 "proveedores especiales internos son:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2218
+#: sssd.conf.5.xml:2276
 msgid ""
 "<quote>permit</quote> always allow access. It's the only permitted access "
 "provider for a local domain."
@@ -2995,12 +3017,12 @@ msgstr ""
 "sólo permitido para un dominio local."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2221
+#: sssd.conf.5.xml:2279
 msgid "<quote>deny</quote> always deny access."
 msgstr "<quote>deny</quote> siempre niega el acceso."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2248
+#: sssd.conf.5.xml:2306
 msgid ""
 "<quote>simple</quote> access control based on access or deny lists. See "
 "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -3013,7 +3035,7 @@ msgstr ""
 "configuración del módulo de acceso sencillo."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2255
+#: sssd.conf.5.xml:2313
 msgid ""
 "<quote>krb5</quote>: .k5login based access control.  See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
@@ -3021,22 +3043,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2262
+#: sssd.conf.5.xml:2320
 msgid "<quote>proxy</quote> for relaying access control to another PAM module."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2265
+#: sssd.conf.5.xml:2323
 msgid "Default: <quote>permit</quote>"
 msgstr "Predeterminado: <quote>permit</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2270
+#: sssd.conf.5.xml:2328
 msgid "chpass_provider (string)"
 msgstr "chpass_provider (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2273
+#: sssd.conf.5.xml:2331
 msgid ""
 "The provider which should handle change password operations for the domain.  "
 "Supported change password providers are:"
@@ -3045,7 +3067,7 @@ msgstr ""
 "el dominio. Los proveedores de cambio de passweord soportados son:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2278
+#: sssd.conf.5.xml:2336
 msgid ""
 "<quote>ldap</quote> to change a password stored in a LDAP server. See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -3053,7 +3075,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2286
+#: sssd.conf.5.xml:2344
 msgid ""
 "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3064,7 +3086,7 @@ msgstr ""
 "citerefentry> para más información sobre configurar Kerberos."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2311
+#: sssd.conf.5.xml:2369
 msgid ""
 "<quote>proxy</quote> for relaying password changes to some other PAM target."
 msgstr ""
@@ -3072,13 +3094,13 @@ msgstr ""
 "otros objetivos PAM."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2315
+#: sssd.conf.5.xml:2373
 msgid "<quote>none</quote> disallows password changes explicitly."
 msgstr ""
 "<quote>none</quote> deniega explícitamente los cambios en la contraseña."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2318
+#: sssd.conf.5.xml:2376
 msgid ""
 "Default: <quote>auth_provider</quote> is used if it is set and can handle "
 "change password requests."
@@ -3087,18 +3109,18 @@ msgstr ""
 "puede manejar las peticiones de cambio de password."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2325
+#: sssd.conf.5.xml:2383
 msgid "sudo_provider (string)"
 msgstr "sudo_provider (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2328
+#: sssd.conf.5.xml:2386
 msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
 msgstr ""
 "El proveedor SUDO usado por el dominio. Los proveedores SUDO soportados son:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2332
+#: sssd.conf.5.xml:2390
 msgid ""
 "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3109,33 +3131,33 @@ msgstr ""
 "citerefentry> para más información sobre la configuración LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2340
+#: sssd.conf.5.xml:2398
 msgid ""
 "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2344
+#: sssd.conf.5.xml:2402
 msgid ""
 "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2348
+#: sssd.conf.5.xml:2406
 msgid "<quote>none</quote> disables SUDO explicitly."
 msgstr "<quote>none</quote>deshabilita SUDO explícitamente."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2351 sssd.conf.5.xml:2437 sssd.conf.5.xml:2507
-#: sssd.conf.5.xml:2532
+#: sssd.conf.5.xml:2409 sssd.conf.5.xml:2495 sssd.conf.5.xml:2565
+#: sssd.conf.5.xml:2590
 msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
 msgstr ""
 "Por defecto: el valor de <quote>id_provider</quote> se usa si está fijado."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2355
+#: sssd.conf.5.xml:2413
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -3146,7 +3168,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2370
+#: sssd.conf.5.xml:2428
 msgid ""
 "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the "
 "background unless the sudo provider is explicitly disabled. Set "
@@ -3155,12 +3177,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2380
+#: sssd.conf.5.xml:2438
 msgid "selinux_provider (string)"
 msgstr "selinux_provider (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2383
+#: sssd.conf.5.xml:2441
 msgid ""
 "The provider which should handle loading of selinux settings. Note that this "
 "provider will be called right after access provider ends.  Supported selinux "
@@ -3171,7 +3193,7 @@ msgstr ""
 "finalice. Los proveedores selinux soportados son:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2389
+#: sssd.conf.5.xml:2447
 msgid ""
 "<quote>ipa</quote> to load selinux settings from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -3183,14 +3205,14 @@ msgstr ""
 "IPA."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2397
+#: sssd.conf.5.xml:2455
 msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
 msgstr ""
 "<quote>none</quote> deshabilita ir a buscar los ajustes selinux "
 "explícitamente."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2400
+#: sssd.conf.5.xml:2458
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "selinux loading requests."
@@ -3199,12 +3221,12 @@ msgstr ""
 "manejar las peticiones de carga selinux."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2406
+#: sssd.conf.5.xml:2464
 msgid "subdomains_provider (string)"
 msgstr "subdomains_provider (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2409
+#: sssd.conf.5.xml:2467
 msgid ""
 "The provider which should handle fetching of subdomains. This value should "
 "be always the same as id_provider.  Supported subdomain providers are:"
@@ -3214,7 +3236,7 @@ msgstr ""
 "soportados son:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2415
+#: sssd.conf.5.xml:2473
 msgid ""
 "<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -3226,7 +3248,7 @@ msgstr ""
 "configuración de IPA."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2424
+#: sssd.conf.5.xml:2482
 msgid ""
 "<quote>ad</quote> to load a list of subdomains from an Active Directory "
 "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -3235,20 +3257,18 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2433
+#: sssd.conf.5.xml:2491
 msgid "<quote>none</quote> disallows fetching subdomains explicitly."
 msgstr ""
 "<quote>none</quote> deshabilita el buscador de subdominios explícitamente."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2443
-#, fuzzy
-#| msgid "selinux_provider (string)"
+#: sssd.conf.5.xml:2501
 msgid "session_provider (string)"
-msgstr "selinux_provider (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2446
+#: sssd.conf.5.xml:2504
 msgid ""
 "The provider which configures and manages user session related tasks. The "
 "only user session task currently provided is the integration with Fleet "
@@ -3256,43 +3276,37 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2453
+#: sssd.conf.5.xml:2511
 msgid "<quote>ipa</quote> to allow performing user session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2457
+#: sssd.conf.5.xml:2515
 msgid ""
 "<quote>none</quote> does not perform any kind of user session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2461
-#, fuzzy
-#| msgid ""
-#| "Default: <quote>id_provider</quote> is used if it is set and can handle "
-#| "selinux loading requests."
+#: sssd.conf.5.xml:2519
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can perform "
 "session related tasks."
 msgstr ""
-"Por defecto: <quote>id_provider</quote> se usa si está fijado y puede "
-"manejar las peticiones de carga selinux."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2465
+#: sssd.conf.5.xml:2523
 msgid ""
 "<emphasis>NOTE:</emphasis> In order to have this feature working as expected "
 "SSSD must be running as \"root\" and not as the unprivileged user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2473
+#: sssd.conf.5.xml:2531
 msgid "autofs_provider (string)"
 msgstr "autofs_provider (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2476
+#: sssd.conf.5.xml:2534
 msgid ""
 "The autofs provider used for the domain.  Supported autofs providers are:"
 msgstr ""
@@ -3300,7 +3314,7 @@ msgstr ""
 "son:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2480
+#: sssd.conf.5.xml:2538
 msgid ""
 "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3312,7 +3326,7 @@ msgstr ""
 "LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2487
+#: sssd.conf.5.xml:2545
 msgid ""
 "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
 "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3324,7 +3338,7 @@ msgstr ""
 "IPA."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2495
+#: sssd.conf.5.xml:2553
 msgid ""
 "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3332,17 +3346,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2504
+#: sssd.conf.5.xml:2562
 msgid "<quote>none</quote> disables autofs explicitly."
 msgstr "<quote>none</quote> deshabilita autofs explícitamente."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2514
+#: sssd.conf.5.xml:2572
 msgid "hostid_provider (string)"
 msgstr "hostid_provider (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2517
+#: sssd.conf.5.xml:2575
 msgid ""
 "The provider used for retrieving host identity information.  Supported "
 "hostid providers are:"
@@ -3351,7 +3365,7 @@ msgstr ""
 "proveedores de hostid soportados son:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2521
+#: sssd.conf.5.xml:2579
 msgid ""
 "<quote>ipa</quote> to load host identity stored in an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -3363,12 +3377,12 @@ msgstr ""
 "configuración de IPA."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2529
+#: sssd.conf.5.xml:2587
 msgid "<quote>none</quote> disables hostid explicitly."
 msgstr "<quote>none</quote> deshabilita hostid explícitamente."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2542
+#: sssd.conf.5.xml:2600
 msgid ""
 "Regular expression for this domain that describes how to parse the string "
 "containing user name and domain into these components.  The \"domain\" can "
@@ -3378,7 +3392,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2551
+#: sssd.conf.5.xml:2609
 msgid ""
 "Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
 "\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -3391,22 +3405,22 @@ msgstr ""
 "nombres de usuario:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2556
+#: sssd.conf.5.xml:2614
 msgid "username"
 msgstr "nombre de usuario"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2559
+#: sssd.conf.5.xml:2617
 msgid "username@domain.name"
 msgstr "username@domain.name"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2562
+#: sssd.conf.5.xml:2620
 msgid "domain\\username"
 msgstr "dominio/nombre_de_usuario"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2565
+#: sssd.conf.5.xml:2623
 msgid ""
 "While the first two correspond to the general default the third one is "
 "introduced to allow easy integration of users from Windows domains."
@@ -3416,7 +3430,7 @@ msgstr ""
 "dominios Windows."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2570
+#: sssd.conf.5.xml:2628
 msgid ""
 "Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
 "which translates to \"the name is everything up to the <quote>@</quote> "
@@ -3427,7 +3441,7 @@ msgstr ""
 "el nombre, el dominio es el resto detrás de este signo\""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2576
+#: sssd.conf.5.xml:2634
 msgid ""
 "PLEASE NOTE: the support for non-unique named subpatterns is not available "
 "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -3439,7 +3453,7 @@ msgstr ""
 "subplantillas sin nombre único."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2583
+#: sssd.conf.5.xml:2641
 msgid ""
 "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
 "P&lt;name&gt;) to label subpatterns."
@@ -3448,17 +3462,17 @@ msgstr ""
 "soportan la sintaxis Python  (?P&lt;name&gt;) para identificar subpatrones."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2630
+#: sssd.conf.5.xml:2688
 msgid "Default: <quote>%1$s@%2$s</quote>."
 msgstr "Predeterminado: <quote>%1$s@%2$s</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2636
+#: sssd.conf.5.xml:2694
 msgid "lookup_family_order (string)"
 msgstr "lookup_family_order (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2639
+#: sssd.conf.5.xml:2697
 msgid ""
 "Provides the ability to select preferred address family to use when "
 "performing DNS lookups."
@@ -3467,77 +3481,69 @@ msgstr ""
 "a usar cuando se lleven a cabo búsquedas DNS."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2643
+#: sssd.conf.5.xml:2701
 msgid "Supported values:"
 msgstr "Valores soportados:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2646
+#: sssd.conf.5.xml:2704
 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
 msgstr "ipv4_first: Intenta buscar dirección IPv4, si falla, intenta IPv6"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2649
+#: sssd.conf.5.xml:2707
 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
 msgstr "ipv4_only: Sólo intenta resolver nombres de host a direccones IPv4."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2652
+#: sssd.conf.5.xml:2710
 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
 msgstr "ipv6_first: Intenta buscar dirección IPv6, si falla, intenta IPv4"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2655
+#: sssd.conf.5.xml:2713
 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
 msgstr "ipv6_only: Sólo intenta resolver nombres de host a direccones IPv6."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2658
+#: sssd.conf.5.xml:2716
 msgid "Default: ipv4_first"
 msgstr "Predeterminado: ipv4_first"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2664
+#: sssd.conf.5.xml:2722
 msgid "dns_resolver_timeout (integer)"
 msgstr "dns_resolver_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2667
-#, fuzzy
-#| msgid ""
-#| "Defines the amount of time (in seconds) to wait for a reply from the DNS "
-#| "resolver before assuming that it is unreachable. If this timeout is "
-#| "reached, the domain will continue to operate in offline mode."
+#: sssd.conf.5.xml:2725
 msgid ""
 "Defines the amount of time (in seconds) to wait for a reply from the "
 "internal fail over service before assuming that the service is unreachable. "
 "If this timeout is reached, the domain will continue to operate in offline "
 "mode."
 msgstr ""
-"Define la cantidad de tiempo (en segundos) para esperar una respuesta desde "
-"el DNS antes de asumir que es inalcanzable. Si se alcanza este tiempo de "
-"espera, el dominio continuará operativo en modo fuera de línea."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2674
+#: sssd.conf.5.xml:2732
 msgid ""
 "Please see the section <quote>FAILOVER</quote> for more information about "
 "the service resolution."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2679 sssd-ldap.5.xml:1396 sssd-ldap.5.xml:1438
+#: sssd.conf.5.xml:2737 sssd-ldap.5.xml:1396 sssd-ldap.5.xml:1438
 #: sssd-ldap.5.xml:1456 sssd-krb5.5.xml:248
 msgid "Default: 6"
 msgstr "Predeterminado: 6"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2685
+#: sssd.conf.5.xml:2743
 msgid "dns_discovery_domain (string)"
 msgstr "dns_discovery_domain (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2688
+#: sssd.conf.5.xml:2746
 msgid ""
 "If service discovery is used in the back end, specifies the domain part of "
 "the service discovery DNS query."
@@ -3546,53 +3552,53 @@ msgstr ""
 "de dominio de la pregunta al descubridor de servicio DNS."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2692
+#: sssd.conf.5.xml:2750
 msgid "Default: Use the domain part of machine's hostname"
 msgstr ""
 "Predeterminado: Utilizar la parte del dominio del nombre de host del equipo"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2698
+#: sssd.conf.5.xml:2756
 msgid "override_gid (integer)"
 msgstr "override_gid (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2701
+#: sssd.conf.5.xml:2759
 msgid "Override the primary GID value with the one specified."
 msgstr "Anula el valor primario GID con el especificado."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2707
+#: sssd.conf.5.xml:2765
 msgid "case_sensitive (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2715
+#: sssd.conf.5.xml:2773
 msgid "True"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2718
+#: sssd.conf.5.xml:2776
 msgid "Case sensitive. This value is invalid for AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2724
+#: sssd.conf.5.xml:2782
 msgid "False"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2726
+#: sssd.conf.5.xml:2784
 msgid "Case insensitive."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2730
+#: sssd.conf.5.xml:2788
 msgid "Preserving"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2733
+#: sssd.conf.5.xml:2791
 msgid ""
 "Same as False (case insensitive), but does not lowercase names in the result "
 "of NSS operations. Note that name aliases (and in case of services also "
@@ -3600,7 +3606,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2710
+#: sssd.conf.5.xml:2768
 msgid ""
 "Treat user and group names as case sensitive. At the moment, this option is "
 "not supported in the local provider. Possible option values are: "
@@ -3608,17 +3614,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2745
+#: sssd.conf.5.xml:2803
 msgid "Default: True (False for AD provider)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2751
+#: sssd.conf.5.xml:2809
 msgid "subdomain_inherit (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2754
+#: sssd.conf.5.xml:2812
 msgid ""
 "Specifies a list of configuration parameters that should be inherited by a "
 "subdomain. Please note that only selected parameters can be inherited.  "
@@ -3626,34 +3632,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2760
+#: sssd.conf.5.xml:2818
 msgid "ignore_group_members"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2763
+#: sssd.conf.5.xml:2821
 msgid "ldap_purge_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2766 sssd-ldap.5.xml:1120
+#: sssd.conf.5.xml:2824 sssd-ldap.5.xml:1120
 msgid "ldap_use_tokengroups"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2769
+#: sssd.conf.5.xml:2827
 msgid "ldap_user_principal"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2772
+#: sssd.conf.5.xml:2830
 msgid ""
 "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
 "is not set explicitly)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:2778
+#: sssd.conf.5.xml:2836
 #, no-wrap
 msgid ""
 "subdomain_inherit = ldap_purge_cache_timeout\n"
@@ -3661,32 +3667,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2776 sssd-secrets.5.xml:448
+#: sssd.conf.5.xml:2834 sssd-secrets.5.xml:448
 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2785
+#: sssd.conf.5.xml:2843
 msgid "Note: This option only works with the IPA and AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2792
+#: sssd.conf.5.xml:2850
 msgid "subdomain_homedir (string)"
 msgstr "subdomain_homedir (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2803
+#: sssd.conf.5.xml:2861
 msgid "%F"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2804
+#: sssd.conf.5.xml:2862
 msgid "flat (NetBIOS) name of a subdomain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2795
+#: sssd.conf.5.xml:2853
 msgid ""
 "Use this homedir as default value for all subdomains within this domain in "
 "IPA AD trust.  See <emphasis>override_homedir</emphasis> for info about "
@@ -3696,7 +3702,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2809
+#: sssd.conf.5.xml:2867
 msgid ""
 "The value can be overridden by <emphasis>override_homedir</emphasis> option."
 msgstr ""
@@ -3704,28 +3710,28 @@ msgstr ""
 "emphasis>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2813
+#: sssd.conf.5.xml:2871
 msgid "Default: <filename>/home/%d/%u</filename>"
 msgstr "Por defecto: <filename>/home/%d/%u</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2818
+#: sssd.conf.5.xml:2876
 msgid "realmd_tags (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2821
+#: sssd.conf.5.xml:2879
 msgid ""
 "Various tags stored by the realmd configuration service for this domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2827
+#: sssd.conf.5.xml:2885
 msgid "cached_auth_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2830
+#: sssd.conf.5.xml:2888
 msgid ""
 "Specifies time in seconds since last successful online authentication for "
 "which user will be authenticated using cached credentials while SSSD is in "
@@ -3733,12 +3739,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2836
+#: sssd.conf.5.xml:2894
 msgid "Special value 0 implies that this feature is disabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2840
+#: sssd.conf.5.xml:2898
 msgid ""
 "Please note that if <quote>cached_auth_timeout</quote> is longer than "
 "<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -3746,28 +3752,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2851
-#, fuzzy
-#| msgid "autofs_provider (string)"
+#: sssd.conf.5.xml:2909
 msgid "auto_private_groups (string)"
-msgstr "autofs_provider (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2854
+#: sssd.conf.5.xml:2912
 msgid ""
 "If this option is enabled, SSSD will automatically create user private "
 "groups based on user's UID number. The GID number is ignored in this case."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2859
+#: sssd.conf.5.xml:2917
 msgid ""
 "For POSIX subdomains, setting the option in the main domain is inherited in "
 "the subdomain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2863
+#: sssd.conf.5.xml:2921
 msgid ""
 "For ID-mapping subdomains, auto_private_groups is already enabled for the "
 "subdomains and setting it to false will not have any effect for the "
@@ -3775,7 +3779,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2868
+#: sssd.conf.5.xml:2926
 msgid ""
 "NOTE: Because the GID number and the user private group are inferred from "
 "the UID number, it is not supported to have multiple entries with the same "
@@ -3784,7 +3788,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1677
+#: sssd.conf.5.xml:1727
 msgid ""
 "These configuration options can be present in a domain configuration "
 "section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -3796,17 +3800,17 @@ msgstr ""
 "id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2887
+#: sssd.conf.5.xml:2945
 msgid "proxy_pam_target (string)"
 msgstr "proxy_pam_target (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2890
+#: sssd.conf.5.xml:2948
 msgid "The proxy target PAM proxies to."
 msgstr "El proxy de destino PAM próximo a."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2893
+#: sssd.conf.5.xml:2951
 msgid ""
 "Default: not set by default, you have to take an existing pam configuration "
 "or create a new one and add the service name here."
@@ -3815,12 +3819,12 @@ msgstr ""
 "pam existente o crear una nueva y añadir el nombre de servicio aquí."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2901
+#: sssd.conf.5.xml:2959
 msgid "proxy_lib_name (string)"
 msgstr "proxy_lib_name (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2904
+#: sssd.conf.5.xml:2962
 msgid ""
 "The name of the NSS library to use in proxy domains. The NSS functions "
 "searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -3831,12 +3835,12 @@ msgstr ""
 "$(function), por ejemplo _nss_files_getpwent."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2914
+#: sssd.conf.5.xml:2972
 msgid "proxy_fast_alias (boolean)"
 msgstr "proxy_fast_alias (booleano)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2917
+#: sssd.conf.5.xml:2975
 msgid ""
 "When a user or group is looked up by name in the proxy provider, a second "
 "lookup by ID is performed to \"canonicalize\" the name in case the requested "
@@ -3850,12 +3854,12 @@ msgstr ""
 "razones de rendimiento."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2931
+#: sssd.conf.5.xml:2989
 msgid "proxy_max_children (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2934
+#: sssd.conf.5.xml:2992
 msgid ""
 "This option specifies the number of pre-forked proxy children. It is useful "
 "for high-load SSSD environments where sssd may run out of available child "
@@ -3863,7 +3867,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2883
+#: sssd.conf.5.xml:2941
 msgid ""
 "Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
 "\"0\"/>"
@@ -3872,12 +3876,12 @@ msgstr ""
 "\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2950
+#: sssd.conf.5.xml:3008
 msgid "Application domains"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2952
+#: sssd.conf.5.xml:3010
 msgid ""
 "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</"
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to "
@@ -3894,7 +3898,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2972
+#: sssd.conf.5.xml:3030
 msgid ""
 "Please note that the application domain must still be explicitly enabled in "
 "the <quote>domains</quote> parameter so that the lookup order between the "
@@ -3902,17 +3906,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:2978
+#: sssd.conf.5.xml:3036
 msgid "Application domain parameters"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2980
+#: sssd.conf.5.xml:3038
 msgid "inherit_from (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2983
+#: sssd.conf.5.xml:3041
 msgid ""
 "The SSSD POSIX-type domain the application domain inherits all settings "
 "from. The application domain can moreover add its own settings to the "
@@ -3921,7 +3925,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2997
+#: sssd.conf.5.xml:3055
 msgid ""
 "The following example illustrates the use of an application domain. In this "
 "setup, the POSIX domain is connected to an LDAP server and is used by the OS "
@@ -3931,7 +3935,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting>
-#: sssd.conf.5.xml:3005
+#: sssd.conf.5.xml:3063
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -3951,12 +3955,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:3023
+#: sssd.conf.5.xml:3081
 msgid "The local domain section"
 msgstr "La sección de dominio local"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:3025
+#: sssd.conf.5.xml:3083
 msgid ""
 "This section contains settings for domain that stores users and groups in "
 "SSSD native database, that is, a domain that uses "
@@ -3967,29 +3971,29 @@ msgstr ""
 "utiliza <replaceable>id_provider=local</replaceable>."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3032
+#: sssd.conf.5.xml:3090
 msgid "default_shell (string)"
 msgstr "default_shell (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3035
+#: sssd.conf.5.xml:3093
 msgid "The default shell for users created with SSSD userspace tools."
 msgstr ""
 "El shell predeterminado para los usuarios creados con herramientas de "
 "espacio de usuario SSSD."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3039
+#: sssd.conf.5.xml:3097
 msgid "Default: <filename>/bin/bash</filename>"
 msgstr "Predeterminado: <filename>/bin/bash</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3044
+#: sssd.conf.5.xml:3102
 msgid "base_directory (string)"
 msgstr "base_directory (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3047
+#: sssd.conf.5.xml:3105
 msgid ""
 "The tools append the login name to <replaceable>base_directory</replaceable> "
 "and use that as the home directory."
@@ -3999,17 +4003,17 @@ msgstr ""
 "de inicio."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3052
+#: sssd.conf.5.xml:3110
 msgid "Default: <filename>/home</filename>"
 msgstr "Predeterminado: <filename>/home</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3057
+#: sssd.conf.5.xml:3115
 msgid "create_homedir (bool)"
 msgstr "create_homedir (bool)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3060
+#: sssd.conf.5.xml:3118
 msgid ""
 "Indicate if a home directory should be created by default for new users.  "
 "Can be overridden on command line."
@@ -4018,17 +4022,17 @@ msgstr ""
 "Puede ser anulado desde la línea de comando."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3064 sssd.conf.5.xml:3076
+#: sssd.conf.5.xml:3122 sssd.conf.5.xml:3134
 msgid "Default: TRUE"
 msgstr "Predeterminado: TRUE"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3069
+#: sssd.conf.5.xml:3127
 msgid "remove_homedir (bool)"
 msgstr "remove_homedir (bool)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3072
+#: sssd.conf.5.xml:3130
 msgid ""
 "Indicate if a home directory should be removed by default for deleted "
 "users.  Can be overridden on command line."
@@ -4037,12 +4041,12 @@ msgstr ""
 "borrados. Puede ser anulado desde la línea de comando."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3081
+#: sssd.conf.5.xml:3139
 msgid "homedir_umask (integer)"
 msgstr "homedir_umask (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3084
+#: sssd.conf.5.xml:3142
 msgid ""
 "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
 "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -4053,17 +4057,17 @@ msgstr ""
 "predeterminados en un directorio de inicio recién creado."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3092
+#: sssd.conf.5.xml:3150
 msgid "Default: 077"
 msgstr "Predeterminado: 077"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3097
+#: sssd.conf.5.xml:3155
 msgid "skel_dir (string)"
 msgstr "skel_dir (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3100
+#: sssd.conf.5.xml:3158
 msgid ""
 "The skeleton directory, which contains files and directories to be copied in "
 "the user's home directory, when the home directory is created by "
@@ -4076,17 +4080,17 @@ msgstr ""
 "<manvolnum>8</manvolnum></citerefentry>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3110
+#: sssd.conf.5.xml:3168
 msgid "Default: <filename>/etc/skel</filename>"
 msgstr "Predeterminado: <filename>/etc/skel</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3115
+#: sssd.conf.5.xml:3173
 msgid "mail_dir (string)"
 msgstr "mail_dir (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3118
+#: sssd.conf.5.xml:3176
 msgid ""
 "The mail spool directory. This is needed to manipulate the mailbox when its "
 "corresponding user account is modified or deleted.  If not specified, a "
@@ -4097,17 +4101,17 @@ msgstr ""
 "Si no se especifica, se utiliza un valor por defecto."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3125
+#: sssd.conf.5.xml:3183
 msgid "Default: <filename>/var/mail</filename>"
 msgstr "Predeterminado: <filename>/var/mail</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3130
+#: sssd.conf.5.xml:3188
 msgid "userdel_cmd (string)"
 msgstr "userdel_cmd (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3133
+#: sssd.conf.5.xml:3191
 msgid ""
 "The command that is run after a user is removed.  The command us passed the "
 "username of the user being removed as the first and only parameter. The "
@@ -4118,17 +4122,17 @@ msgstr ""
 "único parámetro. El código de retorno del comando no es tenido en cuenta."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3139
+#: sssd.conf.5.xml:3197
 msgid "Default: None, no command is run"
 msgstr "Predeterminado: None, no se ejecuta comando"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:3149
+#: sssd.conf.5.xml:3207
 msgid "TRUSTED DOMAIN SECTION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3151
+#: sssd.conf.5.xml:3209
 msgid ""
 "Some options used in the domain section can also be used in the trusted "
 "domain section, that is, in a section called <quote>[domain/"
@@ -4139,64 +4143,64 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3158
+#: sssd.conf.5.xml:3216
 msgid "ldap_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3159
+#: sssd.conf.5.xml:3217
 msgid "ldap_user_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3160
+#: sssd.conf.5.xml:3218
 msgid "ldap_group_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3161
+#: sssd.conf.5.xml:3219
 msgid "ldap_netgroup_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3162
+#: sssd.conf.5.xml:3220
 msgid "ldap_service_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3163
+#: sssd.conf.5.xml:3221
 msgid "ad_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3164
+#: sssd.conf.5.xml:3222
 msgid "ad_backup_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3165
+#: sssd.conf.5.xml:3223
 msgid "ad_site,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3166
+#: sssd.conf.5.xml:3224
 msgid "use_fully_qualified_names"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3168
+#: sssd.conf.5.xml:3226
 msgid ""
 "For more details about these options see their individual description in the "
 "manual page."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:3174 idmap_sss.8.xml:43
+#: sssd.conf.5.xml:3232 idmap_sss.8.xml:43
 msgid "EXAMPLES"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:3180
+#: sssd.conf.5.xml:3238
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -4250,26 +4254,16 @@ msgstr ""
 "enumerate = False\n"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3176
-#, fuzzy
-#| msgid ""
-#| "The following example shows a typical SSSD config. It does not describe "
-#| "configuration of the domains themselves - refer to documentation on "
-#| "configuring domains for more details.  <placeholder type=\"programlisting"
-#| "\" id=\"0\"/>"
+#: sssd.conf.5.xml:3234
 msgid ""
 "1. The following example shows a typical SSSD config. It does not describe "
 "configuration of the domains themselves - refer to documentation on "
 "configuring domains for more details.  <placeholder type=\"programlisting\" "
 "id=\"0\"/>"
 msgstr ""
-"El siguiente ejemplo muestra una configuración SSSD típica. No describe la "
-"configuración de los dominios en si mismos – vea la documentación sobre la "
-"configuración de dominios para más detalles. <placeholder type="
-"\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:3213
+#: sssd.conf.5.xml:3271
 #, no-wrap
 msgid ""
 "[domain/ipa.com/child.ad.com]\n"
@@ -4277,7 +4271,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3207
+#: sssd.conf.5.xml:3265
 msgid ""
 "2. The following example shows configuration of IPA AD trust where the AD "
 "forest consists of two domains in a parent-child structure.  Suppose IPA "
@@ -4337,7 +4331,7 @@ msgstr ""
 "información sobre la utilización de LDAP como proveedor de acceso."
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:81 sssd-ad.5.xml:112
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:81 sssd-ad.5.xml:115
 #: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44 sssd-files.5.xml:57
 #: sssd-secrets.5.xml:120 sssd-session-recording.5.xml:58 sssd-kcm.8.xml:139
 msgid "CONFIGURATION OPTIONS"
@@ -4458,7 +4452,7 @@ msgstr ""
 "http://www.ietf.org/rfc/rfc2254.txt"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:662 sssd-ad.5.xml:283
+#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:662 sssd-ad.5.xml:286
 #: sss_override.8.xml:137 sss_override.8.xml:234
 msgid "Examples:"
 msgstr "Ejemplos:"
@@ -5357,39 +5351,23 @@ msgstr "Default: host"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:833
-#, fuzzy
-#| msgid "ldap_user_authorized_host (string)"
 msgid "ldap_user_authorized_rhost (string)"
-msgstr "ldap_user_authorized_host (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:836
-#, fuzzy
-#| msgid ""
-#| "If access_provider=ldap and ldap_access_order=host, SSSD will use the "
-#| "presence of the host attribute in the user's LDAP entry to determine "
-#| "access privilege."
 msgid ""
 "If access_provider=ldap and ldap_access_order=rhost, SSSD will use the "
 "presence of the rhost attribute in the user's LDAP entry to determine access "
 "privilege. Similarly to host verification process."
 msgstr ""
-"Si access_provider=ldap y ldap_access_order=host, SSSD utilizará la "
-"presencia del atributo host en la entrada LDAP del usuario para determinar "
-"el privilegio de acceso."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:843
-#, fuzzy
-#| msgid ""
-#| "An explicit deny (!host) is resolved first. Second, SSSD searches for "
-#| "explicit allow (host) and finally for allow_all (*)."
 msgid ""
 "An explicit deny (!rhost) is resolved first. Second, SSSD searches for "
 "explicit allow (rhost) and finally for allow_all (*)."
 msgstr ""
-"Una denegación explícita (¡host) se resuelve primero. Segundo, la búsqueda "
-"SSSD para permiso explícito (host) y finalmente permitir todo (*)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:848
@@ -5401,10 +5379,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:855
-#, fuzzy
-#| msgid "Default: host"
 msgid "Default: rhost"
-msgstr "Default: host"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:861
@@ -5418,10 +5394,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:868
-#, fuzzy
-#| msgid "Default: filter"
 msgid "Default: userCertificate;binary"
-msgstr "Predeterminado: filter"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:874
@@ -5780,17 +5754,13 @@ msgstr "ldap_netgroup_modify_timestamp (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1216
-#, fuzzy
-#| msgid "ldap_user_object_class (string)"
 msgid "ldap_host_object_class (string)"
-msgstr "ldap_user_object_class (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1219
-#, fuzzy
-#| msgid "The object class of a user entry in LDAP."
 msgid "The object class of a host entry in LDAP."
-msgstr "La clase de objeto de una entrada de usuario en LDAP."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1222 sssd-ldap.5.xml:1331
@@ -5799,75 +5769,55 @@ msgstr "Por defecto: ipService"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1228
-#, fuzzy
-#| msgid "ad_hostname (string)"
 msgid "ldap_host_name (string)"
-msgstr "ad_hostname (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1257
-#, fuzzy
-#| msgid "The LDAP attribute that corresponds to the group name."
 msgid "The LDAP attribute that corresponds to the host's name."
-msgstr "El atributo LDAP que corresponde al nombre de grupo."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1241
-#, fuzzy
-#| msgid "ldap_sudo_hostnames (string)"
 msgid "ldap_host_fqdn (string)"
-msgstr "ldap_sudo_hostnames (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1244
-#, fuzzy
-#| msgid "The LDAP attribute that corresponds to the user's full name."
 msgid ""
 "The LDAP attribute that corresponds to the host's fully-qualified domain "
 "name."
-msgstr "El atributo LDAP que corresponde al nombre completo del usuario."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1248
-#, fuzzy
-#| msgid "Default: cn"
 msgid "Default: fqdn"
-msgstr "Predeterminado: cn"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1254
-#, fuzzy
-#| msgid "ldap_dns_service_name (string)"
 msgid "ldap_host_serverhostname (string)"
-msgstr "ldap_dns_service_name (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1261
-#, fuzzy
-#| msgid "Default: sudoHost"
 msgid "Default: serverHostname"
-msgstr "Por defecto: sudoHost"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1267
-#, fuzzy
-#| msgid "ldap_user_member_of (string)"
 msgid "ldap_host_member_of (string)"
-msgstr "ldap_user_member_of (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1270
-#, fuzzy
-#| msgid "The LDAP attribute that lists the user's group memberships."
 msgid "The LDAP attribute that lists the host's group memberships."
-msgstr "El atributo LDAP que lista los afiliación a grupo de usario."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1280
-#, fuzzy
-#| msgid "ipa_host_search_base (string)"
 msgid "ldap_host_search_base (string)"
-msgstr "ipa_host_search_base (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1283
@@ -5891,31 +5841,23 @@ msgstr "Predeterminado: el valor de <emphasis>ldap_search_base</emphasis>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1299
-#, fuzzy
-#| msgid "ldap_user_ssh_public_key (string)"
 msgid "ldap_host_ssh_public_key (string)"
-msgstr "ldap_user_ssh_public_key (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1302
-#, fuzzy
-#| msgid "The LDAP attribute that contains the user's SSH public keys."
 msgid "The LDAP attribute that contains the host's SSH public keys."
-msgstr "El atributo LDAP que contiene las claves públicas SSH del usuario."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1312
-#, fuzzy
-#| msgid "ldap_sasl_authid (string)"
 msgid "ldap_host_uuid (string)"
-msgstr "ldap_sasl_authid (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1315
-#, fuzzy
-#| msgid "The LDAP attribute that contains the port managed by this service."
 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP host object."
-msgstr "El atributo LDAP que contiene el puerto manejado por este servicio."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1325
@@ -6548,7 +6490,7 @@ msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
 msgstr "Especifica el tiempo de vida en segundos del TGT si se usa GSSAPI."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1853 sssd-ad.5.xml:934
+#: sssd-ldap.5.xml:1853 sssd-ad.5.xml:937
 msgid "Default: 86400 (24 hours)"
 msgstr "Predeterminado: 86400 (24 horas)"
 
@@ -7033,14 +6975,10 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:2237
-#, fuzzy
-#| msgid ""
-#| "<emphasis>host</emphasis>: use the host attribute to determine access"
 msgid ""
 "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
 "remote host can access"
 msgstr ""
-"<emphasis>host</emphasis>: usa el atributo host para determinar el acceso"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:2241
@@ -7189,10 +7127,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:2341 sssd-ifp.5.xml:136
-#, fuzzy
-#| msgid "ldap_opt_timeout (integer)"
 msgid "wildcard_limit (integer)"
-msgstr "ldap_opt_timeout (entero)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:2344
@@ -7768,8 +7704,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd-ldap.5.xml:2816 sssd-simple.5.xml:131 sssd-ipa.5.xml:736
-#: sssd-ad.5.xml:1038 sssd-krb5.5.xml:570 sss_rpcidmapd.5.xml:98
-#: sssd-files.5.xml:71 sssd-session-recording.5.xml:144
+#: sssd-ad.5.xml:1041 sssd-krb5.5.xml:570 sss_rpcidmapd.5.xml:98
+#: sssd-files.5.xml:103 sssd-session-recording.5.xml:144
 msgid "EXAMPLE"
 msgstr "EJEMPLO"
 
@@ -7799,8 +7735,8 @@ msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para>
 #: sssd-ldap.5.xml:2823 sssd-ldap.5.xml:2841 sssd-simple.5.xml:139
-#: sssd-ipa.5.xml:744 sssd-ad.5.xml:1046 sssd-sudo.5.xml:56 sssd-krb5.5.xml:579
-#: sssd-files.5.xml:78 sssd-session-recording.5.xml:150
+#: sssd-ipa.5.xml:744 sssd-ad.5.xml:1049 sssd-sudo.5.xml:56 sssd-krb5.5.xml:579
+#: sssd-files.5.xml:110 sssd-session-recording.5.xml:150
 #: include/ldap_id_mapping.xml:105
 msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
@@ -7835,7 +7771,7 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd-ldap.5.xml:2857 sssd_krb5_locator_plugin.8.xml:61 sssd-simple.5.xml:148
-#: sssd-ad.5.xml:1061 sssd.8.xml:230 sss_seed.8.xml:163
+#: sssd-ad.5.xml:1064 sssd.8.xml:230 sss_seed.8.xml:163
 msgid "NOTES"
 msgstr "NOTAS"
 
@@ -8318,7 +8254,7 @@ msgstr ""
 "grupos locales no serán evaluados."
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:82 sssd-ad.5.xml:113
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:82 sssd-ad.5.xml:116
 msgid ""
 "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
 "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -8428,23 +8364,24 @@ msgstr ""
 msgid ""
 "The rules are processed by priority while the number '0' (zero)  indicates "
 "the highest priority. The higher the number the lower is the priority. A "
-"missing value indicates the lowest priority."
+"missing value indicates the lowest priority. The rules processing is stopped "
+"when a matched rule is found and no further rules are checked."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:50
+#: sss-certmap.5.xml:52
 msgid ""
 "Internally the priority is treated as unsigned 32bit integer, using a "
 "priority value larger than 4294967295 will cause an error."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sss-certmap.5.xml:55
+#: sss-certmap.5.xml:57
 msgid "MATCHING RULE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:57
+#: sss-certmap.5.xml:59
 msgid ""
 "The matching rule is used to select a certificate to which the mapping rule "
 "should be applied. It uses a system similar to the one used by "
@@ -8456,12 +8393,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:69
+#: sss-certmap.5.xml:71
 msgid "&lt;SUBJECT&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:72
+#: sss-certmap.5.xml:74
 msgid ""
 "With this a part or the whole subject name of the certificate can be "
 "matched. For the matching POSIX Extended Regular Expression syntax is used, "
@@ -8469,7 +8406,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:78
+#: sss-certmap.5.xml:80
 msgid ""
 "For the matching the subject name stored in the certificate in DER encoded "
 "ASN.1 is converted into a string according to RFC 4514. This means the most "
@@ -8482,172 +8419,172 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:91
+#: sss-certmap.5.xml:93
 msgid "Example: &lt;SUBJECT&gt;.*,DC=MY,DC=DOMAIN"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:96
+#: sss-certmap.5.xml:98
 msgid "&lt;ISSUER&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:99
+#: sss-certmap.5.xml:101
 msgid ""
 "With this a part or the whole issuer name of the certificate can be matched. "
 "All comments for &lt;SUBJECT&gt; apply her as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:104
+#: sss-certmap.5.xml:106
 msgid "Example: &lt;ISSUER&gt;^CN=My-CA,DC=MY,DC=DOMAIN$"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:109
+#: sss-certmap.5.xml:111
 msgid "&lt;KU&gt;key-usage"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:112
+#: sss-certmap.5.xml:114
 msgid ""
 "This option can be used to specify which key usage values the certificate "
 "should have. The following values can be used in a comma separated list:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:116
+#: sss-certmap.5.xml:118
 msgid "digitalSignature"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:117
+#: sss-certmap.5.xml:119
 msgid "nonRepudiation"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:118
+#: sss-certmap.5.xml:120
 msgid "keyEncipherment"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:119
+#: sss-certmap.5.xml:121
 msgid "dataEncipherment"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:120
+#: sss-certmap.5.xml:122
 msgid "keyAgreement"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:121
+#: sss-certmap.5.xml:123
 msgid "keyCertSign"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:122
+#: sss-certmap.5.xml:124
 msgid "cRLSign"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:123
+#: sss-certmap.5.xml:125
 msgid "encipherOnly"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:124
+#: sss-certmap.5.xml:126
 msgid "decipherOnly"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:128
+#: sss-certmap.5.xml:130
 msgid ""
 "A numerical value in the range of a 32bit unsigned integer can be used as "
 "well to cover special use cases."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:132
+#: sss-certmap.5.xml:134
 msgid "Example: &lt;KU&gt;digitalSignature,keyEncipherment"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:137
+#: sss-certmap.5.xml:139
 msgid "&lt;EKU&gt;extended-key-usage"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:140
+#: sss-certmap.5.xml:142
 msgid ""
 "This option can be used to specify which extended key usage the certificate "
 "should have. The following value can be used in a comma separated list:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:144
+#: sss-certmap.5.xml:146
 msgid "serverAuth"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:145
+#: sss-certmap.5.xml:147
 msgid "clientAuth"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:146
+#: sss-certmap.5.xml:148
 msgid "codeSigning"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:147
+#: sss-certmap.5.xml:149
 msgid "emailProtection"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:148
+#: sss-certmap.5.xml:150
 msgid "timeStamping"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:149
+#: sss-certmap.5.xml:151
 msgid "OCSPSigning"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:150
+#: sss-certmap.5.xml:152
 msgid "KPClientAuth"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:151
+#: sss-certmap.5.xml:153
 msgid "pkinit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:152
+#: sss-certmap.5.xml:154
 msgid "msScLogin"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:156
+#: sss-certmap.5.xml:158
 msgid ""
 "Extended key usages which are not listed above can be specified with their "
 "OID in dotted-decimal notation."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:160
+#: sss-certmap.5.xml:162
 msgid "Example: &lt;EKU&gt;clientAuth,1.3.6.1.5.2.3.4"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:165
+#: sss-certmap.5.xml:167
 msgid "&lt;SAN&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:168
+#: sss-certmap.5.xml:170
 msgid ""
 "To be compatible with the usage of MIT Kerberos this option will match the "
 "Kerberos principals in the PKINIT or AD NT Principal SAN as &lt;SAN:"
@@ -8655,62 +8592,62 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:173
+#: sss-certmap.5.xml:175
 msgid "Example: &lt;SAN&gt;.*@MY\\.REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:178
+#: sss-certmap.5.xml:180
 msgid "&lt;SAN:Principal&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:181
+#: sss-certmap.5.xml:183
 msgid "Match the Kerberos principals in the PKINIT or AD NT Principal SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:185
+#: sss-certmap.5.xml:187
 msgid "Example: &lt;SAN:Principal&gt;.*@MY\\.REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:190
+#: sss-certmap.5.xml:192
 msgid "&lt;SAN:ntPrincipalName&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:193
+#: sss-certmap.5.xml:195
 msgid "Match the Kerberos principals from the AD NT Principal SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:197
+#: sss-certmap.5.xml:199
 msgid "Example: &lt;SAN:ntPrincipalName&gt;.*@MY.AD.REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:202
+#: sss-certmap.5.xml:204
 msgid "&lt;SAN:pkinit&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:205
+#: sss-certmap.5.xml:207
 msgid "Match the Kerberos principals from the PKINIT SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:208
+#: sss-certmap.5.xml:210
 msgid "Example: &lt;SAN:ntPrincipalName&gt;.*@MY\\.PKINIT\\.REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:213
+#: sss-certmap.5.xml:215
 msgid "&lt;SAN:dotted-decimal-oid&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:216
+#: sss-certmap.5.xml:218
 msgid ""
 "Take the value of the otherName SAN component given by the OID in dotted-"
 "decimal notation, interpret it as string and try to match it against the "
@@ -8718,17 +8655,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:222
+#: sss-certmap.5.xml:224
 msgid "Example: &lt;SAN:1.2.3.4&gt;test"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:227
+#: sss-certmap.5.xml:229
 msgid "&lt;SAN:otherName&gt;base64-string"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:230
+#: sss-certmap.5.xml:232
 msgid ""
 "Do a binary match with the base64 encoded blob against all otherName SAN "
 "components. With this option it is possible to match against custom "
@@ -8737,145 +8674,145 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:237
+#: sss-certmap.5.xml:239
 msgid "Example: &lt;SAN:otherName&gt;MTIz"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:242
+#: sss-certmap.5.xml:244
 msgid "&lt;SAN:rfc822Name&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:245
+#: sss-certmap.5.xml:247
 msgid "Match the value of the rfc822Name SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:248
+#: sss-certmap.5.xml:250
 msgid "Example: &lt;SAN:rfc822Name&gt;.*@email\\.domain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:253
+#: sss-certmap.5.xml:255
 msgid "&lt;SAN:dNSName&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:256
+#: sss-certmap.5.xml:258
 msgid "Match the value of the dNSName SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:259
+#: sss-certmap.5.xml:261
 msgid "Example: &lt;SAN:dNSName&gt;.*\\.my\\.dns\\.domain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:264
+#: sss-certmap.5.xml:266
 msgid "&lt;SAN:x400Address&gt;base64-string"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:267
+#: sss-certmap.5.xml:269
 msgid "Binary match the value of the x400Address SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:270
+#: sss-certmap.5.xml:272
 msgid "Example: &lt;SAN:x400Address&gt;MTIz"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:275
+#: sss-certmap.5.xml:277
 msgid "&lt;SAN:directoryName&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:278
+#: sss-certmap.5.xml:280
 msgid ""
 "Match the value of the directoryName SAN. The same comments as given for &lt;"
 "ISSUER&gt; and &lt;SUBJECT&gt; apply here as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:283
+#: sss-certmap.5.xml:285
 msgid "Example: &lt;SAN:directoryName&gt;.*,DC=com"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:288
+#: sss-certmap.5.xml:290
 msgid "&lt;SAN:ediPartyName&gt;base64-string"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:291
+#: sss-certmap.5.xml:293
 msgid "Binary match the value of the ediPartyName SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:294
+#: sss-certmap.5.xml:296
 msgid "Example: &lt;SAN:ediPartyName&gt;MTIz"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:299
+#: sss-certmap.5.xml:301
 msgid "&lt;SAN:uniformResourceIdentifier&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:302
+#: sss-certmap.5.xml:304
 msgid "Match the value of the uniformResourceIdentifier SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:305
+#: sss-certmap.5.xml:307
 msgid "Example: &lt;SAN:uniformResourceIdentifier&gt;URN:.*"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:310
+#: sss-certmap.5.xml:312
 msgid "&lt;SAN:iPAddress&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:313
+#: sss-certmap.5.xml:315
 msgid "Match the value of the iPAddress SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:316
+#: sss-certmap.5.xml:318
 msgid "Example: &lt;SAN:iPAddress&gt;192\\.168\\..*"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:321
+#: sss-certmap.5.xml:323
 msgid "&lt;SAN:registeredID&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:324
+#: sss-certmap.5.xml:326
 msgid "Match the value of the registeredID SAN as dotted-decimal string."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:328
+#: sss-certmap.5.xml:330
 msgid "Example: &lt;SAN:registeredID&gt;1\\.2\\.3\\..*"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:66
+#: sss-certmap.5.xml:68
 msgid ""
 "The available options are: <placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sss-certmap.5.xml:336
+#: sss-certmap.5.xml:338
 msgid "MAPPING RULE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:338
+#: sss-certmap.5.xml:340
 msgid ""
 "The mapping rule is used to associate a certificate with one or more "
 "accounts. A Smartcard with the certificate and the matching private key can "
@@ -8883,7 +8820,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:343
+#: sss-certmap.5.xml:345
 msgid ""
 "Currently SSSD basically only supports LDAP to lookup user information (the "
 "exception is the proxy provider which is not of relevance here). Because of "
@@ -8895,7 +8832,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:353
+#: sss-certmap.5.xml:355
 msgid ""
 "In general it is recommended to use attributes from the certificate and add "
 "them to special attributes to the LDAP user object. E.g. the "
@@ -8904,7 +8841,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:359
+#: sss-certmap.5.xml:361
 msgid ""
 "This should be preferred to read user specific data from the certificate "
 "like e.g. an email address and search for it in the LDAP server. The reason "
@@ -8914,12 +8851,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:374
+#: sss-certmap.5.xml:376
 msgid "{issuer_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:377
+#: sss-certmap.5.xml:379
 msgid ""
 "This template will add the full issuer DN converted to a string according to "
 "RFC 4514. If X.500 ordering (most specific RDN comes last) an option with "
@@ -8927,40 +8864,40 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:383 sss-certmap.5.xml:409
+#: sss-certmap.5.xml:385 sss-certmap.5.xml:411
 msgid ""
 "The conversion options starting with 'ad_' will use attribute names as used "
 "by AD, e.g. 'S' instead of 'ST'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:387 sss-certmap.5.xml:413
+#: sss-certmap.5.xml:389 sss-certmap.5.xml:415
 msgid ""
 "The conversion options starting with 'nss_' will use attribute names as used "
 "by NSS."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:391 sss-certmap.5.xml:417
+#: sss-certmap.5.xml:393 sss-certmap.5.xml:419
 msgid ""
 "The default conversion option is 'nss', i.e. attribute names according to "
 "NSS and LDAP/RFC 4514 ordering."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:395
+#: sss-certmap.5.xml:397
 msgid ""
 "Example: (ipacertmapdata=X509:&lt;I&gt;{issuer_dn!ad}&lt;S&gt;{subject_dn!"
 "ad})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:400
+#: sss-certmap.5.xml:402
 msgid "{subject_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:403
+#: sss-certmap.5.xml:405
 msgid ""
 "This template will add the full subject DN converted to string according to "
 "RFC 4514. If X.500 ordering (most specific RDN comes last) an option with "
@@ -8968,19 +8905,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:421
+#: sss-certmap.5.xml:423
 msgid ""
 "Example: (ipacertmapdata=X509:&lt;I&gt;{issuer_dn!nss_x500}&lt;S&gt;"
 "{subject_dn!nss_x500})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:426
+#: sss-certmap.5.xml:428
 msgid "{cert[!(bin|base64)]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:429
+#: sss-certmap.5.xml:431
 msgid ""
 "This template will add the whole DER encoded certificate as a string to the "
 "search filter. Depending on the conversion option the binary certificate is "
@@ -8990,17 +8927,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:437
+#: sss-certmap.5.xml:439
 msgid "Example: (userCertificate;binary={cert!bin})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:442
+#: sss-certmap.5.xml:444
 msgid "{subject_principal[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:445
+#: sss-certmap.5.xml:447
 msgid ""
 "This template will add the Kerberos principal which is taken either from the "
 "SAN used by pkinit or the one used by AD. The 'short_name' component "
@@ -9008,19 +8945,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:451 sss-certmap.5.xml:479
+#: sss-certmap.5.xml:453 sss-certmap.5.xml:481
 msgid ""
 "Example: (|(userPrincipal={subject_principal})"
 "(samAccountName={subject_principal.short_name}))"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:456
+#: sss-certmap.5.xml:458
 msgid "{subject_pkinit_principal[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:459
+#: sss-certmap.5.xml:461
 msgid ""
 "This template will add the Kerberos principal which is given by the SAN used "
 "by pkinit. The 'short_name' component represents the first part of the "
@@ -9028,19 +8965,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:465
+#: sss-certmap.5.xml:467
 msgid ""
 "Example: (|(userPrincipal={subject_pkinit_principal})"
 "(uid={subject_pkinit_principal.short_name}))"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:470
+#: sss-certmap.5.xml:472
 msgid "{subject_nt_principal[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:473
+#: sss-certmap.5.xml:475
 msgid ""
 "This template will add the Kerberos principal which is given by the SAN used "
 "by AD. The 'short_name' component represent the first part of the principal "
@@ -9048,12 +8985,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:484
+#: sss-certmap.5.xml:486
 msgid "{subject_rfc822_name[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:487
+#: sss-certmap.5.xml:489
 msgid ""
 "This template will add the string which is stored in the rfc822Name "
 "component of the SAN, typically an email address. The 'short_name' component "
@@ -9061,19 +8998,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:493
+#: sss-certmap.5.xml:495
 msgid ""
 "Example: (|(mail={subject_rfc822_name})(uid={subject_rfc822_name."
 "short_name}))"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:498
+#: sss-certmap.5.xml:500
 msgid "{subject_dns_name[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:501
+#: sss-certmap.5.xml:503
 msgid ""
 "This template will add the string which is stored in the dNSName component "
 "of the SAN, typically a fully-qualified host name.  The 'short_name' "
@@ -9081,116 +9018,116 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:507
+#: sss-certmap.5.xml:509
 msgid ""
 "Example: (|(fqdn={subject_dns_name})(host={subject_dns_name.short_name}))"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:512
+#: sss-certmap.5.xml:514
 msgid "{subject_uri}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:515
+#: sss-certmap.5.xml:517
 msgid ""
 "This template will add the string which is stored in the "
 "uniformResourceIdentifier component of the SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:519
+#: sss-certmap.5.xml:521
 msgid "Example: (uri={subject_uri})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:524
+#: sss-certmap.5.xml:526
 msgid "{subject_ip_address}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:527
+#: sss-certmap.5.xml:529
 msgid ""
 "This template will add the string which is stored in the iPAddress component "
 "of the SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:531
+#: sss-certmap.5.xml:533
 msgid "Example: (ip={subject_ip_address})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:536
+#: sss-certmap.5.xml:538
 msgid "{subject_x400_address}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:539
+#: sss-certmap.5.xml:541
 msgid ""
 "This template will add the value which is stored in the x400Address "
 "component of the SAN as escaped hex sequence."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:544
+#: sss-certmap.5.xml:546
 msgid "Example: (attr:binary={subject_x400_address})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:549
+#: sss-certmap.5.xml:551
 msgid ""
 "{subject_directory_name[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:552
+#: sss-certmap.5.xml:554
 msgid ""
 "This template will add the DN string of the value which is stored in the "
 "directoryName component of the SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:556
+#: sss-certmap.5.xml:558
 msgid "Example: (orig_dn={subject_directory_name})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:561
+#: sss-certmap.5.xml:563
 msgid "{subject_ediparty_name}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:564
+#: sss-certmap.5.xml:566
 msgid ""
 "This template will add the value which is stored in the ediPartyName "
 "component of the SAN as escaped hex sequence."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:569
+#: sss-certmap.5.xml:571
 msgid "Example: (attr:binary={subject_ediparty_name})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:574
+#: sss-certmap.5.xml:576
 msgid "{subject_registered_id}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:577
+#: sss-certmap.5.xml:579
 msgid ""
 "This template will add the OID which is stored in the registeredID component "
 "of the SAN as a dotted-decimal string."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:582
+#: sss-certmap.5.xml:584
 msgid "Example: (oid={subject_registered_id})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:367
+#: sss-certmap.5.xml:369
 msgid ""
 "The templates to add certificate data to the search filter are based on "
 "Python-style formatting strings. They consist of a keyword in curly braces "
@@ -9200,12 +9137,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sss-certmap.5.xml:590
+#: sss-certmap.5.xml:592
 msgid "DOMAIN LIST"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:592
+#: sss-certmap.5.xml:594
 msgid ""
 "If the domain list is not empty users mapped to a given certificate are not "
 "only searched in the local domain but in the listed domains as well as long "
@@ -9342,21 +9279,14 @@ msgstr "ipa_hostname (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:119
-#, fuzzy
-#| msgid ""
-#| "Optional. May be set on machines where the hostname(5) does not reflect "
-#| "the fully qualified name used in the IPA domain to identify this host."
 msgid ""
 "Optional. May be set on machines where the hostname(5) does not reflect the "
 "fully qualified name used in the IPA domain to identify this host.  The "
 "hostname must be fully qualified."
 msgstr ""
-"Opcional. Puede ser fijado en máquinas donde hostname(5) no refleja el "
-"nombre totalmente cualificado usado en el dominio IPA para identificar este "
-"host."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:863
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:866
 msgid "dyndns_update (boolean)"
 msgstr ""
 
@@ -9371,7 +9301,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:140 sssd-ad.5.xml:877
+#: sssd-ipa.5.xml:140 sssd-ad.5.xml:880
 msgid ""
 "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
 "the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -9389,12 +9319,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:157 sssd-ad.5.xml:888
+#: sssd-ipa.5.xml:157 sssd-ad.5.xml:891
 msgid "dyndns_ttl (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:160 sssd-ad.5.xml:891
+#: sssd-ipa.5.xml:160 sssd-ad.5.xml:894
 msgid ""
 "The TTL to apply to the client DNS record when updating it.  If "
 "dyndns_update is false this has no effect. This will override the TTL "
@@ -9415,12 +9345,12 @@ msgid "Default: 1200 (seconds)"
 msgstr "Por defecto: 1200 (segundos)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:177 sssd-ad.5.xml:902
+#: sssd-ipa.5.xml:177 sssd-ad.5.xml:905
 msgid "dyndns_iface (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:180 sssd-ad.5.xml:905
+#: sssd-ipa.5.xml:180 sssd-ad.5.xml:908
 msgid ""
 "Optional. Applicable only when dyndns_update is true. Choose the interface "
 "or a list of interfaces whose IP addresses should be used for dynamic DNS "
@@ -9444,17 +9374,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:197 sssd-ad.5.xml:916
+#: sssd-ipa.5.xml:197 sssd-ad.5.xml:919
 msgid "Example: dyndns_iface = em1, vnet1, vnet2"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:203 sssd-ad.5.xml:967
+#: sssd-ipa.5.xml:203 sssd-ad.5.xml:970
 msgid "dyndns_auth (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:206 sssd-ad.5.xml:970
+#: sssd-ipa.5.xml:206 sssd-ad.5.xml:973
 msgid ""
 "Whether the nsupdate utility should use GSS-TSIG authentication for secure "
 "updates with the DNS server, insecure updates can be sent by setting this "
@@ -9462,7 +9392,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:212 sssd-ad.5.xml:976
+#: sssd-ipa.5.xml:212 sssd-ad.5.xml:979
 msgid "Default: GSS-TSIG"
 msgstr ""
 
@@ -9472,7 +9402,7 @@ msgid "ipa_enable_dns_sites (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:221 sssd-ad.5.xml:210
+#: sssd-ipa.5.xml:221 sssd-ad.5.xml:213
 msgid "Enables DNS sites - location based service discovery."
 msgstr ""
 
@@ -9489,7 +9419,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:244 sssd-ad.5.xml:922
+#: sssd-ipa.5.xml:244 sssd-ad.5.xml:925
 msgid "dyndns_refresh_interval (integer)"
 msgstr ""
 
@@ -9502,12 +9432,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:940
+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:943
 msgid "dyndns_update_ptr (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:263 sssd-ad.5.xml:943
+#: sssd-ipa.5.xml:263 sssd-ad.5.xml:946
 msgid ""
 "Whether the PTR record should also be explicitly updated when updating the "
 "client's DNS records.  Applicable only when dyndns_update is true."
@@ -9526,71 +9456,64 @@ msgid "Default: False (disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:280 sssd-ad.5.xml:954
+#: sssd-ipa.5.xml:280 sssd-ad.5.xml:957
 msgid "dyndns_force_tcp (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:283 sssd-ad.5.xml:957
+#: sssd-ipa.5.xml:283 sssd-ad.5.xml:960
 msgid ""
 "Whether the nsupdate utility should default to using TCP for communicating "
 "with the DNS server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:287 sssd-ad.5.xml:961
+#: sssd-ipa.5.xml:287 sssd-ad.5.xml:964
 msgid "Default: False (let nsupdate choose the protocol)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:293 sssd-ad.5.xml:982
+#: sssd-ipa.5.xml:293 sssd-ad.5.xml:985
 msgid "dyndns_server (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:296 sssd-ad.5.xml:985
+#: sssd-ipa.5.xml:296 sssd-ad.5.xml:988
 msgid ""
 "The DNS server to use when performing a DNS update. In most setups, it's "
 "recommended to leave this option unset."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:301 sssd-ad.5.xml:990
+#: sssd-ipa.5.xml:301 sssd-ad.5.xml:993
 msgid ""
 "Setting this option makes sense for environments where the DNS server is "
 "different from the identity server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:306 sssd-ad.5.xml:995
+#: sssd-ipa.5.xml:306 sssd-ad.5.xml:998
 msgid ""
 "Please note that this option will be only used in fallback attempt when "
 "previous attempt using autodetected settings failed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1000
+#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1003
 msgid "Default: None (let nsupdate choose the server)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:317
-#, fuzzy
-#| msgid "ipa_host_search_base (string)"
 msgid "ipa_deskprofile_search_base (string)"
-msgstr "ipa_host_search_base (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:320
-#, fuzzy
-#| msgid ""
-#| "Optional. Use the given string as search base for HBAC related objects."
 msgid ""
 "Optional. Use the given string as search base for Desktop Profile related "
 "objects."
 msgstr ""
-"Opcional. Usa la cadena dada como base de búsqueda para los objetos HBAC "
-"relacionados."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:324 sssd-ipa.5.xml:337
@@ -9698,86 +9621,64 @@ msgstr ""
 "convertido hacia la base DN para usarlo para llevar a cabo operaciones LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:443 sssd-ad.5.xml:1009
+#: sssd-ipa.5.xml:443 sssd-ad.5.xml:1012
 msgid "krb5_confd_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:446 sssd-ad.5.xml:1012
+#: sssd-ipa.5.xml:446 sssd-ad.5.xml:1015
 msgid ""
 "Absolute path of a directory where SSSD should place Kerberos configuration "
 "snippets."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:450 sssd-ad.5.xml:1016
+#: sssd-ipa.5.xml:450 sssd-ad.5.xml:1019
 msgid ""
 "To disable the creation of the configuration snippets set the parameter to "
 "'none'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454 sssd-ad.5.xml:1020
+#: sssd-ipa.5.xml:454 sssd-ad.5.xml:1023
 msgid ""
 "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:461
-#, fuzzy
-#| msgid "ipa_hbac_refresh (integer)"
 msgid "ipa_deskprofile_refresh (integer)"
-msgstr "ipa_hbac_refresh (entero)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:464
-#, fuzzy
-#| msgid ""
-#| "The amount of time between lookups of the HBAC rules against the IPA "
-#| "server. This will reduce the latency and load on the IPA server if there "
-#| "are many access-control requests made in a short period."
 msgid ""
 "The amount of time between lookups of the Desktop Profile rules against the "
 "IPA server. This will reduce the latency and load on the IPA server if there "
 "are many desktop profiles requests made in a short period."
 msgstr ""
-"La cantidad de tiempo entre vbúsquedas de las reglas HBAC contra el servidor "
-"IPA. Esto reducirá la latencia y la carga sobre el servidor IPA si hay "
-"muchas peticiones de control de acceso hechas en un corto período."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471 sssd-ipa.5.xml:501 sssd-ipa.5.xml:517 sssd-ad.5.xml:428
+#: sssd-ipa.5.xml:471 sssd-ipa.5.xml:501 sssd-ipa.5.xml:517 sssd-ad.5.xml:431
 msgid "Default: 5 (seconds)"
 msgstr "Predeterminado: 5 (segundos)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:477
-#, fuzzy
-#| msgid "ldap_sudo_full_refresh_interval (integer)"
 msgid "ipa_deskprofile_request_interval (integer)"
-msgstr "ldap_sudo_full_refresh_interval (entero)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:480
-#, fuzzy
-#| msgid ""
-#| "The amount of time between lookups of the HBAC rules against the IPA "
-#| "server. This will reduce the latency and load on the IPA server if there "
-#| "are many access-control requests made in a short period."
 msgid ""
 "The amount of time between lookups of the Desktop Profile rules against the "
 "IPA server in case the last request did not return any rule."
 msgstr ""
-"La cantidad de tiempo entre vbúsquedas de las reglas HBAC contra el servidor "
-"IPA. Esto reducirá la latencia y la carga sobre el servidor IPA si hay "
-"muchas peticiones de control de acceso hechas en un corto período."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:485
-#, fuzzy
-#| msgid "Default: 900 (15 minutes)"
 msgid "Default: 60 (minutes)"
-msgstr "Predeterminado: 900 (15 minutos)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:491
@@ -10204,11 +10105,13 @@ msgid ""
 "POSIX attributes are not replicated to the Global Catalog, SSSD must search "
 "all the domains in the forest sequentially. Please note that the "
 "<quote>cache_first</quote> option might be also helpful in speeding up "
-"domainless searches."
+"domainless searches.  Note that if only a subset of POSIX attributes is "
+"present in the Global Catalog, the non-replicated attributes are currently "
+"not read from the LDAP port."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:105
+#: sssd-ad.5.xml:108
 msgid ""
 "Users, groups and other entities served by SSSD are always treated as case-"
 "insensitive in the AD provider for compatibility with Active Directory's "
@@ -10216,12 +10119,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:120
+#: sssd-ad.5.xml:123
 msgid "ad_domain (string)"
 msgstr "ad_domain (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:123
+#: sssd-ad.5.xml:126
 msgid ""
 "Specifies the name of the Active Directory domain.  This is optional. If not "
 "provided, the configuration domain name is used."
@@ -10230,7 +10133,7 @@ msgstr ""
 "se suministra, se usa la configuración del nombre de dominio."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:128
+#: sssd-ad.5.xml:131
 msgid ""
 "For proper operation, this option should be specified as the lower-case "
 "version of the long version of the Active Directory domain."
@@ -10239,19 +10142,19 @@ msgstr ""
 "minúscula de la versión larga del dominio Active Directory."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:133
+#: sssd-ad.5.xml:136
 msgid ""
 "The short domain name (also known as the NetBIOS or the flat name) is "
 "autodetected by the SSSD."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:140
+#: sssd-ad.5.xml:143
 msgid "ad_enabled_domains (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:143
+#: sssd-ad.5.xml:146
 msgid ""
 "A comma-separated list of enabled Active Directory domains.  If provided, "
 "SSSD will ignore any domains not listed in this option. If left unset, all "
@@ -10259,7 +10162,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:153
+#: sssd-ad.5.xml:156
 #, no-wrap
 msgid ""
 "ad_enabled_domains = sales.example.com, eng.example.com\n"
@@ -10267,7 +10170,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:149
+#: sssd-ad.5.xml:152
 msgid ""
 "For proper operation, this option must be specified in all lower-case and as "
 "the fully qualified domain name of the Active Directory domain. For example: "
@@ -10275,19 +10178,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:157
+#: sssd-ad.5.xml:160
 msgid ""
 "The short domain name (also known as the NetBIOS or the flat name) will be "
 "autodetected by SSSD."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:167
+#: sssd-ad.5.xml:170
 msgid "ad_server, ad_backup_server (string)"
 msgstr "ad_server, ad_backup_server (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:170
+#: sssd-ad.5.xml:173
 msgid ""
 "The comma-separated list of hostnames of the AD servers to which SSSD should "
 "connect in order of preference. For more information on failover and server "
@@ -10295,26 +10198,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:177
+#: sssd-ad.5.xml:180
 msgid ""
 "This is optional if autodiscovery is enabled.  For more information on "
 "service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:182
+#: sssd-ad.5.xml:185
 msgid ""
 "Note: Trusted domains will always auto-discover servers even if the primary "
 "server is explicitly defined in the ad_server option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:190
+#: sssd-ad.5.xml:193
 msgid "ad_hostname (string)"
 msgstr "ad_hostname (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:193
+#: sssd-ad.5.xml:196
 msgid ""
 "Optional. May be set on machines where the hostname(5) does not reflect the "
 "fully qualified name used in the Active Directory domain to identify this "
@@ -10325,7 +10228,7 @@ msgstr ""
 "identificar este host."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:199
+#: sssd-ad.5.xml:202
 msgid ""
 "This field is used to determine the host principal in use in the keytab. It "
 "must match the hostname for which the keytab was issued."
@@ -10334,12 +10237,12 @@ msgstr ""
 "Debe coincidir con el nombre del host desde que se envío la keytab."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:207
+#: sssd-ad.5.xml:210
 msgid "ad_enable_dns_sites (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:214
+#: sssd-ad.5.xml:217
 msgid ""
 "If true and service discovery (see Service Discovery paragraph at the bottom "
 "of the man page)  is enabled, the SSSD will first attempt to discover the "
@@ -10350,12 +10253,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:230
+#: sssd-ad.5.xml:233
 msgid "ad_access_filter (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:233
+#: sssd-ad.5.xml:236
 msgid ""
 "This option specifies LDAP access control filter that the user must match in "
 "order to be allowed access. Please note that the <quote>access_provider</"
@@ -10364,7 +10267,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:241
+#: sssd-ad.5.xml:244
 msgid ""
 "The option also supports specifying different filters per domain or forest. "
 "This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>.  "
@@ -10373,7 +10276,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:249
+#: sssd-ad.5.xml:252
 msgid ""
 "If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</"
 "quote> specifies the domain or subdomain the filter applies to.  If the "
@@ -10382,14 +10285,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:257
+#: sssd-ad.5.xml:260
 msgid ""
 "Multiple filters can be separated with the <quote>?</quote> character, "
 "similarly to how search bases work."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:262
+#: sssd-ad.5.xml:265
 msgid ""
 "Nested group membership must be searched for using a special OID "
 "<quote>:1.2.840.113556.1.4.1941:</quote> in addition to the full DOM:domain."
@@ -10402,7 +10305,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:275
+#: sssd-ad.5.xml:278
 msgid ""
 "The most specific match is always used. For example, if the option specified "
 "filter for a domain the user is a member of and a global filter, the per-"
@@ -10411,7 +10314,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ad.5.xml:286
+#: sssd-ad.5.xml:289
 #, no-wrap
 msgid ""
 "# apply filter on domain called dom1 only:\n"
@@ -10429,24 +10332,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:305
+#: sssd-ad.5.xml:308
 msgid "ad_site (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:308
+#: sssd-ad.5.xml:311
 msgid ""
 "Specify AD site to which client should try to connect.  If this option is "
 "not provided, the AD site will be auto-discovered."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:319
+#: sssd-ad.5.xml:322
 msgid "ad_enable_gc (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:322
+#: sssd-ad.5.xml:325
 msgid ""
 "By default, the SSSD connects to the Global Catalog first to retrieve users "
 "from trusted domains and uses the LDAP port to retrieve group memberships or "
@@ -10455,7 +10358,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:330
+#: sssd-ad.5.xml:333
 msgid ""
 "Please note that disabling Global Catalog support does not disable "
 "retrieving users from trusted domains. The SSSD would connect to the LDAP "
@@ -10464,12 +10367,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:344
+#: sssd-ad.5.xml:347
 msgid "ad_gpo_access_control (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:347
+#: sssd-ad.5.xml:350
 msgid ""
 "This option specifies the operation mode for GPO-based access control "
 "functionality: whether it operates in disabled mode, enforcing mode, or "
@@ -10479,14 +10382,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:356
+#: sssd-ad.5.xml:359
 msgid ""
 "GPO-based access control functionality uses GPO policy settings to determine "
 "whether or not a particular user is allowed to logon to a particular host."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:362
+#: sssd-ad.5.xml:365
 msgid ""
 "NOTE: The current version of SSSD does not support host (computer) entries "
 "in the GPO 'Security Filtering' list. Only user and group entries are "
@@ -10494,7 +10397,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:369
+#: sssd-ad.5.xml:372
 msgid ""
 "NOTE: If the operation mode is set to enforcing, it is possible that users "
 "that were previously allowed logon access will now be denied logon access "
@@ -10507,23 +10410,23 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:382
+#: sssd-ad.5.xml:385
 msgid "There are three supported values for this option:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:386
+#: sssd-ad.5.xml:389
 msgid ""
 "disabled: GPO-based access control rules are neither evaluated nor enforced."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:392
+#: sssd-ad.5.xml:395
 msgid "enforcing: GPO-based access control rules are evaluated and enforced."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:398
+#: sssd-ad.5.xml:401
 msgid ""
 "permissive: GPO-based access control rules are evaluated, but not enforced.  "
 "Instead, a syslog message will be emitted indicating that the user would "
@@ -10531,22 +10434,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:409
+#: sssd-ad.5.xml:412
 msgid "Default: permissive"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:412
+#: sssd-ad.5.xml:415
 msgid "Default: enforcing"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:418
+#: sssd-ad.5.xml:421
 msgid "ad_gpo_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:421
+#: sssd-ad.5.xml:424
 msgid ""
 "The amount of time between lookups of GPO policy files against the AD "
 "server. This will reduce the latency and load on the AD server if there are "
@@ -10554,12 +10457,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:434
+#: sssd-ad.5.xml:437
 msgid "ad_gpo_map_interactive (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:437
+#: sssd-ad.5.xml:440
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the InteractiveLogonRight and "
@@ -10567,14 +10470,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:443
+#: sssd-ad.5.xml:446
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Allow "
 "log on locally\" and \"Deny log on locally\"."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:457
+#: sssd-ad.5.xml:460
 #, no-wrap
 msgid ""
 "ad_gpo_map_interactive = +my_pam_service, -login\n"
@@ -10582,7 +10485,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:448
+#: sssd-ad.5.xml:451
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -10594,78 +10497,78 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:461 sssd-ad.5.xml:557 sssd-ad.5.xml:603 sssd-ad.5.xml:648
-#: sssd-ad.5.xml:714
+#: sssd-ad.5.xml:464 sssd-ad.5.xml:560 sssd-ad.5.xml:606 sssd-ad.5.xml:651
+#: sssd-ad.5.xml:717
 msgid "Default: the default set of PAM service names includes:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:465
+#: sssd-ad.5.xml:468
 msgid "login"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:470
+#: sssd-ad.5.xml:473
 msgid "su"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:475
+#: sssd-ad.5.xml:478
 msgid "su-l"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:480
+#: sssd-ad.5.xml:483
 msgid "gdm-fingerprint"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:485
+#: sssd-ad.5.xml:488
 msgid "gdm-password"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:490
+#: sssd-ad.5.xml:493
 msgid "gdm-smartcard"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:495
+#: sssd-ad.5.xml:498
 msgid "kdm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:500
+#: sssd-ad.5.xml:503
 msgid "lightdm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:505
+#: sssd-ad.5.xml:508
 msgid "lxdm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:510
+#: sssd-ad.5.xml:513
 msgid "sddm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:515
+#: sssd-ad.5.xml:518
 msgid "unity"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:520
+#: sssd-ad.5.xml:523
 msgid "xdm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:529
+#: sssd-ad.5.xml:532
 msgid "ad_gpo_map_remote_interactive (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:532
+#: sssd-ad.5.xml:535
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the RemoteInteractiveLogonRight and "
@@ -10673,7 +10576,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:538
+#: sssd-ad.5.xml:541
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Allow "
 "log on through Remote Desktop Services\" and \"Deny log on through Remote "
@@ -10681,7 +10584,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:553
+#: sssd-ad.5.xml:556
 #, no-wrap
 msgid ""
 "ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n"
@@ -10689,7 +10592,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:544
+#: sssd-ad.5.xml:547
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -10701,22 +10604,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:561
+#: sssd-ad.5.xml:564
 msgid "sshd"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:566
+#: sssd-ad.5.xml:569
 msgid "cockpit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:575
+#: sssd-ad.5.xml:578
 msgid "ad_gpo_map_network (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:578
+#: sssd-ad.5.xml:581
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the NetworkLogonRight and "
@@ -10724,7 +10627,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:584
+#: sssd-ad.5.xml:587
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Access "
 "this computer from the network\" and \"Deny access to this computer from the "
@@ -10732,7 +10635,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:599
+#: sssd-ad.5.xml:602
 #, no-wrap
 msgid ""
 "ad_gpo_map_network = +my_pam_service, -ftp\n"
@@ -10740,7 +10643,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:590
+#: sssd-ad.5.xml:593
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -10752,22 +10655,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:607
+#: sssd-ad.5.xml:610
 msgid "ftp"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:612
+#: sssd-ad.5.xml:615
 msgid "samba"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:621
+#: sssd-ad.5.xml:624
 msgid "ad_gpo_map_batch (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:624
+#: sssd-ad.5.xml:627
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the BatchLogonRight and DenyBatchLogonRight "
@@ -10775,14 +10678,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:630
+#: sssd-ad.5.xml:633
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Allow "
 "log on as a batch job\" and \"Deny log on as a batch job\"."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:644
+#: sssd-ad.5.xml:647
 #, no-wrap
 msgid ""
 "ad_gpo_map_batch = +my_pam_service, -crond\n"
@@ -10790,7 +10693,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:635
+#: sssd-ad.5.xml:638
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -10802,17 +10705,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:652
+#: sssd-ad.5.xml:655
 msgid "crond"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:661
+#: sssd-ad.5.xml:664
 msgid "ad_gpo_map_service (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:664
+#: sssd-ad.5.xml:667
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the ServiceLogonRight and "
@@ -10820,14 +10723,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:670
+#: sssd-ad.5.xml:673
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Allow "
 "log on as a service\" and \"Deny log on as a service\"."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:683
+#: sssd-ad.5.xml:686
 #, no-wrap
 msgid ""
 "ad_gpo_map_service = +my_pam_service\n"
@@ -10835,7 +10738,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:675 sssd-ad.5.xml:750
+#: sssd-ad.5.xml:678 sssd-ad.5.xml:753
 msgid ""
 "It is possible to add a PAM service name to the default set by using <quote>"
 "+service_name</quote>.  Since the default set is empty, it is not possible "
@@ -10846,19 +10749,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:693
+#: sssd-ad.5.xml:696
 msgid "ad_gpo_map_permit (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:696
+#: sssd-ad.5.xml:699
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access is "
 "always granted, regardless of any GPO Logon Rights."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:710
+#: sssd-ad.5.xml:713
 #, no-wrap
 msgid ""
 "ad_gpo_map_permit = +my_pam_service, -sudo\n"
@@ -10866,7 +10769,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:701
+#: sssd-ad.5.xml:704
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -10878,39 +10781,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:718
+#: sssd-ad.5.xml:721
 msgid "polkit-1"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:723
+#: sssd-ad.5.xml:726
 msgid "sudo"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:728
+#: sssd-ad.5.xml:731
 msgid "sudo-i"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:733
+#: sssd-ad.5.xml:736
 msgid "systemd-user"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:742
+#: sssd-ad.5.xml:745
 msgid "ad_gpo_map_deny (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:745
+#: sssd-ad.5.xml:748
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access is "
 "always denied, regardless of any GPO Logon Rights."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:758
+#: sssd-ad.5.xml:761
 #, no-wrap
 msgid ""
 "ad_gpo_map_deny = +my_pam_service\n"
@@ -10918,12 +10821,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:768
+#: sssd-ad.5.xml:771
 msgid "ad_gpo_default_right (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:771
+#: sssd-ad.5.xml:774
 msgid ""
 "This option defines how access control is evaluated for PAM service names "
 "that are not explicitly listed in one of the ad_gpo_map_* options. This "
@@ -10936,57 +10839,57 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:784
+#: sssd-ad.5.xml:787
 msgid "Supported values for this option include:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:788
+#: sssd-ad.5.xml:791
 msgid "interactive"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:793
+#: sssd-ad.5.xml:796
 msgid "remote_interactive"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:798
+#: sssd-ad.5.xml:801
 msgid "network"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:803
+#: sssd-ad.5.xml:806
 msgid "batch"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:808
+#: sssd-ad.5.xml:811
 msgid "service"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:813
+#: sssd-ad.5.xml:816
 msgid "permit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:818
+#: sssd-ad.5.xml:821
 msgid "deny"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:824
+#: sssd-ad.5.xml:827
 msgid "Default: deny"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:830
+#: sssd-ad.5.xml:833
 msgid "ad_maximum_machine_account_password_age (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:833
+#: sssd-ad.5.xml:836
 msgid ""
 "SSSD will check once a day if the machine account password is older than the "
 "given age in days and try to renew it. A value of 0 will disable the renewal "
@@ -10994,17 +10897,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:839
+#: sssd-ad.5.xml:842
 msgid "Default: 30 days"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:845
+#: sssd-ad.5.xml:848
 msgid "ad_machine_account_password_renewal_opts (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:848
+#: sssd-ad.5.xml:851
 msgid ""
 "This option should only be used to test the machine account renewal task. "
 "The option expects 2 integers separated by a colon (':'). The first integer "
@@ -11014,12 +10917,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:857
+#: sssd-ad.5.xml:860
 msgid "Default: 86400:750 (24h and 15m)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:866
+#: sssd-ad.5.xml:869
 msgid ""
 "Optional. This option tells SSSD to automatically update the Active "
 "Directory DNS server with the IP address of this client. The update is "
@@ -11030,19 +10933,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:896
+#: sssd-ad.5.xml:899
 msgid "Default: 3600 (seconds)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:912
+#: sssd-ad.5.xml:915
 msgid ""
 "Default: Use the IP addresses of the interface which is used for AD LDAP "
 "connection"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:925
+#: sssd-ad.5.xml:928
 msgid ""
 "How often should the back end perform periodic DNS update in addition to the "
 "automatic update performed when the back end goes online.  This option is "
@@ -11052,12 +10955,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:948 sss_rpcidmapd.5.xml:76
+#: sssd-ad.5.xml:951 sss_rpcidmapd.5.xml:76
 msgid "Default: True"
 msgstr "Predeterminado: True"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:1040
+#: sssd-ad.5.xml:1043
 msgid ""
 "The following example assumes that SSSD is correctly configured and example."
 "com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -11068,7 +10971,7 @@ msgstr ""
 "Este ejemplo muestra sólo las opciones específicas del proveedor AD."
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:1047
+#: sssd-ad.5.xml:1050
 #, no-wrap
 msgid ""
 "[domain/EXAMPLE]\n"
@@ -11092,7 +10995,7 @@ msgstr ""
 "ad_domain = example.com\n"
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:1067
+#: sssd-ad.5.xml:1070
 #, no-wrap
 msgid ""
 "access_provider = ldap\n"
@@ -11104,7 +11007,7 @@ msgstr ""
 "ldap_account_expire_policy = ad\n"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:1063
+#: sssd-ad.5.xml:1066
 msgid ""
 "The AD access control provider checks if the account is expired.  It has the "
 "same effect as the following configuration of the LDAP provider: "
@@ -11115,7 +11018,7 @@ msgstr ""
 "<placeholder type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:1073
+#: sssd-ad.5.xml:1076
 msgid ""
 "However, unless the <quote>ad</quote> access control provider is explicitly "
 "configured, the default access provider is <quote>permit</quote>. Please "
@@ -11125,15 +11028,15 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:1081
+#: sssd-ad.5.xml:1084
 msgid ""
 "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
 "attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
 "are included in the default Active Directory schema."
 msgstr ""
 
-#. type: Content of: <reference><refentry><refmeta><refentrytitle>
-#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 sssd-session-recording.5.xml:10
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16
 msgid "sssd-sudo"
 msgstr "sssd-sudo"
 
@@ -11527,10 +11430,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sssd.8.xml:101
-#, fuzzy
-#| msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>"
 msgid "<option>--logger=</option><replaceable>value</replaceable>"
-msgstr "<option>--debug-timestamps=</option><replaceable>mode</replaceable>"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd.8.xml:105
@@ -11542,38 +11443,24 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd.8.xml:112
-#, fuzzy
-#| msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages"
 msgid ""
 "<emphasis>stderr</emphasis>: Redirect debug messages to standard error "
 "output."
 msgstr ""
-"<emphasis>1</emphasis>: Agregar marca de tiempo a mensajes de depuración "
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd.8.xml:116
-#, fuzzy
-#| msgid ""
-#| "Send the debug output to files instead of stderr. By default, the log "
-#| "files are stored in <filename>/var/log/sssd</filename> and there are "
-#| "separate log files for every SSSD service and domain."
 msgid ""
 "<emphasis>files</emphasis>: Redirect debug messages to the log files. By "
 "default, the log files are stored in <filename>/var/log/sssd</filename> and "
 "there are separate log files for every SSSD service and domain."
 msgstr ""
-"Envía la salida de depuración a ficheros en lugar de a stderr. Por defecto, "
-"los ficheros de registro se almacenan en <filename>/var/log/sssd</filename> "
-"y hay ficheros de registro separados para cada servicio y dominio SSSD."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd.8.xml:122
-#, fuzzy
-#| msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages"
 msgid ""
 "<emphasis>journald</emphasis>: Redirect debug messages to systemd-journald"
 msgstr ""
-"<emphasis>1</emphasis>: Agregar marca de tiempo a mensajes de depuración "
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sssd.8.xml:132
@@ -11770,7 +11657,7 @@ msgid "The password to obfuscate will be read from standard input."
 msgstr "La contraseña a oscurecer será leída desde la entrada estándar."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:70
+#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:127
 #: sss_ssh_knownhostsproxy.1.xml:78
 msgid ""
 "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
@@ -13468,10 +13355,8 @@ msgstr "sss_debuglevel"
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sss_debuglevel.8.xml:16
-#, fuzzy
-#| msgid "change debug level while SSSD is running"
 msgid "[DEPRECATED] change debug level while SSSD is running"
-msgstr "cambia el nivel de depuración mientras SSSD está corriendo"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
 #: sss_debuglevel.8.xml:21
@@ -13999,8 +13884,98 @@ msgid ""
 "\" id=\"0\"/>"
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sss_ssh_authorizedkeys.1.xml:65
+msgid "KEYS FROM CERTIFICATES"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:67
+msgid ""
+"In addition to the public SSH keys for user <replaceable>USER</replaceable> "
+"<command>sss_ssh_authorizedkeys</command> can return public SSH keys derived "
+"from the public key of a X.509 certificate as well."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:73
+msgid ""
+"To enable this the <quote>ssh_use_certificate_keys</quote> option must be "
+"set to true (default) in the [ssh] section of <filename>sssd.conf</"
+"filename>. If the user entry contains certificates (see "
+"<quote>ldap_user_certificate</quote> in <citerefentry><refentrytitle>sssd-"
+"ldap</refentrytitle> <manvolnum>5</manvolnum></citerefentry> for details) or "
+"there is a certificate in an override entry for the user (see "
+"<citerefentry><refentrytitle>sss_override</refentrytitle> <manvolnum>8</"
+"manvolnum></citerefentry> or <citerefentry><refentrytitle>sssd-ipa</"
+"refentrytitle> <manvolnum>5</manvolnum></citerefentry> for details) and the "
+"certificate is valid SSSD will extract the public key from the certificate "
+"and convert it into the format expected by sshd."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:90
+msgid "Besides <quote>ssh_use_certificate_keys</quote> the options"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+#: sss_ssh_authorizedkeys.1.xml:92
+msgid "ca_db"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+#: sss_ssh_authorizedkeys.1.xml:93
+#, fuzzy
+#| msgid "client_idle_timeout"
+msgid "p11_child_timeout"
+msgstr "client_idle_timeout"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+#: sss_ssh_authorizedkeys.1.xml:94
+msgid "certificate_verification"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:96
+#, fuzzy
+#| msgid ""
+#| "Please refer to the <quote>dns_discovery_domain</quote> parameter in the "
+#| "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+#| "manvolnum> </citerefentry> manual page for more details."
+msgid ""
+"can be used to control how the certificates are validated (see "
+"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry> for details)."
+msgstr ""
+"Por favor vea el parámetro <quote>dns_discovery_domain</quote> en la página "
+"de manual <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> para más detalles."
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:101
+msgid ""
+"The validation is the benefit of using X.509 certificates instead of SSH "
+"keys directly because e.g. it gives a better control of the lifetime of the "
+"keys. When the ssh client is configured to use the private keys from a "
+"Smartcard with the help of a PKCS#11 shared library (see "
+"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></"
+"citerefentry> for details) it might be irritating that authentication is "
+"still working even if the related X.509 certificate on the Smartcard is "
+"already expired because neither <command>ssh</command> nor <command>sshd</"
+"command> will look at the certificate at all."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:114
+msgid ""
+"It has to be noted that the derived public SSH key can still be added to the "
+"<filename>authorized_keys</filename> file of the user to bypass the "
+"certificate validation if the <command>sshd</command> configuration permits "
+"this."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_authorizedkeys.1.xml:75
+#: sss_ssh_authorizedkeys.1.xml:132
 msgid ""
 "Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
 msgstr ""
@@ -14008,12 +13983,12 @@ msgstr ""
 "<replaceable>DOMAIN</replaceable>."
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_authorizedkeys.1.xml:84 sss_ssh_knownhostsproxy.1.xml:92
+#: sss_ssh_authorizedkeys.1.xml:141 sss_ssh_knownhostsproxy.1.xml:92
 msgid "EXIT STATUS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:86 sss_ssh_knownhostsproxy.1.xml:94
+#: sss_ssh_authorizedkeys.1.xml:143 sss_ssh_knownhostsproxy.1.xml:94
 msgid ""
 "In case of success, an exit value of 0 is returned. Otherwise, 1 is returned."
 msgstr ""
@@ -14233,25 +14208,79 @@ msgid ""
 "manvolnum> </citerefentry>."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-files.5.xml:69
+#, fuzzy
+#| msgid "ldap_access_filter (string)"
+msgid "passwd_files (string)"
+msgstr "ldap_access_filter (cadena)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:72
+msgid ""
+"Comma-separated list of one or multiple password filenames to be read and "
+"enumerated by the files provider, inotify monitor watches will be set on "
+"each file to detect changes dynamically."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:78
+#, fuzzy
+#| msgid "Default: password"
+msgid "Default: /etc/passwd"
+msgstr "Por defecto: contraseña"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-files.5.xml:84
+#, fuzzy
+#| msgid "ldap_netgroup_triple (string)"
+msgid "group_files (string)"
+msgstr "ldap_netgroup_triple (cadena)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:87
+msgid ""
+"Comma-separated list of one or multiple group filenames to be read and "
+"enumerated by the files provider, inotify monitor watches will be set on "
+"each file to detect changes dynamically."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:93
+#, fuzzy
+#| msgid "Default: nisNetgroup"
+msgid "Default: /etc/group"
+msgstr "Predeterminado: nisNetgroup"
+
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-files.5.xml:59
+#, fuzzy
+#| msgid ""
+#| "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
+#| "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
+#| "citerefentry> manual page for details on the configuration of an SSSD "
+#| "domain.  <placeholder type=\"variablelist\" id=\"0\"/>"
 msgid ""
-"The files provider has no specific options of its own, however, generic SSSD "
-"domain options can be set where applicable.  Refer to the section "
-"<quote>DOMAIN SECTIONS</quote> of the <citerefentry> <refentrytitle>sssd."
-"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page "
-"for details on the configuration of an SSSD domain."
+"In addition to the options listed below, generic SSSD domain options can be "
+"set where applicable.  Refer to the section <quote>DOMAIN SECTIONS</quote> "
+"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> manual page for details on the configuration of "
+"an SSSD domain.  <placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
+"Vea la sección  <quote>DOMAIN SECTIONS</quote> de la página de manual "
+"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> para detalles sobre la configuración de un "
+"dominio SSSD. <placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-files.5.xml:73
+#: sssd-files.5.xml:105
 msgid ""
 "The following example assumes that SSSD is correctly configured and files is "
 "one of the domains in the <replaceable>[sssd]</replaceable> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-files.5.xml:79
+#: sssd-files.5.xml:111
 #, no-wrap
 msgid ""
 "[domain/files]\n"
@@ -14327,18 +14356,10 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-secrets.5.xml:75
-#, fuzzy
-#| msgid ""
-#| "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
-#| "<manvolnum>8</manvolnum> </citerefentry> to specify the default "
-#| "permissions on a newly created home directory."
 msgid ""
 "used by the <citerefentry> <refentrytitle>sssd-kcm</refentrytitle> "
 "<manvolnum>8</manvolnum> </citerefentry> service."
 msgstr ""
-"Utilizado por <citerefentry><refentrytitle>sss_useradd</refentrytitle> "
-"<manvolnum>8</manvolnum></citerefentry> para especificar los permisos "
-"predeterminados en un directorio de inicio recién creado."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-secrets.5.xml:61
@@ -14498,10 +14519,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sssd-secrets.5.xml:216
-#, fuzzy
-#| msgid "pam_id_timeout (integer)"
 msgid "max_uid_secrets (integer)"
-msgstr "pam_id_timeout (entero)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd-secrets.5.xml:219
@@ -15030,27 +15049,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-session-recording.5.xml:16
+#: sssd-session-recording.5.xml:10 sssd-session-recording.5.xml:16
 msgid "sssd-session-recording"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sssd-session-recording.5.xml:17
-#, fuzzy
-#| msgid "Configuring sudo to cooperate with SSSD"
 msgid "Configuring session recording with SSSD"
-msgstr "Configurando sudo para cooperar con SSSD"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-session-recording.5.xml:23
-#, fuzzy
-#| msgid ""
-#| "This manual page describes the configuration of the simple access-control "
-#| "provider for <citerefentry> <refentrytitle>sssd</refentrytitle> "
-#| "<manvolnum>8</manvolnum> </citerefentry>.  For a detailed syntax "
-#| "reference, refer to the <quote>FILE FORMAT</quote> section of the "
-#| "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-#| "manvolnum> </citerefentry> manual page."
 msgid ""
 "This manual page describes how to configure <citerefentry> "
 "<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> "
@@ -15061,12 +15070,6 @@ msgid ""
 "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
 "<manvolnum>5</manvolnum> </citerefentry> manual page."
 msgstr ""
-"Esta página de manual describe la configuración del proveedor de control de "
-"acceso simple para <citerefentry> <refentrytitle>sssd</refentrytitle> "
-"<manvolnum>8</manvolnum> </citerefentry>.  Para una referencia detallada de "
-"sintaxis, vea la sección <quote>FILE FORMAT</quote> de la página de manual "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-session-recording.5.xml:41
@@ -15090,10 +15093,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-session-recording.5.xml:60
-#, fuzzy
-#| msgid "These options can be used to configure the PAC responder."
 msgid "These options can be used to configure the session recording."
-msgstr "Estas opciones pueden ser usadas para configurar el respondedor PAC."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-session-recording.5.xml:146
@@ -15317,10 +15318,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sssd-systemtap.5.xml:10 sssd-systemtap.5.xml:16
-#, fuzzy
-#| msgid "sssd-simple"
 msgid "sssd-systemtap"
-msgstr "sssd-simple"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sssd-systemtap.5.xml:17
@@ -15329,21 +15328,11 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-systemtap.5.xml:23
-#, fuzzy
-#| msgid ""
-#| "This manual page only describes attribute name mapping.  For detailed "
-#| "explanation of sudo related attribute semantics, see <citerefentry> "
-#| "<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </"
-#| "citerefentry>"
 msgid ""
 "This manual page provides information about the systemtap functionality in "
 "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
 "</citerefentry>."
 msgstr ""
-"Esta página de manual sólo describe el atributo de nombre mapping. Para una "
-"explicación detallada de la semántica del atributo relacionada con sudo, vea "
-"<citerefentry> <refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-systemtap.5.xml:32
@@ -15379,10 +15368,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sssd-systemtap.5.xml:64
-#, fuzzy
-#| msgid "realm name"
 msgid "probe $name"
-msgstr "nombre de reino"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd-systemtap.5.xml:67
@@ -15578,16 +15565,11 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
 #: sssd-systemtap.5.xml:257 sssd-systemtap.5.xml:269 sssd-systemtap.5.xml:281
 #: sssd-systemtap.5.xml:293
-#, fuzzy, no-wrap
-#| msgid ""
-#| "fallback_homedir = /home/%u\n"
-#| "                            "
+#, no-wrap
 msgid ""
 "filter:string\n"
 "                       "
 msgstr ""
-"fallback_homedir = /home/%u\n"
-"                            "
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sssd-systemtap.5.xml:262
@@ -15934,10 +15916,8 @@ msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
 #: include/failover.xml:76
-#, fuzzy
-#| msgid "dns_resolver_timeout (integer)"
 msgid "dns_resolver_op_timeout"
-msgstr "dns_resolver_timeout (entero)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: include/failover.xml:80
@@ -15946,10 +15926,8 @@ msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
 #: include/failover.xml:86
-#, fuzzy
-#| msgid "dns_resolver_timeout (integer)"
 msgid "dns_resolver_timeout"
-msgstr "dns_resolver_timeout (entero)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: include/failover.xml:90
@@ -15961,30 +15939,18 @@ msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para>
 #: include/failover.xml:67
-#, fuzzy
-#| msgid ""
-#| "All of the common configuration options that apply to SSSD domains also "
-#| "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> "
-#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
-#| "<manvolnum>5</manvolnum> </citerefentry> manual page for full details.  "
-#| "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgid ""
 "This section lists the available tunables. Please refer to their description "
 "in the <citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
 "manvolnum> </citerefentry>, manual page.  <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
 msgstr ""
-"Todas las opciones de configuración comunes que se aplican a los dominios "
-"SSSD también se aplican a los dominios LDAP. Vea la sección <quote>DOMAIN "
-"SECTIONS</quote> de la página de manual <citerefentry> <refentrytitle>sssd."
-"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> para detalles "
-"completos. <placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <refsect1><refsect2><para>
 #: include/failover.xml:100
 msgid ""
 "For LDAP-based providers, the resolve operation is performed as part of an "
-"LDAP connection operation. Thefore, also the <quote>ldap_opt_timeout></"
+"LDAP connection operation. Therefore, also the <quote>ldap_opt_timeout></"
 "quote> timeout should be set to a larger value than "
 "<quote>dns_resolver_timeout</quote> which in turn should be set to a larger "
 "value than <quote>dns_resolver_op_timeout</quote>."
@@ -16921,6 +16887,23 @@ msgstr ""
 msgid "ldap_use_tokengroups = true"
 msgstr ""
 
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ad_modified_defaults.xml:63
+msgid "ldap_sasl_authid = sAMAccountName@REALM (typically SHORTNAME$@REALM)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ad_modified_defaults.xml:66
+msgid ""
+"The AD provider looks for a different principal than the LDAP provider by "
+"default, because in an Active Directory environment the principals are "
+"divided into two groups - User Principals and Service Principals. Only User "
+"Principal can be used to obtain a TGT and by default, computer object's "
+"principal is constructed from its sAMAccountName and the AD realm. The well-"
+"known host/hostname@REALM principal is a Service Principal and thus cannot "
+"be used to get a TGT with."
+msgstr ""
+
 #. type: Content of: <refsect1><para>
 #: include/ipa_modified_defaults.xml:4
 msgid ""
@@ -17023,22 +17006,3 @@ msgstr ""
 #: include/ipa_modified_defaults.xml:118
 msgid "ldap_group_external_member = ipaExternalMember"
 msgstr ""
-
-#~ msgid ""
-#~ "Determines if a domain can be enumerated. This parameter can have one of "
-#~ "the following values:"
-#~ msgstr ""
-#~ "Determina si un dominio puede ser enumerado. Este parámetro puede tener "
-#~ "uno de los siguientes valores:"
-
-#~ msgid ""
-#~ "<command>sss_debuglevel</command> changes debug level of SSSD monitor and "
-#~ "providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is "
-#~ "running."
-#~ msgstr ""
-#~ "<command>sss_debuglevel</command> cambia el nivel de depuración del "
-#~ "monitor y proveedores SSSD a <replaceable>NEW_DEBUG_LEVEL</replaceable> "
-#~ "mientras SSSD está corriendo."
-
-#~ msgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>"
-#~ msgstr "<replaceable>NEW_DEBUG_LEVEL</replaceable>"
diff --git a/src/man/po/eu.po b/src/man/po/eu.po
index f03daa3..93c0f65 100644
--- a/src/man/po/eu.po
+++ b/src/man/po/eu.po
@@ -5,10 +5,10 @@
 # Translators:
 msgid ""
 msgstr ""
-"Project-Id-Version: sssd-docs 1.15.3\n"
+"Project-Id-Version: sssd-docs 1.16.1\n"
 "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2018-03-09 12:30+0100\n"
-"PO-Revision-Date: 2014-12-14 11:55-0500\n"
+"POT-Creation-Date: 2018-06-08 21:00+0200\n"
+"PO-Revision-Date: 2014-12-14 11:55+0000\n"
 "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
 "Language-Team: Basque (http://www.transifex.com/projects/p/sssd/language/"
 "eu/)\n"
@@ -17,7 +17,7 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
-"X-Generator: Zanata 3.9.6\n"
+"X-Generator: Zanata 4.4.5\n"
 
 #. type: Content of: <reference><title>
 #: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
@@ -88,7 +88,7 @@ msgstr ""
 #: sss_groupmod.8.xml:39 pam_sss.8.xml:64 sssd.8.xml:42 sss_obfuscate.8.xml:58
 #: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
 #: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
-#: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:66
+#: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:123
 #: sss_ssh_knownhostsproxy.1.xml:62
 msgid "OPTIONS"
 msgstr ""
@@ -184,7 +184,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd.conf.5.xml:41
 msgid ""
-"A line comment starts with a hash sign (<quote>#</quote>) or a semicolon "
+"A comment line starts with a hash sign (<quote>#</quote>) or a semicolon "
 "(<quote>;</quote>).  Inline comments are not supported."
 msgstr ""
 
@@ -292,11 +292,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:133 sssd.conf.5.xml:543 sssd.conf.5.xml:837
-#: sssd.conf.5.xml:1474 sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1937
-#: sssd-ldap.5.xml:1999 sssd-ldap.5.xml:2565 sssd-ldap.5.xml:2630
-#: sssd-ldap.5.xml:2648 sssd-ad.5.xml:224 sssd-ad.5.xml:338 sssd-ad.5.xml:882
-#: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
+#: sssd.conf.5.xml:133 sssd.conf.5.xml:543 sssd.conf.5.xml:839
+#: sssd.conf.5.xml:1491 sssd.conf.5.xml:1521 sssd-ldap.5.xml:1840
+#: sssd-ldap.5.xml:1937 sssd-ldap.5.xml:1999 sssd-ldap.5.xml:2565
+#: sssd-ldap.5.xml:2630 sssd-ldap.5.xml:2648 sssd-ad.5.xml:227
+#: sssd-ad.5.xml:341 sssd-ad.5.xml:885 sssd-krb5.5.xml:499
+#: sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
 msgid "Default: true"
 msgstr ""
 
@@ -313,8 +314,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:146 sssd.conf.5.xml:540 sssd.conf.5.xml:721
-#: sssd.conf.5.xml:1407 sssd.conf.5.xml:2925 sssd-ldap.5.xml:708
+#: sssd.conf.5.xml:146 sssd.conf.5.xml:540 sssd.conf.5.xml:722
+#: sssd.conf.5.xml:1424 sssd.conf.5.xml:2983 sssd-ldap.5.xml:708
 #: sssd-ldap.5.xml:1714 sssd-ldap.5.xml:1733 sssd-ldap.5.xml:1909
 #: sssd-ldap.5.xml:2335 sssd-ipa.5.xml:151 sssd-ipa.5.xml:238
 #: sssd-ipa.5.xml:559 sssd-krb5.5.xml:266 sssd-krb5.5.xml:300
@@ -348,7 +349,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:169 sssd.conf.5.xml:1359 sssd.conf.5.xml:2941
+#: sssd.conf.5.xml:169 sssd.conf.5.xml:1376 sssd.conf.5.xml:2999
 #: sssd-ldap.5.xml:1585 include/ldap_id_mapping.xml:264
 msgid "Default: 10"
 msgstr ""
@@ -364,7 +365,7 @@ msgid "The [sssd] section"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:191 sssd.conf.5.xml:3030
+#: sssd.conf.5.xml:191 sssd.conf.5.xml:3088
 msgid "Section parameters"
 msgstr ""
 
@@ -412,19 +413,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231 sssd.conf.5.xml:613
+#: sssd.conf.5.xml:231 sssd.conf.5.xml:614
 msgid "reconnection_retries (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:234 sssd.conf.5.xml:616
+#: sssd.conf.5.xml:234 sssd.conf.5.xml:617
 msgid ""
 "Number of times services should attempt to reconnect in the event of a Data "
 "Provider crash or restart before they give up"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:239 sssd.conf.5.xml:621
+#: sssd.conf.5.xml:239 sssd.conf.5.xml:622
 msgid "Default: 3"
 msgstr ""
 
@@ -444,7 +445,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:259 sssd.conf.5.xml:2539
+#: sssd.conf.5.xml:259 sssd.conf.5.xml:2597
 msgid "re_expression (string)"
 msgstr ""
 
@@ -464,12 +465,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:276 sssd.conf.5.xml:2590
+#: sssd.conf.5.xml:276 sssd.conf.5.xml:2648
 msgid "full_name_format (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:279 sssd.conf.5.xml:2593
+#: sssd.conf.5.xml:279 sssd.conf.5.xml:2651
 msgid ""
 "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
 "manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -477,39 +478,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:290 sssd.conf.5.xml:2604
+#: sssd.conf.5.xml:290 sssd.conf.5.xml:2662
 msgid "%1$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:291 sssd.conf.5.xml:2605
+#: sssd.conf.5.xml:291 sssd.conf.5.xml:2663
 msgid "user name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:294 sssd.conf.5.xml:2608
+#: sssd.conf.5.xml:294 sssd.conf.5.xml:2666
 msgid "%2$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:297 sssd.conf.5.xml:2611
+#: sssd.conf.5.xml:297 sssd.conf.5.xml:2669
 msgid "domain name as specified in the SSSD config file."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:303 sssd.conf.5.xml:2617
+#: sssd.conf.5.xml:303 sssd.conf.5.xml:2675
 msgid "%3$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:306 sssd.conf.5.xml:2620
+#: sssd.conf.5.xml:306 sssd.conf.5.xml:2678
 msgid ""
 "domain flat name. Mostly usable for Active Directory domains, both directly "
 "configured or discovered via IPA trusts."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:287 sssd.conf.5.xml:2601
+#: sssd.conf.5.xml:287 sssd.conf.5.xml:2659
 msgid ""
 "The following expansions are supported: <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
@@ -633,9 +634,9 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:418 sssd.conf.5.xml:1163 sssd-ldap.5.xml:679
+#: sssd.conf.5.xml:418 sssd.conf.5.xml:1165 sssd-ldap.5.xml:679
 #: sssd-ldap.5.xml:1319 sssd-ldap.5.xml:1673 sssd-ldap.5.xml:1685
-#: sssd-ldap.5.xml:1767 sssd-ad.5.xml:687 sssd-ad.5.xml:762 sssd.8.xml:126
+#: sssd-ldap.5.xml:1767 sssd-ad.5.xml:690 sssd-ad.5.xml:765 sssd.8.xml:126
 #: sssd-krb5.5.xml:410 sssd-krb5.5.xml:556 sssd-secrets.5.xml:339
 #: sssd-secrets.5.xml:377 sssd-secrets.5.xml:390 sssd-secrets.5.xml:404
 #: sssd-secrets.5.xml:415 include/ldap_id_mapping.xml:205
@@ -813,21 +814,22 @@ msgstr ""
 #: sssd.conf.5.xml:563
 msgid ""
 "Please, note that when this option is set the output format of all commands "
-"is always fully-qualified even when using short names for input.  In case "
-"the administrator wants the output not fully-qualified, the full_name_format "
-"option can be used as shown below: <quote>full_name_format=%1$s</quote> "
-"However, keep in mind that during login, login applications often "
-"canonicalize the username by calling <citerefentry> <refentrytitle>getpwnam</"
-"refentrytitle> <manvolnum>3</manvolnum> </citerefentry> which, if a "
-"shortname is returned for a qualified input (while trying to reach a user "
-"which exists in multiple domains) might re-route the login attempt into the "
-"domain which users shortnames, making this workaround totally not "
-"recommended in cases where usernames may overlap between domains."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587 sssd.conf.5.xml:1371 sssd.conf.5.xml:2991
-#: sssd-ad.5.xml:161 sssd-ad.5.xml:299 sssd-ad.5.xml:313
+"is always fully-qualified even when using short names for input, for all "
+"users but the ones managed by the files provider.  In case the administrator "
+"wants the output not fully-qualified, the full_name_format option can be "
+"used as shown below: <quote>full_name_format=%1$s</quote> However, keep in "
+"mind that during login, login applications often canonicalize the username "
+"by calling <citerefentry> <refentrytitle>getpwnam</refentrytitle> "
+"<manvolnum>3</manvolnum> </citerefentry> which, if a shortname is returned "
+"for a qualified input (while trying to reach a user which exists in multiple "
+"domains) might re-route the login attempt into the domain which uses "
+"shortnames, making this workaround totally not recommended in cases where "
+"usernames may overlap between domains."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:588 sssd.conf.5.xml:1388 sssd.conf.5.xml:3049
+#: sssd-ad.5.xml:164 sssd-ad.5.xml:302 sssd-ad.5.xml:316
 msgid "Default: Not set"
 msgstr ""
 
@@ -843,12 +845,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:598
+#: sssd.conf.5.xml:599
 msgid "SERVICES SECTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:600
+#: sssd.conf.5.xml:601
 msgid ""
 "Settings that can be used to configure different services are described in "
 "this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -857,22 +859,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:607
+#: sssd.conf.5.xml:608
 msgid "General service configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:609
+#: sssd.conf.5.xml:610
 msgid "These options can be used to configure any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:626
+#: sssd.conf.5.xml:627
 msgid "fd_limit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:629
+#: sssd.conf.5.xml:630
 msgid ""
 "This option specifies the maximum number of file descriptors that may be "
 "opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -882,17 +884,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:638
+#: sssd.conf.5.xml:639
 msgid "Default: 8192 (or limits.conf \"hard\" limit)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:643
+#: sssd.conf.5.xml:644
 msgid "client_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:646
+#: sssd.conf.5.xml:647
 msgid ""
 "This option specifies the number of seconds that a client of an SSSD process "
 "can hold onto a file descriptor without communicating on it. This value is "
@@ -902,18 +904,18 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:655 sssd.conf.5.xml:687 sssd.conf.5.xml:968
-#: sssd.conf.5.xml:1229 sssd-ldap.5.xml:1412
+#: sssd.conf.5.xml:656 sssd.conf.5.xml:688 sssd.conf.5.xml:970
+#: sssd.conf.5.xml:1231 sssd-ldap.5.xml:1412
 msgid "Default: 60"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:660
+#: sssd.conf.5.xml:661
 msgid "offline_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:663
+#: sssd.conf.5.xml:664
 msgid ""
 "When SSSD switches to offline mode the amount of time before it tries to go "
 "back online will increase based upon the time spent disconnected.  This "
@@ -921,24 +923,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:670
+#: sssd.conf.5.xml:671
 msgid "offline_timeout + random_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:673
+#: sssd.conf.5.xml:674
 msgid ""
 "The random offset can increment up to 30 seconds.  After each unsuccessful "
 "attempt to go online, the new interval is recalculated by the following:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:678
+#: sssd.conf.5.xml:679
 msgid "new_interval = old_interval*2 + random_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:681
+#: sssd.conf.5.xml:682
 msgid ""
 "Note that the maximum length of each interval is currently limited to one "
 "hour. If the calculated length of new_interval is greater than an hour, it "
@@ -946,12 +948,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:692
+#: sssd.conf.5.xml:693
 msgid "responder_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:695
+#: sssd.conf.5.xml:696
 msgid ""
 "This option specifies the number of seconds that an SSSD responder process "
 "can be up without being used. This value is limited in order to avoid "
@@ -963,58 +965,58 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:709 sssd.conf.5.xml:981 sssd.conf.5.xml:1566
+#: sssd.conf.5.xml:710 sssd.conf.5.xml:983 sssd.conf.5.xml:1616
 #: sssd-ldap.5.xml:722
 msgid "Default: 300"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:714
+#: sssd.conf.5.xml:715
 msgid "cache_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:717
+#: sssd.conf.5.xml:718
 msgid ""
 "This option specifies whether the responder should query all caches before "
 "querying the Data Providers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:729
+#: sssd.conf.5.xml:730
 msgid "NSS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:731
+#: sssd.conf.5.xml:732
 msgid ""
 "These options can be used to configure the Name Service Switch (NSS) service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:736
+#: sssd.conf.5.xml:737
 msgid "enum_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:739
+#: sssd.conf.5.xml:740
 msgid ""
 "How many seconds should nss_sss cache enumerations (requests for info about "
 "all users)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:743
+#: sssd.conf.5.xml:744
 msgid "Default: 120"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:748
+#: sssd.conf.5.xml:749
 msgid "entry_cache_nowait_percentage (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:751
+#: sssd.conf.5.xml:752
 msgid ""
 "The entry cache can be set to automatically update entries in the background "
 "if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -1022,7 +1024,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:757
+#: sssd.conf.5.xml:758
 msgid ""
 "For example, if the domain's entry_cache_timeout is set to 30s and "
 "entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -1032,7 +1034,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:767
+#: sssd.conf.5.xml:768
 msgid ""
 "Valid values for this option are 0-99 and represent a percentage of the "
 "entry_cache_timeout for each domain. For performance reasons, this "
@@ -1041,17 +1043,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:775 sssd.conf.5.xml:1428
+#: sssd.conf.5.xml:776 sssd.conf.5.xml:1445
 msgid "Default: 50"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:780
+#: sssd.conf.5.xml:781
 msgid "entry_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:784
 msgid ""
 "Specifies for how many seconds nss_sss should cache negative cache hits "
 "(that is, queries for invalid database entries, like nonexistent ones)  "
@@ -1059,34 +1061,35 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:789 sssd.conf.5.xml:1452
+#: sssd.conf.5.xml:790 sssd.conf.5.xml:1469
 msgid "Default: 15"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:794
+#: sssd.conf.5.xml:795
 msgid "local_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:797
+#: sssd.conf.5.xml:798
 msgid ""
 "Specifies for how many seconds nss_sss should keep local users and groups in "
-"negative cache before trying to look it up in the back end again."
+"negative cache before trying to look it up in the back end again. Setting "
+"the option to 0 disables this feature."
 msgstr ""
 
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:802 sssd.conf.5.xml:1217 sssd.conf.5.xml:2846 sssd.8.xml:79
-msgid "Default: 0"
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:804
+msgid "Default: 14400 (4 hours)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:807
+#: sssd.conf.5.xml:809
 msgid "filter_users, filter_groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:810
+#: sssd.conf.5.xml:812
 msgid ""
 "Exclude certain users or groups from being fetched from the sss NSS "
 "database. This is particularly useful for system accounts. This option can "
@@ -1095,7 +1098,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:817
+#: sssd.conf.5.xml:819
 msgid ""
 "NOTE: The filter_groups option doesn't affect inheritance of nested group "
 "members, since filtering happens after they are propagated for returning via "
@@ -1104,41 +1107,41 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:825
+#: sssd.conf.5.xml:827
 msgid "Default: root"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:830
+#: sssd.conf.5.xml:832
 msgid "filter_users_in_groups (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:833
+#: sssd.conf.5.xml:835
 msgid ""
 "If you want filtered user still be group members set this option to false."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:844
+#: sssd.conf.5.xml:846
 msgid "fallback_homedir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:849
 msgid ""
 "Set a default template for a user's home directory if one is not specified "
 "explicitly by the domain's data provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:852
+#: sssd.conf.5.xml:854
 msgid ""
 "The available values for this option are the same as for override_homedir."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:858
+#: sssd.conf.5.xml:860
 #, no-wrap
 msgid ""
 "fallback_homedir = /home/%u\n"
@@ -1146,23 +1149,23 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:856 sssd.conf.5.xml:1296 sssd.conf.5.xml:1315
+#: sssd.conf.5.xml:858 sssd.conf.5.xml:1298 sssd.conf.5.xml:1317
 #: sssd-krb5.5.xml:539 include/override_homedir.xml:59
 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:862
+#: sssd.conf.5.xml:864
 msgid "Default: not set (no substitution for unset home directories)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:870
 msgid "override_shell (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:873
 msgid ""
 "Override the login shell for all users. This option supersedes any other "
 "shell options if it takes effect and can be set either in the [nss] section "
@@ -1170,47 +1173,47 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:877
+#: sssd.conf.5.xml:879
 msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:883
+#: sssd.conf.5.xml:885
 msgid "allowed_shells (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:886
+#: sssd.conf.5.xml:888
 msgid ""
 "Restrict user shell to one of the listed values. The order of evaluation is:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:889
+#: sssd.conf.5.xml:891
 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:895
 msgid ""
 "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
 "quote>, use the value of the shell_fallback parameter."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:898
+#: sssd.conf.5.xml:900
 msgid ""
 "3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
 "shells</quote>, a nologin shell is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:903
+#: sssd.conf.5.xml:905
 msgid "The wildcard (*) can be used to allow any shell."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:906
+#: sssd.conf.5.xml:908
 msgid ""
 "The (*) is useful if you want to use shell_fallback in case that user's "
 "shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -1218,112 +1221,112 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:913
+#: sssd.conf.5.xml:915
 msgid "An empty string for shell is passed as-is to libc."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:918
 msgid ""
 "The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
 "that a restart of the SSSD is required in case a new shell is installed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:920
+#: sssd.conf.5.xml:922
 msgid "Default: Not set. The user shell is automatically used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:925
+#: sssd.conf.5.xml:927
 msgid "vetoed_shells (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:928
+#: sssd.conf.5.xml:930
 msgid "Replace any instance of these shells with the shell_fallback"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:933
+#: sssd.conf.5.xml:935
 msgid "shell_fallback (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:936
+#: sssd.conf.5.xml:938
 msgid ""
 "The default shell to use if an allowed shell is not installed on the machine."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
+#: sssd.conf.5.xml:942
 msgid "Default: /bin/sh"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:945
+#: sssd.conf.5.xml:947
 msgid "default_shell"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:950
 msgid ""
 "The default shell to use if the provider does not return one during lookup. "
 "This option can be specified globally in the [nss] section or per-domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:956
 msgid ""
 "Default: not set (Return NULL if no shell is specified and rely on libc to "
 "substitute something sensible when necessary, usually /bin/sh)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:961 sssd.conf.5.xml:1222
+#: sssd.conf.5.xml:963 sssd.conf.5.xml:1224
 msgid "get_domains_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:964 sssd.conf.5.xml:1225
+#: sssd.conf.5.xml:966 sssd.conf.5.xml:1227
 msgid ""
 "Specifies time in seconds for which the list of subdomains will be "
 "considered valid."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:973
+#: sssd.conf.5.xml:975
 msgid "memcache_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:976
+#: sssd.conf.5.xml:978
 msgid ""
 "Specifies time in seconds for which records in the in-memory cache will be "
 "valid. Setting this option to zero will disable the in-memory cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:984
+#: sssd.conf.5.xml:986
 msgid ""
 "WARNING: Disabling the in-memory cache will have significant negative impact "
 "on SSSD's performance and should only be used for testing."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:990
+#: sssd.conf.5.xml:992
 msgid ""
 "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
 "client applications will not use the fast in-memory cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:998 sssd-ifp.5.xml:74
+#: sssd.conf.5.xml:1000 sssd-ifp.5.xml:74
 msgid "user_attributes (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1001
+#: sssd.conf.5.xml:1003
 msgid ""
 "Some of the additional NSS responder requests can return more attributes "
 "than just the POSIX ones defined by the NSS interface. The list of "
@@ -1334,96 +1337,96 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1014
+#: sssd.conf.5.xml:1016
 msgid ""
 "To make configuration more easy the NSS responder will check the InfoPipe "
 "option if it is not set for the NSS responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1019
+#: sssd.conf.5.xml:1021
 msgid "Default: not set, fallback to InfoPipe option"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1026
 msgid "pwfield (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1029
 msgid ""
 "The value that NSS operations that return users or groups will return for "
 "the <quote>password</quote> field."
 msgstr ""
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:1032 include/override_homedir.xml:56
+#: sssd.conf.5.xml:1034 include/override_homedir.xml:56
 msgid "This option can also be set per-domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1035
+#: sssd.conf.5.xml:1037
 msgid ""
 "Default: <quote>*</quote> (remote domains)  or <quote>x</quote> (the files "
 "domain)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1043
+#: sssd.conf.5.xml:1045
 msgid "PAM configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1047
 msgid ""
 "These options can be used to configure the Pluggable Authentication Module "
 "(PAM) service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1050
+#: sssd.conf.5.xml:1052
 msgid "offline_credentials_expiration (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1053
+#: sssd.conf.5.xml:1055
 msgid ""
 "If the authentication provider is offline, how long should we allow cached "
 "logins (in days since the last successful online login)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1058 sssd.conf.5.xml:1071
+#: sssd.conf.5.xml:1060 sssd.conf.5.xml:1073
 msgid "Default: 0 (No limit)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1064
+#: sssd.conf.5.xml:1066
 msgid "offline_failed_login_attempts (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1067
+#: sssd.conf.5.xml:1069
 msgid ""
 "If the authentication provider is offline, how many failed login attempts "
 "are allowed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1077
+#: sssd.conf.5.xml:1079
 msgid "offline_failed_login_delay (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1080
+#: sssd.conf.5.xml:1082
 msgid ""
 "The time in minutes which has to pass after offline_failed_login_attempts "
 "has been reached before a new login attempt is possible."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1085
+#: sssd.conf.5.xml:1087
 msgid ""
 "If set to 0 the user cannot authenticate offline if "
 "offline_failed_login_attempts has been reached. Only a successful online "
@@ -1431,59 +1434,59 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1091 sssd.conf.5.xml:1189
+#: sssd.conf.5.xml:1093 sssd.conf.5.xml:1191
 msgid "Default: 5"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1097
+#: sssd.conf.5.xml:1099
 msgid "pam_verbosity (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1100
+#: sssd.conf.5.xml:1102
 msgid ""
 "Controls what kind of messages are shown to the user during authentication. "
 "The higher the number to more messages are displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1105
+#: sssd.conf.5.xml:1107
 msgid "Currently sssd supports the following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1108
+#: sssd.conf.5.xml:1110
 msgid "<emphasis>0</emphasis>: do not show any message"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1111
+#: sssd.conf.5.xml:1113
 msgid "<emphasis>1</emphasis>: show only important messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1115
+#: sssd.conf.5.xml:1117
 msgid "<emphasis>2</emphasis>: show informational messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1118
+#: sssd.conf.5.xml:1120
 msgid "<emphasis>3</emphasis>: show all messages and debug information"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1122 sssd.8.xml:63
+#: sssd.conf.5.xml:1124 sssd.8.xml:63
 msgid "Default: 1"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1128
+#: sssd.conf.5.xml:1130
 msgid "pam_response_filter (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1131
+#: sssd.conf.5.xml:1133
 msgid ""
 "A comma separated list of strings which allows to remove (filter) data sent "
 "by the PAM responder to pam_sss PAM module. There are different kind of "
@@ -1492,61 +1495,61 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1139
+#: sssd.conf.5.xml:1141
 msgid ""
 "While messages already can be controlled with the help of the pam_verbosity "
 "option this option allows to filter out other kind of responses as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1148
 msgid "ENV"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1147
+#: sssd.conf.5.xml:1149
 msgid "Do not send any environment variables to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1150
+#: sssd.conf.5.xml:1152
 msgid "ENV:var_name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1151
+#: sssd.conf.5.xml:1153
 msgid "Do not send environment variable var_name to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1155
+#: sssd.conf.5.xml:1157
 msgid "ENV:var_name:service"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1156
+#: sssd.conf.5.xml:1158
 msgid "Do not send environment variable var_name to service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1144
+#: sssd.conf.5.xml:1146
 msgid ""
 "Currently the following filters are supported: <placeholder type="
 "\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1166
+#: sssd.conf.5.xml:1168
 msgid "Example: ENV:KRB5CCNAME:sudo-i"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1174
 msgid "pam_id_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1175
+#: sssd.conf.5.xml:1177
 msgid ""
 "For any PAM request while SSSD is online, the SSSD will attempt to "
 "immediately update the cached identity information for the user in order to "
@@ -1554,7 +1557,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1181
+#: sssd.conf.5.xml:1183
 msgid ""
 "A complete PAM conversation may perform multiple PAM requests, such as "
 "account management and session opening. This option controls (on a per-"
@@ -1563,17 +1566,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1195
+#: sssd.conf.5.xml:1197
 msgid "pam_pwd_expiration_warning (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1198 sssd.conf.5.xml:2028
+#: sssd.conf.5.xml:1200 sssd.conf.5.xml:2078
 msgid "Display a warning N days before the password expires."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1201
+#: sssd.conf.5.xml:1203
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -1581,26 +1584,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1207 sssd.conf.5.xml:2031
+#: sssd.conf.5.xml:1209 sssd.conf.5.xml:2081
 msgid ""
 "If zero is set, then this filter is not applied, i.e. if the expiration "
 "warning was received from backend server, it will automatically be displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1212
+#: sssd.conf.5.xml:1214
 msgid ""
 "This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
 "emphasis> for a particular domain."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1219 sssd.conf.5.xml:2904 sssd.8.xml:79
+msgid "Default: 0"
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1234
+#: sssd.conf.5.xml:1236
 msgid "pam_trusted_users (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1237
+#: sssd.conf.5.xml:1239
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to run PAM conversations against trusted domains.  Users not "
@@ -1610,74 +1618,74 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1247
+#: sssd.conf.5.xml:1249
 msgid "Default: All users are considered trusted by default"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1251
+#: sssd.conf.5.xml:1253
 msgid ""
 "Please note that UID 0 is always allowed to access the PAM responder even in "
 "case it is not in the pam_trusted_users list."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1258
+#: sssd.conf.5.xml:1260
 msgid "pam_public_domains (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1261
+#: sssd.conf.5.xml:1263
 msgid ""
 "Specifies the comma-separated list of domain names that are accessible even "
 "to untrusted users."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1265
+#: sssd.conf.5.xml:1267
 msgid "Two special values for pam_public_domains option are defined:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1269
+#: sssd.conf.5.xml:1271
 msgid ""
 "all (Untrusted users are allowed to access all domains in PAM responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1273
+#: sssd.conf.5.xml:1275
 msgid ""
 "none (Untrusted users are not allowed to access any domains PAM in "
 "responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1277 sssd.conf.5.xml:1302 sssd.conf.5.xml:1321
-#: sssd.conf.5.xml:1825 sssd.conf.5.xml:2782 sssd-ldap.5.xml:1968
+#: sssd.conf.5.xml:1279 sssd.conf.5.xml:1304 sssd.conf.5.xml:1323
+#: sssd.conf.5.xml:1875 sssd.conf.5.xml:2840 sssd-ldap.5.xml:1968
 msgid "Default: none"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1282
+#: sssd.conf.5.xml:1284
 msgid "pam_account_expired_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1285
+#: sssd.conf.5.xml:1287
 msgid ""
 "Allows a custom expiration message to be set, replacing the default "
 "'Permission denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1290
+#: sssd.conf.5.xml:1292
 msgid ""
 "Note: Please be aware that message is only printed for the SSH service "
 "unless pam_verbosity is set to 3 (show all messages and debug information)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1298
+#: sssd.conf.5.xml:1300
 #, no-wrap
 msgid ""
 "pam_account_expired_message = Account expired, please contact help desk.\n"
@@ -1685,19 +1693,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1307
+#: sssd.conf.5.xml:1309
 msgid "pam_account_locked_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1310
+#: sssd.conf.5.xml:1312
 msgid ""
 "Allows a custom lockout message to be set, replacing the default 'Permission "
 "denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1317
+#: sssd.conf.5.xml:1319
 #, no-wrap
 msgid ""
 "pam_account_locked_message = Account locked, please contact help desk.\n"
@@ -1705,12 +1713,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1326
+#: sssd.conf.5.xml:1328
 msgid "pam_cert_auth (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1329
+#: sssd.conf.5.xml:1331
 msgid ""
 "Enable certificate based Smartcard authentication.  Since this requires "
 "additional communication with the Smartcard which will delay the "
@@ -1718,58 +1726,80 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1335 sssd.conf.5.xml:2875 sssd-ldap.5.xml:1087
+#: sssd.conf.5.xml:1337 sssd.conf.5.xml:2933 sssd-ldap.5.xml:1087
 #: sssd-ldap.5.xml:1114 sssd-ldap.5.xml:1514 sssd-ldap.5.xml:1535
 #: sssd-ldap.5.xml:2041 include/ldap_id_mapping.xml:244
 msgid "Default: False"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1340
+#: sssd.conf.5.xml:1342
 msgid "pam_cert_db_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1343
+#: sssd.conf.5.xml:1345
 msgid ""
 "The path to the certificate database which contain the PKCS#11 modules to "
 "access the Smartcard."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1347
-msgid "Default: /etc/pki/nssdb (NSS version)"
+#: sssd.conf.5.xml:1349 sssd.conf.5.xml:1534
+msgid "Default:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:1351 sssd.conf.5.xml:1536
+msgid "/etc/pki/nssdb (NSS version, path to a NSS database)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:1354 sssd.conf.5.xml:1539
+msgid ""
+"/etc/sssd/pki/sssd_auth_ca_db.pem (OpenSSL version, path to a file with "
+"trusted CA certificates in PEM format)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1361 sssd.conf.5.xml:1546
+msgid "This man page was generated for the NSS version."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1364 sssd.conf.5.xml:1549
+msgid "This man page was generated for the OpenSSL version."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1352
+#: sssd.conf.5.xml:1369
 msgid "p11_child_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1355
+#: sssd.conf.5.xml:1372
 msgid "How many seconds will pam_sss wait for p11_child to finish."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1364
+#: sssd.conf.5.xml:1381
 msgid "pam_app_services (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1367
+#: sssd.conf.5.xml:1384
 msgid ""
 "Which PAM services are permitted to contact domains of type "
 "<quote>application</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1380
+#: sssd.conf.5.xml:1397
 msgid "SUDO configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1382
+#: sssd.conf.5.xml:1399
 msgid ""
 "These options can be used to configure the sudo service.  The detailed "
 "instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -1780,24 +1810,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1399
+#: sssd.conf.5.xml:1416
 msgid "sudo_timed (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1402
+#: sssd.conf.5.xml:1419
 msgid ""
 "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
 "that implement time-dependent sudoers entries."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1414
+#: sssd.conf.5.xml:1431
 msgid "sudo_threshold (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1417
+#: sssd.conf.5.xml:1434
 msgid ""
 "Maximum number of expired rules that can be refreshed at once. If number of "
 "expired rules is below threshold, those rules are refreshed with "
@@ -1807,22 +1837,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1436
+#: sssd.conf.5.xml:1453
 msgid "AUTOFS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1438
+#: sssd.conf.5.xml:1455
 msgid "These options can be used to configure the autofs service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1442
+#: sssd.conf.5.xml:1459
 msgid "autofs_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1445
+#: sssd.conf.5.xml:1462
 msgid ""
 "Specifies for how many seconds should the autofs responder negative cache "
 "hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1830,68 +1860,77 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1461
+#: sssd.conf.5.xml:1478
 msgid "SSH configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1463
+#: sssd.conf.5.xml:1480
 msgid "These options can be used to configure the SSH service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1467
+#: sssd.conf.5.xml:1484
 msgid "ssh_hash_known_hosts (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1470
+#: sssd.conf.5.xml:1487
 msgid ""
 "Whether or not to hash host names and addresses in the managed known_hosts "
 "file."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1479
+#: sssd.conf.5.xml:1496
 msgid "ssh_known_hosts_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1482
+#: sssd.conf.5.xml:1499
 msgid ""
 "How many seconds to keep a host in the managed known_hosts file after its "
 "host keys were requested."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1486
+#: sssd.conf.5.xml:1503
 msgid "Default: 180"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1491
-msgid "ca_db (string)"
+#: sssd.conf.5.xml:1508
+msgid "ssh_use_certificate_keys (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1494
+#: sssd.conf.5.xml:1511
 msgid ""
-"Path to a storage of trusted CA certificates. The option is used to validate "
-"user certificates before deriving public ssh keys from them."
+"If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh "
+"keys derived from the public key of X.509 certificates stored in the user "
+"entry as well. See <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</"
+"refentrytitle> <manvolnum>1</manvolnum> </citerefentry> for details."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1526
+msgid "ca_db (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1499
-msgid "Default: /etc/pki/nssdb"
+#: sssd.conf.5.xml:1529
+msgid ""
+"Path to a storage of trusted CA certificates. The option is used to validate "
+"user certificates before deriving public ssh keys from them."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1507
+#: sssd.conf.5.xml:1557
 msgid "PAC responder configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1509
+#: sssd.conf.5.xml:1559
 msgid ""
 "The PAC responder works together with the authorization data plugin for MIT "
 "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -1902,7 +1941,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1518
+#: sssd.conf.5.xml:1568
 msgid ""
 "If the remote user does not exist in the cache, it is created. The UID is "
 "determined with the help of the SID, trusted domains will have UPGs and the "
@@ -1913,24 +1952,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1526
+#: sssd.conf.5.xml:1576
 msgid ""
 "If there are SIDs of groups from domains sssd knows about, the user will be "
 "added to those groups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1532
+#: sssd.conf.5.xml:1582
 msgid "These options can be used to configure the PAC responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1536 sssd-ifp.5.xml:50
+#: sssd.conf.5.xml:1586 sssd-ifp.5.xml:50
 msgid "allowed_uids (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1539
+#: sssd.conf.5.xml:1589
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -1938,12 +1977,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1545
+#: sssd.conf.5.xml:1595
 msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1549
+#: sssd.conf.5.xml:1599
 msgid ""
 "Please note that although the UID 0 is used as the default it will be "
 "overwritten with this option. If you still want to allow the root user to "
@@ -1952,24 +1991,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1558
+#: sssd.conf.5.xml:1608
 msgid "pac_lifetime (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1561
+#: sssd.conf.5.xml:1611
 msgid ""
 "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
 "data can be used to determine the group memberships of a user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1574
+#: sssd.conf.5.xml:1624
 msgid "Session recording configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1576
+#: sssd.conf.5.xml:1626
 msgid ""
 "Session recording works in conjunction with <citerefentry> "
 "<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </"
@@ -1979,66 +2018,66 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1589
+#: sssd.conf.5.xml:1639
 msgid "These options can be used to configure session recording."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1593 sssd-session-recording.5.xml:64
+#: sssd.conf.5.xml:1643 sssd-session-recording.5.xml:64
 msgid "scope (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1600 sssd-session-recording.5.xml:71
+#: sssd.conf.5.xml:1650 sssd-session-recording.5.xml:71
 msgid "\"none\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1603 sssd-session-recording.5.xml:74
+#: sssd.conf.5.xml:1653 sssd-session-recording.5.xml:74
 msgid "No users are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1608 sssd-session-recording.5.xml:79
+#: sssd.conf.5.xml:1658 sssd-session-recording.5.xml:79
 msgid "\"some\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1611 sssd-session-recording.5.xml:82
+#: sssd.conf.5.xml:1661 sssd-session-recording.5.xml:82
 msgid ""
 "Users/groups specified by <replaceable>users</replaceable> and "
 "<replaceable>groups</replaceable> options are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1620 sssd-session-recording.5.xml:91
+#: sssd.conf.5.xml:1670 sssd-session-recording.5.xml:91
 msgid "\"all\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1623 sssd-session-recording.5.xml:94
+#: sssd.conf.5.xml:1673 sssd-session-recording.5.xml:94
 msgid "All users are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1596 sssd-session-recording.5.xml:67
+#: sssd.conf.5.xml:1646 sssd-session-recording.5.xml:67
 msgid ""
 "One of the following strings specifying the scope of session recording: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1630 sssd-session-recording.5.xml:101
+#: sssd.conf.5.xml:1680 sssd-session-recording.5.xml:101
 msgid "Default: \"none\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1635 sssd-session-recording.5.xml:106
+#: sssd.conf.5.xml:1685 sssd-session-recording.5.xml:106
 msgid "users (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1638 sssd-session-recording.5.xml:109
+#: sssd.conf.5.xml:1688 sssd-session-recording.5.xml:109
 msgid ""
 "A comma-separated list of users which should have session recording enabled. "
 "Matches user names as returned by NSS. I.e. after the possible space "
@@ -2046,17 +2085,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1644 sssd-session-recording.5.xml:115
+#: sssd.conf.5.xml:1694 sssd-session-recording.5.xml:115
 msgid "Default: Empty. Matches no users."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1649 sssd-session-recording.5.xml:120
+#: sssd.conf.5.xml:1699 sssd-session-recording.5.xml:120
 msgid "groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1652 sssd-session-recording.5.xml:123
+#: sssd.conf.5.xml:1702 sssd-session-recording.5.xml:123
 msgid ""
 "A comma-separated list of groups, members of which should have session "
 "recording enabled. Matches group names as returned by NSS. I.e. after the "
@@ -2064,7 +2103,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1658 sssd-session-recording.5.xml:129
+#: sssd.conf.5.xml:1708 sssd-session-recording.5.xml:129
 msgid ""
 "NOTE: using this option (having it set to anything) has a considerable "
 "performance cost, because each uncached request for a user requires "
@@ -2072,22 +2111,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1665 sssd-session-recording.5.xml:136
+#: sssd.conf.5.xml:1715 sssd-session-recording.5.xml:136
 msgid "Default: Empty. Matches no groups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1675
+#: sssd.conf.5.xml:1725
 msgid "DOMAIN SECTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1682
+#: sssd.conf.5.xml:1732
 msgid "domain_type (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1685
+#: sssd.conf.5.xml:1735
 msgid ""
 "Specifies whether the domain is meant to be used by POSIX-aware clients such "
 "as the Name Service Switch or by applications that do not need POSIX data to "
@@ -2096,14 +2135,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1693
+#: sssd.conf.5.xml:1743
 msgid ""
 "Allowed values for this option are <quote>posix</quote> and "
 "<quote>application</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1697
+#: sssd.conf.5.xml:1747
 msgid ""
 "POSIX domains are reachable by all services. Application domains are only "
 "reachable from the InfoPipe responder (see <citerefentry> "
@@ -2112,38 +2151,38 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1705
+#: sssd.conf.5.xml:1755
 msgid ""
 "NOTE: The application domains are currently well tested with "
 "<quote>id_provider=ldap</quote> only."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1709
+#: sssd.conf.5.xml:1759
 msgid ""
 "For an easy way to configure a non-POSIX domains, please see the "
 "<quote>Application domains</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1713
+#: sssd.conf.5.xml:1763
 msgid "Default: posix"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1719
+#: sssd.conf.5.xml:1769
 msgid "min_id,max_id (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1722
+#: sssd.conf.5.xml:1772
 msgid ""
 "UID and GID limits for the domain. If a domain contains an entry that is "
 "outside these limits, it is ignored."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1727
+#: sssd.conf.5.xml:1777
 msgid ""
 "For users, this affects the primary GID limit. The user will not be returned "
 "to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -2152,24 +2191,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1734
+#: sssd.conf.5.xml:1784
 msgid ""
 "These ID limits affect even saving entries to cache, not only returning them "
 "by name or ID."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1738
+#: sssd.conf.5.xml:1788
 msgid "Default: 1 for min_id, 0 (no limit) for max_id"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1744
+#: sssd.conf.5.xml:1794
 msgid "enumerate (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1747
+#: sssd.conf.5.xml:1797
 msgid ""
 "Determines if a domain can be enumerated, that is, whether the domain can "
 "list all the users and group it contains. Note that it is not required to "
@@ -2178,29 +2217,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1755
+#: sssd.conf.5.xml:1805
 msgid "TRUE = Users and groups are enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1758
+#: sssd.conf.5.xml:1808
 msgid "FALSE = No enumerations for this domain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1761 sssd.conf.5.xml:1983 sssd.conf.5.xml:2150
+#: sssd.conf.5.xml:1811 sssd.conf.5.xml:2033 sssd.conf.5.xml:2208
 msgid "Default: FALSE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1764
+#: sssd.conf.5.xml:1814
 msgid ""
 "Enumerating a domain requires SSSD to download and store ALL user and group "
 "entries from the remote server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1769
+#: sssd.conf.5.xml:1819
 msgid ""
 "Note: Enabling enumeration has a moderate performance impact on SSSD while "
 "enumeration is running. It may take up to several minutes after SSSD startup "
@@ -2214,14 +2253,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1784
+#: sssd.conf.5.xml:1834
 msgid ""
 "While the first enumeration is running, requests for the complete user or "
 "group lists may return no results until it completes."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1789
+#: sssd.conf.5.xml:1839
 msgid ""
 "Further, enabling enumeration may increase the time necessary to detect "
 "network disconnection, as longer timeouts are required to ensure that "
@@ -2230,39 +2269,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1797
+#: sssd.conf.5.xml:1847
 msgid ""
 "For the reasons cited above, enabling enumeration is not recommended, "
 "especially in large environments."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1805
+#: sssd.conf.5.xml:1855
 msgid "subdomain_enumerate (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1812
+#: sssd.conf.5.xml:1862
 msgid "all"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1813
+#: sssd.conf.5.xml:1863
 msgid "All discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1816
+#: sssd.conf.5.xml:1866
 msgid "none"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1817
+#: sssd.conf.5.xml:1867
 msgid "No discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1808
+#: sssd.conf.5.xml:1858
 msgid ""
 "Whether any of autodetected trusted domains should be enumerated. The "
 "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -2271,19 +2310,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1831
+#: sssd.conf.5.xml:1881
 msgid "entry_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1834
+#: sssd.conf.5.xml:1884
 msgid ""
 "How many seconds should nss_sss consider entries valid before asking the "
 "backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1838
+#: sssd.conf.5.xml:1888
 msgid ""
 "The cache expiration timestamps are stored as attributes of individual "
 "objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -2294,151 +2333,151 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1851
+#: sssd.conf.5.xml:1901
 msgid "Default: 5400"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1857
+#: sssd.conf.5.xml:1907
 msgid "entry_cache_user_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1860
+#: sssd.conf.5.xml:1910
 msgid ""
 "How many seconds should nss_sss consider user entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1864 sssd.conf.5.xml:1877 sssd.conf.5.xml:1890
-#: sssd.conf.5.xml:1903 sssd.conf.5.xml:1916 sssd.conf.5.xml:1930
-#: sssd.conf.5.xml:1944
+#: sssd.conf.5.xml:1914 sssd.conf.5.xml:1927 sssd.conf.5.xml:1940
+#: sssd.conf.5.xml:1953 sssd.conf.5.xml:1966 sssd.conf.5.xml:1980
+#: sssd.conf.5.xml:1994
 msgid "Default: entry_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1870
+#: sssd.conf.5.xml:1920
 msgid "entry_cache_group_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1873
+#: sssd.conf.5.xml:1923
 msgid ""
 "How many seconds should nss_sss consider group entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1883
+#: sssd.conf.5.xml:1933
 msgid "entry_cache_netgroup_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1886
+#: sssd.conf.5.xml:1936
 msgid ""
 "How many seconds should nss_sss consider netgroup entries valid before "
 "asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1896
+#: sssd.conf.5.xml:1946
 msgid "entry_cache_service_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1899
+#: sssd.conf.5.xml:1949
 msgid ""
 "How many seconds should nss_sss consider service entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1909
+#: sssd.conf.5.xml:1959
 msgid "entry_cache_sudo_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:1962
 msgid ""
 "How many seconds should sudo consider rules valid before asking the backend "
 "again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1922
+#: sssd.conf.5.xml:1972
 msgid "entry_cache_autofs_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1925
+#: sssd.conf.5.xml:1975
 msgid ""
 "How many seconds should the autofs service consider automounter maps valid "
 "before asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1936
+#: sssd.conf.5.xml:1986
 msgid "entry_cache_ssh_host_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1939
+#: sssd.conf.5.xml:1989
 msgid ""
 "How many seconds to keep a host ssh key after refresh. IE how long to cache "
 "the host key for."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1950
+#: sssd.conf.5.xml:2000
 msgid "refresh_expired_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1953
+#: sssd.conf.5.xml:2003
 msgid ""
 "Specifies how many seconds SSSD has to wait before triggering a background "
 "refresh task which will refresh all expired or nearly expired records."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1958
+#: sssd.conf.5.xml:2008
 msgid ""
 "The background refresh will process users, groups and netgroups in the cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1962
+#: sssd.conf.5.xml:2012
 msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1966 sssd-ldap.5.xml:746 sssd-ipa.5.xml:254
+#: sssd.conf.5.xml:2016 sssd-ldap.5.xml:746 sssd-ipa.5.xml:254
 msgid "Default: 0 (disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1972
+#: sssd.conf.5.xml:2022
 msgid "cache_credentials (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1975
+#: sssd.conf.5.xml:2025
 msgid "Determines if user credentials are also cached in the local LDB cache"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1979
+#: sssd.conf.5.xml:2029
 msgid "User credentials are stored in a SHA512 hash, not in plaintext"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1989
+#: sssd.conf.5.xml:2039
 msgid "cache_credentials_minimal_first_factor_length (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1992
+#: sssd.conf.5.xml:2042
 msgid ""
 "If 2-Factor-Authentication (2FA) is used and credentials should be saved "
 "this value determines the minimal length the first authentication factor "
@@ -2446,24 +2485,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1999
+#: sssd.conf.5.xml:2049
 msgid ""
 "This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
 "the cache which would make them easy targets for brute-force attacks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2004
+#: sssd.conf.5.xml:2054
 msgid "Default: 8"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2010
+#: sssd.conf.5.xml:2060
 msgid "account_cache_expiration (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2013
+#: sssd.conf.5.xml:2063
 msgid ""
 "Number of days entries are left in cache after last successful login before "
 "being removed during a cleanup of the cache. 0 means keep forever.  The "
@@ -2472,17 +2511,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2020
+#: sssd.conf.5.xml:2070
 msgid "Default: 0 (unlimited)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2025
+#: sssd.conf.5.xml:2075
 msgid "pwd_expiration_warning (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2036
+#: sssd.conf.5.xml:2086
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -2491,33 +2530,42 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2043
+#: sssd.conf.5.xml:2093
 msgid "Default: 7 (Kerberos), 0 (LDAP)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2049
+#: sssd.conf.5.xml:2099
 msgid "id_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2052
+#: sssd.conf.5.xml:2102
 msgid ""
 "The identification provider used for the domain.  Supported ID providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2056
-msgid "<quote>proxy</quote>: Support a legacy NSS provider"
+#: sssd.conf.5.xml:2106
+msgid "<quote>proxy</quote>: Support a legacy NSS provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2059 sssd.conf.5.xml:2196
-msgid "<quote>local</quote>: SSSD internal provider for local users"
+#: sssd.conf.5.xml:2109
+msgid ""
+"<quote>local</quote>: SSSD internal provider for local users (DEPRECATED)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2063
+#: sssd.conf.5.xml:2113
+msgid ""
+"<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-"
+"files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
+"information on how to mirror local users and groups into SSSD."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2121
 msgid ""
 "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
 "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -2525,8 +2573,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2071 sssd.conf.5.xml:2176 sssd.conf.5.xml:2231
-#: sssd.conf.5.xml:2294
+#: sssd.conf.5.xml:2129 sssd.conf.5.xml:2234 sssd.conf.5.xml:2289
+#: sssd.conf.5.xml:2352
 msgid ""
 "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
 "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -2535,8 +2583,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2080 sssd.conf.5.xml:2185 sssd.conf.5.xml:2240
-#: sssd.conf.5.xml:2303
+#: sssd.conf.5.xml:2138 sssd.conf.5.xml:2243 sssd.conf.5.xml:2298
+#: sssd.conf.5.xml:2361
 msgid ""
 "<quote>ad</quote>: Active Directory provider. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2544,19 +2592,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2091
+#: sssd.conf.5.xml:2149
 msgid "use_fully_qualified_names (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2094
+#: sssd.conf.5.xml:2152
 msgid ""
 "Use the full name and domain (as formatted by the domain's full_name_format) "
 "as the user's login name reported to NSS."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2099
+#: sssd.conf.5.xml:2157
 msgid ""
 "If set to TRUE, all requests to this domain must use fully qualified names. "
 "For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -2565,7 +2613,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2107
+#: sssd.conf.5.xml:2165
 msgid ""
 "NOTE: This option has no effect on netgroup lookups due to their tendency to "
 "include nested netgroups without qualified names. For netgroups, all domains "
@@ -2573,22 +2621,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2114
+#: sssd.conf.5.xml:2172
 msgid "Default: FALSE (TRUE if default_domain_suffix is used)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2120
+#: sssd.conf.5.xml:2178
 msgid "ignore_group_members (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2123
+#: sssd.conf.5.xml:2181
 msgid "Do not return group members for group lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2126
+#: sssd.conf.5.xml:2184
 msgid ""
 "If set to TRUE, the group membership attribute is not requested from the "
 "ldap server, and group members are not returned when processing group lookup "
@@ -2600,7 +2648,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2144
+#: sssd.conf.5.xml:2202
 msgid ""
 "Enabling this option can also make access provider checks for group "
 "membership significantly faster, especially for groups containing many "
@@ -2608,19 +2656,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2155
+#: sssd.conf.5.xml:2213
 msgid "auth_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2158
+#: sssd.conf.5.xml:2216
 msgid ""
 "The authentication provider used for the domain.  Supported auth providers "
 "are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2162 sssd.conf.5.xml:2224
+#: sssd.conf.5.xml:2220 sssd.conf.5.xml:2282
 msgid ""
 "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2628,7 +2676,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2169
+#: sssd.conf.5.xml:2227
 msgid ""
 "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2636,30 +2684,35 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2193
+#: sssd.conf.5.xml:2251
 msgid ""
 "<quote>proxy</quote> for relaying authentication to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2200
+#: sssd.conf.5.xml:2254
+msgid "<quote>local</quote>: SSSD internal provider for local users"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2258
 msgid "<quote>none</quote> disables authentication explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2203
+#: sssd.conf.5.xml:2261
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "authentication requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2209
+#: sssd.conf.5.xml:2267
 msgid "access_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2212
+#: sssd.conf.5.xml:2270
 msgid ""
 "The access control provider used for the domain.  There are two built-in "
 "access providers (in addition to any included in installed backends)  "
@@ -2667,19 +2720,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2218
+#: sssd.conf.5.xml:2276
 msgid ""
 "<quote>permit</quote> always allow access. It's the only permitted access "
 "provider for a local domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2221
+#: sssd.conf.5.xml:2279
 msgid "<quote>deny</quote> always deny access."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2248
+#: sssd.conf.5.xml:2306
 msgid ""
 "<quote>simple</quote> access control based on access or deny lists. See "
 "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -2688,7 +2741,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2255
+#: sssd.conf.5.xml:2313
 msgid ""
 "<quote>krb5</quote>: .k5login based access control.  See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
@@ -2696,29 +2749,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2262
+#: sssd.conf.5.xml:2320
 msgid "<quote>proxy</quote> for relaying access control to another PAM module."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2265
+#: sssd.conf.5.xml:2323
 msgid "Default: <quote>permit</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2270
+#: sssd.conf.5.xml:2328
 msgid "chpass_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2273
+#: sssd.conf.5.xml:2331
 msgid ""
 "The provider which should handle change password operations for the domain.  "
 "Supported change password providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2278
+#: sssd.conf.5.xml:2336
 msgid ""
 "<quote>ldap</quote> to change a password stored in a LDAP server. See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -2726,7 +2779,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2286
+#: sssd.conf.5.xml:2344
 msgid ""
 "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2734,35 +2787,35 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2311
+#: sssd.conf.5.xml:2369
 msgid ""
 "<quote>proxy</quote> for relaying password changes to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2315
+#: sssd.conf.5.xml:2373
 msgid "<quote>none</quote> disallows password changes explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2318
+#: sssd.conf.5.xml:2376
 msgid ""
 "Default: <quote>auth_provider</quote> is used if it is set and can handle "
 "change password requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2325
+#: sssd.conf.5.xml:2383
 msgid "sudo_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2328
+#: sssd.conf.5.xml:2386
 msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2332
+#: sssd.conf.5.xml:2390
 msgid ""
 "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2770,32 +2823,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2340
+#: sssd.conf.5.xml:2398
 msgid ""
 "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2344
+#: sssd.conf.5.xml:2402
 msgid ""
 "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2348
+#: sssd.conf.5.xml:2406
 msgid "<quote>none</quote> disables SUDO explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2351 sssd.conf.5.xml:2437 sssd.conf.5.xml:2507
-#: sssd.conf.5.xml:2532
+#: sssd.conf.5.xml:2409 sssd.conf.5.xml:2495 sssd.conf.5.xml:2565
+#: sssd.conf.5.xml:2590
 msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2355
+#: sssd.conf.5.xml:2413
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -2806,7 +2859,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2370
+#: sssd.conf.5.xml:2428
 msgid ""
 "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the "
 "background unless the sudo provider is explicitly disabled. Set "
@@ -2815,12 +2868,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2380
+#: sssd.conf.5.xml:2438
 msgid "selinux_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2383
+#: sssd.conf.5.xml:2441
 msgid ""
 "The provider which should handle loading of selinux settings. Note that this "
 "provider will be called right after access provider ends.  Supported selinux "
@@ -2828,7 +2881,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2389
+#: sssd.conf.5.xml:2447
 msgid ""
 "<quote>ipa</quote> to load selinux settings from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2836,31 +2889,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2397
+#: sssd.conf.5.xml:2455
 msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2400
+#: sssd.conf.5.xml:2458
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "selinux loading requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2406
+#: sssd.conf.5.xml:2464
 msgid "subdomains_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2409
+#: sssd.conf.5.xml:2467
 msgid ""
 "The provider which should handle fetching of subdomains. This value should "
 "be always the same as id_provider.  Supported subdomain providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2415
+#: sssd.conf.5.xml:2473
 msgid ""
 "<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2868,7 +2921,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2424
+#: sssd.conf.5.xml:2482
 msgid ""
 "<quote>ad</quote> to load a list of subdomains from an Active Directory "
 "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -2877,17 +2930,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2433
+#: sssd.conf.5.xml:2491
 msgid "<quote>none</quote> disallows fetching subdomains explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2443
+#: sssd.conf.5.xml:2501
 msgid "session_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2446
+#: sssd.conf.5.xml:2504
 msgid ""
 "The provider which configures and manages user session related tasks. The "
 "only user session task currently provided is the integration with Fleet "
@@ -2895,43 +2948,43 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2453
+#: sssd.conf.5.xml:2511
 msgid "<quote>ipa</quote> to allow performing user session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2457
+#: sssd.conf.5.xml:2515
 msgid ""
 "<quote>none</quote> does not perform any kind of user session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2461
+#: sssd.conf.5.xml:2519
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can perform "
 "session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2465
+#: sssd.conf.5.xml:2523
 msgid ""
 "<emphasis>NOTE:</emphasis> In order to have this feature working as expected "
 "SSSD must be running as \"root\" and not as the unprivileged user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2473
+#: sssd.conf.5.xml:2531
 msgid "autofs_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2476
+#: sssd.conf.5.xml:2534
 msgid ""
 "The autofs provider used for the domain.  Supported autofs providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2480
+#: sssd.conf.5.xml:2538
 msgid ""
 "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2939,7 +2992,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2487
+#: sssd.conf.5.xml:2545
 msgid ""
 "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
 "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2947,7 +3000,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2495
+#: sssd.conf.5.xml:2553
 msgid ""
 "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2955,24 +3008,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2504
+#: sssd.conf.5.xml:2562
 msgid "<quote>none</quote> disables autofs explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2514
+#: sssd.conf.5.xml:2572
 msgid "hostid_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2517
+#: sssd.conf.5.xml:2575
 msgid ""
 "The provider used for retrieving host identity information.  Supported "
 "hostid providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2521
+#: sssd.conf.5.xml:2579
 msgid ""
 "<quote>ipa</quote> to load host identity stored in an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2980,12 +3033,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2529
+#: sssd.conf.5.xml:2587
 msgid "<quote>none</quote> disables hostid explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2542
+#: sssd.conf.5.xml:2600
 msgid ""
 "Regular expression for this domain that describes how to parse the string "
 "containing user name and domain into these components.  The \"domain\" can "
@@ -2995,7 +3048,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2551
+#: sssd.conf.5.xml:2609
 msgid ""
 "Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
 "\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -3004,29 +3057,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2556
+#: sssd.conf.5.xml:2614
 msgid "username"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2559
+#: sssd.conf.5.xml:2617
 msgid "username@domain.name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2562
+#: sssd.conf.5.xml:2620
 msgid "domain\\username"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2565
+#: sssd.conf.5.xml:2623
 msgid ""
 "While the first two correspond to the general default the third one is "
 "introduced to allow easy integration of users from Windows domains."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2570
+#: sssd.conf.5.xml:2628
 msgid ""
 "Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
 "which translates to \"the name is everything up to the <quote>@</quote> "
@@ -3034,7 +3087,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2576
+#: sssd.conf.5.xml:2634
 msgid ""
 "PLEASE NOTE: the support for non-unique named subpatterns is not available "
 "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -3042,66 +3095,66 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2583
+#: sssd.conf.5.xml:2641
 msgid ""
 "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
 "P&lt;name&gt;) to label subpatterns."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2630
+#: sssd.conf.5.xml:2688
 msgid "Default: <quote>%1$s@%2$s</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2636
+#: sssd.conf.5.xml:2694
 msgid "lookup_family_order (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2639
+#: sssd.conf.5.xml:2697
 msgid ""
 "Provides the ability to select preferred address family to use when "
 "performing DNS lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2643
+#: sssd.conf.5.xml:2701
 msgid "Supported values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2646
+#: sssd.conf.5.xml:2704
 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2649
+#: sssd.conf.5.xml:2707
 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2652
+#: sssd.conf.5.xml:2710
 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2655
+#: sssd.conf.5.xml:2713
 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2658
+#: sssd.conf.5.xml:2716
 msgid "Default: ipv4_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2664
+#: sssd.conf.5.xml:2722
 msgid "dns_resolver_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2667
+#: sssd.conf.5.xml:2725
 msgid ""
 "Defines the amount of time (in seconds) to wait for a reply from the "
 "internal fail over service before assuming that the service is unreachable. "
@@ -3110,77 +3163,77 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2674
+#: sssd.conf.5.xml:2732
 msgid ""
 "Please see the section <quote>FAILOVER</quote> for more information about "
 "the service resolution."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2679 sssd-ldap.5.xml:1396 sssd-ldap.5.xml:1438
+#: sssd.conf.5.xml:2737 sssd-ldap.5.xml:1396 sssd-ldap.5.xml:1438
 #: sssd-ldap.5.xml:1456 sssd-krb5.5.xml:248
 msgid "Default: 6"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2685
+#: sssd.conf.5.xml:2743
 msgid "dns_discovery_domain (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2688
+#: sssd.conf.5.xml:2746
 msgid ""
 "If service discovery is used in the back end, specifies the domain part of "
 "the service discovery DNS query."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2692
+#: sssd.conf.5.xml:2750
 msgid "Default: Use the domain part of machine's hostname"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2698
+#: sssd.conf.5.xml:2756
 msgid "override_gid (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2701
+#: sssd.conf.5.xml:2759
 msgid "Override the primary GID value with the one specified."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2707
+#: sssd.conf.5.xml:2765
 msgid "case_sensitive (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2715
+#: sssd.conf.5.xml:2773
 msgid "True"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2718
+#: sssd.conf.5.xml:2776
 msgid "Case sensitive. This value is invalid for AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2724
+#: sssd.conf.5.xml:2782
 msgid "False"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2726
+#: sssd.conf.5.xml:2784
 msgid "Case insensitive."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2730
+#: sssd.conf.5.xml:2788
 msgid "Preserving"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2733
+#: sssd.conf.5.xml:2791
 msgid ""
 "Same as False (case insensitive), but does not lowercase names in the result "
 "of NSS operations. Note that name aliases (and in case of services also "
@@ -3188,7 +3241,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2710
+#: sssd.conf.5.xml:2768
 msgid ""
 "Treat user and group names as case sensitive. At the moment, this option is "
 "not supported in the local provider. Possible option values are: "
@@ -3196,17 +3249,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2745
+#: sssd.conf.5.xml:2803
 msgid "Default: True (False for AD provider)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2751
+#: sssd.conf.5.xml:2809
 msgid "subdomain_inherit (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2754
+#: sssd.conf.5.xml:2812
 msgid ""
 "Specifies a list of configuration parameters that should be inherited by a "
 "subdomain. Please note that only selected parameters can be inherited.  "
@@ -3214,34 +3267,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2760
+#: sssd.conf.5.xml:2818
 msgid "ignore_group_members"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2763
+#: sssd.conf.5.xml:2821
 msgid "ldap_purge_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2766 sssd-ldap.5.xml:1120
+#: sssd.conf.5.xml:2824 sssd-ldap.5.xml:1120
 msgid "ldap_use_tokengroups"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2769
+#: sssd.conf.5.xml:2827
 msgid "ldap_user_principal"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2772
+#: sssd.conf.5.xml:2830
 msgid ""
 "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
 "is not set explicitly)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:2778
+#: sssd.conf.5.xml:2836
 #, no-wrap
 msgid ""
 "subdomain_inherit = ldap_purge_cache_timeout\n"
@@ -3249,32 +3302,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2776 sssd-secrets.5.xml:448
+#: sssd.conf.5.xml:2834 sssd-secrets.5.xml:448
 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2785
+#: sssd.conf.5.xml:2843
 msgid "Note: This option only works with the IPA and AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2792
+#: sssd.conf.5.xml:2850
 msgid "subdomain_homedir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2803
+#: sssd.conf.5.xml:2861
 msgid "%F"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2804
+#: sssd.conf.5.xml:2862
 msgid "flat (NetBIOS) name of a subdomain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2795
+#: sssd.conf.5.xml:2853
 msgid ""
 "Use this homedir as default value for all subdomains within this domain in "
 "IPA AD trust.  See <emphasis>override_homedir</emphasis> for info about "
@@ -3284,34 +3337,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2809
+#: sssd.conf.5.xml:2867
 msgid ""
 "The value can be overridden by <emphasis>override_homedir</emphasis> option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2813
+#: sssd.conf.5.xml:2871
 msgid "Default: <filename>/home/%d/%u</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2818
+#: sssd.conf.5.xml:2876
 msgid "realmd_tags (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2821
+#: sssd.conf.5.xml:2879
 msgid ""
 "Various tags stored by the realmd configuration service for this domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2827
+#: sssd.conf.5.xml:2885
 msgid "cached_auth_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2830
+#: sssd.conf.5.xml:2888
 msgid ""
 "Specifies time in seconds since last successful online authentication for "
 "which user will be authenticated using cached credentials while SSSD is in "
@@ -3319,12 +3372,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2836
+#: sssd.conf.5.xml:2894
 msgid "Special value 0 implies that this feature is disabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2840
+#: sssd.conf.5.xml:2898
 msgid ""
 "Please note that if <quote>cached_auth_timeout</quote> is longer than "
 "<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -3332,26 +3385,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2851
+#: sssd.conf.5.xml:2909
 msgid "auto_private_groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2854
+#: sssd.conf.5.xml:2912
 msgid ""
 "If this option is enabled, SSSD will automatically create user private "
 "groups based on user's UID number. The GID number is ignored in this case."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2859
+#: sssd.conf.5.xml:2917
 msgid ""
 "For POSIX subdomains, setting the option in the main domain is inherited in "
 "the subdomain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2863
+#: sssd.conf.5.xml:2921
 msgid ""
 "For ID-mapping subdomains, auto_private_groups is already enabled for the "
 "subdomains and setting it to false will not have any effect for the "
@@ -3359,7 +3412,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2868
+#: sssd.conf.5.xml:2926
 msgid ""
 "NOTE: Because the GID number and the user private group are inferred from "
 "the UID number, it is not supported to have multiple entries with the same "
@@ -3368,7 +3421,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1677
+#: sssd.conf.5.xml:1727
 msgid ""
 "These configuration options can be present in a domain configuration "
 "section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -3376,29 +3429,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2887
+#: sssd.conf.5.xml:2945
 msgid "proxy_pam_target (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2890
+#: sssd.conf.5.xml:2948
 msgid "The proxy target PAM proxies to."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2893
+#: sssd.conf.5.xml:2951
 msgid ""
 "Default: not set by default, you have to take an existing pam configuration "
 "or create a new one and add the service name here."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2901
+#: sssd.conf.5.xml:2959
 msgid "proxy_lib_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2904
+#: sssd.conf.5.xml:2962
 msgid ""
 "The name of the NSS library to use in proxy domains. The NSS functions "
 "searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -3406,12 +3459,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2914
+#: sssd.conf.5.xml:2972
 msgid "proxy_fast_alias (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2917
+#: sssd.conf.5.xml:2975
 msgid ""
 "When a user or group is looked up by name in the proxy provider, a second "
 "lookup by ID is performed to \"canonicalize\" the name in case the requested "
@@ -3420,12 +3473,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2931
+#: sssd.conf.5.xml:2989
 msgid "proxy_max_children (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2934
+#: sssd.conf.5.xml:2992
 msgid ""
 "This option specifies the number of pre-forked proxy children. It is useful "
 "for high-load SSSD environments where sssd may run out of available child "
@@ -3433,19 +3486,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2883
+#: sssd.conf.5.xml:2941
 msgid ""
 "Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
 "\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2950
+#: sssd.conf.5.xml:3008
 msgid "Application domains"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2952
+#: sssd.conf.5.xml:3010
 msgid ""
 "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</"
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to "
@@ -3462,7 +3515,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2972
+#: sssd.conf.5.xml:3030
 msgid ""
 "Please note that the application domain must still be explicitly enabled in "
 "the <quote>domains</quote> parameter so that the lookup order between the "
@@ -3470,17 +3523,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:2978
+#: sssd.conf.5.xml:3036
 msgid "Application domain parameters"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2980
+#: sssd.conf.5.xml:3038
 msgid "inherit_from (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2983
+#: sssd.conf.5.xml:3041
 msgid ""
 "The SSSD POSIX-type domain the application domain inherits all settings "
 "from. The application domain can moreover add its own settings to the "
@@ -3489,7 +3542,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2997
+#: sssd.conf.5.xml:3055
 msgid ""
 "The following example illustrates the use of an application domain. In this "
 "setup, the POSIX domain is connected to an LDAP server and is used by the OS "
@@ -3499,7 +3552,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting>
-#: sssd.conf.5.xml:3005
+#: sssd.conf.5.xml:3063
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -3519,12 +3572,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:3023
+#: sssd.conf.5.xml:3081
 msgid "The local domain section"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:3025
+#: sssd.conf.5.xml:3083
 msgid ""
 "This section contains settings for domain that stores users and groups in "
 "SSSD native database, that is, a domain that uses "
@@ -3532,73 +3585,73 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3032
+#: sssd.conf.5.xml:3090
 msgid "default_shell (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3035
+#: sssd.conf.5.xml:3093
 msgid "The default shell for users created with SSSD userspace tools."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3039
+#: sssd.conf.5.xml:3097
 msgid "Default: <filename>/bin/bash</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3044
+#: sssd.conf.5.xml:3102
 msgid "base_directory (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3047
+#: sssd.conf.5.xml:3105
 msgid ""
 "The tools append the login name to <replaceable>base_directory</replaceable> "
 "and use that as the home directory."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3052
+#: sssd.conf.5.xml:3110
 msgid "Default: <filename>/home</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3057
+#: sssd.conf.5.xml:3115
 msgid "create_homedir (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3060
+#: sssd.conf.5.xml:3118
 msgid ""
 "Indicate if a home directory should be created by default for new users.  "
 "Can be overridden on command line."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3064 sssd.conf.5.xml:3076
+#: sssd.conf.5.xml:3122 sssd.conf.5.xml:3134
 msgid "Default: TRUE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3069
+#: sssd.conf.5.xml:3127
 msgid "remove_homedir (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3072
+#: sssd.conf.5.xml:3130
 msgid ""
 "Indicate if a home directory should be removed by default for deleted "
 "users.  Can be overridden on command line."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3081
+#: sssd.conf.5.xml:3139
 msgid "homedir_umask (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3084
+#: sssd.conf.5.xml:3142
 msgid ""
 "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
 "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -3606,17 +3659,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3092
+#: sssd.conf.5.xml:3150
 msgid "Default: 077"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3097
+#: sssd.conf.5.xml:3155
 msgid "skel_dir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3100
+#: sssd.conf.5.xml:3158
 msgid ""
 "The skeleton directory, which contains files and directories to be copied in "
 "the user's home directory, when the home directory is created by "
@@ -3625,17 +3678,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3110
+#: sssd.conf.5.xml:3168
 msgid "Default: <filename>/etc/skel</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3115
+#: sssd.conf.5.xml:3173
 msgid "mail_dir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3118
+#: sssd.conf.5.xml:3176
 msgid ""
 "The mail spool directory. This is needed to manipulate the mailbox when its "
 "corresponding user account is modified or deleted.  If not specified, a "
@@ -3643,17 +3696,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3125
+#: sssd.conf.5.xml:3183
 msgid "Default: <filename>/var/mail</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3130
+#: sssd.conf.5.xml:3188
 msgid "userdel_cmd (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3133
+#: sssd.conf.5.xml:3191
 msgid ""
 "The command that is run after a user is removed.  The command us passed the "
 "username of the user being removed as the first and only parameter. The "
@@ -3661,17 +3714,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3139
+#: sssd.conf.5.xml:3197
 msgid "Default: None, no command is run"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:3149
+#: sssd.conf.5.xml:3207
 msgid "TRUSTED DOMAIN SECTION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3151
+#: sssd.conf.5.xml:3209
 msgid ""
 "Some options used in the domain section can also be used in the trusted "
 "domain section, that is, in a section called <quote>[domain/"
@@ -3682,64 +3735,64 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3158
+#: sssd.conf.5.xml:3216
 msgid "ldap_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3159
+#: sssd.conf.5.xml:3217
 msgid "ldap_user_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3160
+#: sssd.conf.5.xml:3218
 msgid "ldap_group_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3161
+#: sssd.conf.5.xml:3219
 msgid "ldap_netgroup_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3162
+#: sssd.conf.5.xml:3220
 msgid "ldap_service_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3163
+#: sssd.conf.5.xml:3221
 msgid "ad_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3164
+#: sssd.conf.5.xml:3222
 msgid "ad_backup_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3165
+#: sssd.conf.5.xml:3223
 msgid "ad_site,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3166
+#: sssd.conf.5.xml:3224
 msgid "use_fully_qualified_names"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3168
+#: sssd.conf.5.xml:3226
 msgid ""
 "For more details about these options see their individual description in the "
 "manual page."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:3174 idmap_sss.8.xml:43
+#: sssd.conf.5.xml:3232 idmap_sss.8.xml:43
 msgid "EXAMPLES"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:3180
+#: sssd.conf.5.xml:3238
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -3769,7 +3822,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3176
+#: sssd.conf.5.xml:3234
 msgid ""
 "1. The following example shows a typical SSSD config. It does not describe "
 "configuration of the domains themselves - refer to documentation on "
@@ -3778,7 +3831,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:3213
+#: sssd.conf.5.xml:3271
 #, no-wrap
 msgid ""
 "[domain/ipa.com/child.ad.com]\n"
@@ -3786,7 +3839,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3207
+#: sssd.conf.5.xml:3265
 msgid ""
 "2. The following example shows configuration of IPA AD trust where the AD "
 "forest consists of two domains in a parent-child structure.  Suppose IPA "
@@ -3834,7 +3887,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:81 sssd-ad.5.xml:112
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:81 sssd-ad.5.xml:115
 #: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44 sssd-files.5.xml:57
 #: sssd-secrets.5.xml:120 sssd-session-recording.5.xml:58 sssd-kcm.8.xml:139
 msgid "CONFIGURATION OPTIONS"
@@ -3935,7 +3988,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:662 sssd-ad.5.xml:283
+#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:662 sssd-ad.5.xml:286
 #: sss_override.8.xml:137 sss_override.8.xml:234
 msgid "Examples:"
 msgstr ""
@@ -5749,7 +5802,7 @@ msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1853 sssd-ad.5.xml:934
+#: sssd-ldap.5.xml:1853 sssd-ad.5.xml:937
 msgid "Default: 86400 (24 hours)"
 msgstr ""
 
@@ -6821,8 +6874,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd-ldap.5.xml:2816 sssd-simple.5.xml:131 sssd-ipa.5.xml:736
-#: sssd-ad.5.xml:1038 sssd-krb5.5.xml:570 sss_rpcidmapd.5.xml:98
-#: sssd-files.5.xml:71 sssd-session-recording.5.xml:144
+#: sssd-ad.5.xml:1041 sssd-krb5.5.xml:570 sss_rpcidmapd.5.xml:98
+#: sssd-files.5.xml:103 sssd-session-recording.5.xml:144
 msgid "EXAMPLE"
 msgstr ""
 
@@ -6849,8 +6902,8 @@ msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para>
 #: sssd-ldap.5.xml:2823 sssd-ldap.5.xml:2841 sssd-simple.5.xml:139
-#: sssd-ipa.5.xml:744 sssd-ad.5.xml:1046 sssd-sudo.5.xml:56 sssd-krb5.5.xml:579
-#: sssd-files.5.xml:78 sssd-session-recording.5.xml:150
+#: sssd-ipa.5.xml:744 sssd-ad.5.xml:1049 sssd-sudo.5.xml:56 sssd-krb5.5.xml:579
+#: sssd-files.5.xml:110 sssd-session-recording.5.xml:150
 #: include/ldap_id_mapping.xml:105
 msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
@@ -6885,7 +6938,7 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd-ldap.5.xml:2857 sssd_krb5_locator_plugin.8.xml:61 sssd-simple.5.xml:148
-#: sssd-ad.5.xml:1061 sssd.8.xml:230 sss_seed.8.xml:163
+#: sssd-ad.5.xml:1064 sssd.8.xml:230 sss_seed.8.xml:163
 msgid "NOTES"
 msgstr ""
 
@@ -7296,7 +7349,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:82 sssd-ad.5.xml:113
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:82 sssd-ad.5.xml:116
 msgid ""
 "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
 "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -7393,23 +7446,24 @@ msgstr ""
 msgid ""
 "The rules are processed by priority while the number '0' (zero)  indicates "
 "the highest priority. The higher the number the lower is the priority. A "
-"missing value indicates the lowest priority."
+"missing value indicates the lowest priority. The rules processing is stopped "
+"when a matched rule is found and no further rules are checked."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:50
+#: sss-certmap.5.xml:52
 msgid ""
 "Internally the priority is treated as unsigned 32bit integer, using a "
 "priority value larger than 4294967295 will cause an error."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sss-certmap.5.xml:55
+#: sss-certmap.5.xml:57
 msgid "MATCHING RULE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:57
+#: sss-certmap.5.xml:59
 msgid ""
 "The matching rule is used to select a certificate to which the mapping rule "
 "should be applied. It uses a system similar to the one used by "
@@ -7421,12 +7475,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:69
+#: sss-certmap.5.xml:71
 msgid "&lt;SUBJECT&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:72
+#: sss-certmap.5.xml:74
 msgid ""
 "With this a part or the whole subject name of the certificate can be "
 "matched. For the matching POSIX Extended Regular Expression syntax is used, "
@@ -7434,7 +7488,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:78
+#: sss-certmap.5.xml:80
 msgid ""
 "For the matching the subject name stored in the certificate in DER encoded "
 "ASN.1 is converted into a string according to RFC 4514. This means the most "
@@ -7447,172 +7501,172 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:91
+#: sss-certmap.5.xml:93
 msgid "Example: &lt;SUBJECT&gt;.*,DC=MY,DC=DOMAIN"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:96
+#: sss-certmap.5.xml:98
 msgid "&lt;ISSUER&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:99
+#: sss-certmap.5.xml:101
 msgid ""
 "With this a part or the whole issuer name of the certificate can be matched. "
 "All comments for &lt;SUBJECT&gt; apply her as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:104
+#: sss-certmap.5.xml:106
 msgid "Example: &lt;ISSUER&gt;^CN=My-CA,DC=MY,DC=DOMAIN$"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:109
+#: sss-certmap.5.xml:111
 msgid "&lt;KU&gt;key-usage"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:112
+#: sss-certmap.5.xml:114
 msgid ""
 "This option can be used to specify which key usage values the certificate "
 "should have. The following values can be used in a comma separated list:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:116
+#: sss-certmap.5.xml:118
 msgid "digitalSignature"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:117
+#: sss-certmap.5.xml:119
 msgid "nonRepudiation"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:118
+#: sss-certmap.5.xml:120
 msgid "keyEncipherment"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:119
+#: sss-certmap.5.xml:121
 msgid "dataEncipherment"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:120
+#: sss-certmap.5.xml:122
 msgid "keyAgreement"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:121
+#: sss-certmap.5.xml:123
 msgid "keyCertSign"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:122
+#: sss-certmap.5.xml:124
 msgid "cRLSign"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:123
+#: sss-certmap.5.xml:125
 msgid "encipherOnly"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:124
+#: sss-certmap.5.xml:126
 msgid "decipherOnly"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:128
+#: sss-certmap.5.xml:130
 msgid ""
 "A numerical value in the range of a 32bit unsigned integer can be used as "
 "well to cover special use cases."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:132
+#: sss-certmap.5.xml:134
 msgid "Example: &lt;KU&gt;digitalSignature,keyEncipherment"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:137
+#: sss-certmap.5.xml:139
 msgid "&lt;EKU&gt;extended-key-usage"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:140
+#: sss-certmap.5.xml:142
 msgid ""
 "This option can be used to specify which extended key usage the certificate "
 "should have. The following value can be used in a comma separated list:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:144
+#: sss-certmap.5.xml:146
 msgid "serverAuth"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:145
+#: sss-certmap.5.xml:147
 msgid "clientAuth"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:146
+#: sss-certmap.5.xml:148
 msgid "codeSigning"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:147
+#: sss-certmap.5.xml:149
 msgid "emailProtection"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:148
+#: sss-certmap.5.xml:150
 msgid "timeStamping"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:149
+#: sss-certmap.5.xml:151
 msgid "OCSPSigning"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:150
+#: sss-certmap.5.xml:152
 msgid "KPClientAuth"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:151
+#: sss-certmap.5.xml:153
 msgid "pkinit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:152
+#: sss-certmap.5.xml:154
 msgid "msScLogin"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:156
+#: sss-certmap.5.xml:158
 msgid ""
 "Extended key usages which are not listed above can be specified with their "
 "OID in dotted-decimal notation."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:160
+#: sss-certmap.5.xml:162
 msgid "Example: &lt;EKU&gt;clientAuth,1.3.6.1.5.2.3.4"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:165
+#: sss-certmap.5.xml:167
 msgid "&lt;SAN&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:168
+#: sss-certmap.5.xml:170
 msgid ""
 "To be compatible with the usage of MIT Kerberos this option will match the "
 "Kerberos principals in the PKINIT or AD NT Principal SAN as &lt;SAN:"
@@ -7620,62 +7674,62 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:173
+#: sss-certmap.5.xml:175
 msgid "Example: &lt;SAN&gt;.*@MY\\.REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:178
+#: sss-certmap.5.xml:180
 msgid "&lt;SAN:Principal&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:181
+#: sss-certmap.5.xml:183
 msgid "Match the Kerberos principals in the PKINIT or AD NT Principal SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:185
+#: sss-certmap.5.xml:187
 msgid "Example: &lt;SAN:Principal&gt;.*@MY\\.REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:190
+#: sss-certmap.5.xml:192
 msgid "&lt;SAN:ntPrincipalName&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:193
+#: sss-certmap.5.xml:195
 msgid "Match the Kerberos principals from the AD NT Principal SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:197
+#: sss-certmap.5.xml:199
 msgid "Example: &lt;SAN:ntPrincipalName&gt;.*@MY.AD.REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:202
+#: sss-certmap.5.xml:204
 msgid "&lt;SAN:pkinit&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:205
+#: sss-certmap.5.xml:207
 msgid "Match the Kerberos principals from the PKINIT SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:208
+#: sss-certmap.5.xml:210
 msgid "Example: &lt;SAN:ntPrincipalName&gt;.*@MY\\.PKINIT\\.REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:213
+#: sss-certmap.5.xml:215
 msgid "&lt;SAN:dotted-decimal-oid&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:216
+#: sss-certmap.5.xml:218
 msgid ""
 "Take the value of the otherName SAN component given by the OID in dotted-"
 "decimal notation, interpret it as string and try to match it against the "
@@ -7683,17 +7737,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:222
+#: sss-certmap.5.xml:224
 msgid "Example: &lt;SAN:1.2.3.4&gt;test"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:227
+#: sss-certmap.5.xml:229
 msgid "&lt;SAN:otherName&gt;base64-string"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:230
+#: sss-certmap.5.xml:232
 msgid ""
 "Do a binary match with the base64 encoded blob against all otherName SAN "
 "components. With this option it is possible to match against custom "
@@ -7702,145 +7756,145 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:237
+#: sss-certmap.5.xml:239
 msgid "Example: &lt;SAN:otherName&gt;MTIz"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:242
+#: sss-certmap.5.xml:244
 msgid "&lt;SAN:rfc822Name&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:245
+#: sss-certmap.5.xml:247
 msgid "Match the value of the rfc822Name SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:248
+#: sss-certmap.5.xml:250
 msgid "Example: &lt;SAN:rfc822Name&gt;.*@email\\.domain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:253
+#: sss-certmap.5.xml:255
 msgid "&lt;SAN:dNSName&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:256
+#: sss-certmap.5.xml:258
 msgid "Match the value of the dNSName SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:259
+#: sss-certmap.5.xml:261
 msgid "Example: &lt;SAN:dNSName&gt;.*\\.my\\.dns\\.domain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:264
+#: sss-certmap.5.xml:266
 msgid "&lt;SAN:x400Address&gt;base64-string"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:267
+#: sss-certmap.5.xml:269
 msgid "Binary match the value of the x400Address SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:270
+#: sss-certmap.5.xml:272
 msgid "Example: &lt;SAN:x400Address&gt;MTIz"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:275
+#: sss-certmap.5.xml:277
 msgid "&lt;SAN:directoryName&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:278
+#: sss-certmap.5.xml:280
 msgid ""
 "Match the value of the directoryName SAN. The same comments as given for &lt;"
 "ISSUER&gt; and &lt;SUBJECT&gt; apply here as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:283
+#: sss-certmap.5.xml:285
 msgid "Example: &lt;SAN:directoryName&gt;.*,DC=com"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:288
+#: sss-certmap.5.xml:290
 msgid "&lt;SAN:ediPartyName&gt;base64-string"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:291
+#: sss-certmap.5.xml:293
 msgid "Binary match the value of the ediPartyName SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:294
+#: sss-certmap.5.xml:296
 msgid "Example: &lt;SAN:ediPartyName&gt;MTIz"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:299
+#: sss-certmap.5.xml:301
 msgid "&lt;SAN:uniformResourceIdentifier&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:302
+#: sss-certmap.5.xml:304
 msgid "Match the value of the uniformResourceIdentifier SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:305
+#: sss-certmap.5.xml:307
 msgid "Example: &lt;SAN:uniformResourceIdentifier&gt;URN:.*"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:310
+#: sss-certmap.5.xml:312
 msgid "&lt;SAN:iPAddress&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:313
+#: sss-certmap.5.xml:315
 msgid "Match the value of the iPAddress SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:316
+#: sss-certmap.5.xml:318
 msgid "Example: &lt;SAN:iPAddress&gt;192\\.168\\..*"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:321
+#: sss-certmap.5.xml:323
 msgid "&lt;SAN:registeredID&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:324
+#: sss-certmap.5.xml:326
 msgid "Match the value of the registeredID SAN as dotted-decimal string."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:328
+#: sss-certmap.5.xml:330
 msgid "Example: &lt;SAN:registeredID&gt;1\\.2\\.3\\..*"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:66
+#: sss-certmap.5.xml:68
 msgid ""
 "The available options are: <placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sss-certmap.5.xml:336
+#: sss-certmap.5.xml:338
 msgid "MAPPING RULE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:338
+#: sss-certmap.5.xml:340
 msgid ""
 "The mapping rule is used to associate a certificate with one or more "
 "accounts. A Smartcard with the certificate and the matching private key can "
@@ -7848,7 +7902,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:343
+#: sss-certmap.5.xml:345
 msgid ""
 "Currently SSSD basically only supports LDAP to lookup user information (the "
 "exception is the proxy provider which is not of relevance here). Because of "
@@ -7860,7 +7914,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:353
+#: sss-certmap.5.xml:355
 msgid ""
 "In general it is recommended to use attributes from the certificate and add "
 "them to special attributes to the LDAP user object. E.g. the "
@@ -7869,7 +7923,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:359
+#: sss-certmap.5.xml:361
 msgid ""
 "This should be preferred to read user specific data from the certificate "
 "like e.g. an email address and search for it in the LDAP server. The reason "
@@ -7879,12 +7933,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:374
+#: sss-certmap.5.xml:376
 msgid "{issuer_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:377
+#: sss-certmap.5.xml:379
 msgid ""
 "This template will add the full issuer DN converted to a string according to "
 "RFC 4514. If X.500 ordering (most specific RDN comes last) an option with "
@@ -7892,40 +7946,40 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:383 sss-certmap.5.xml:409
+#: sss-certmap.5.xml:385 sss-certmap.5.xml:411
 msgid ""
 "The conversion options starting with 'ad_' will use attribute names as used "
 "by AD, e.g. 'S' instead of 'ST'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:387 sss-certmap.5.xml:413
+#: sss-certmap.5.xml:389 sss-certmap.5.xml:415
 msgid ""
 "The conversion options starting with 'nss_' will use attribute names as used "
 "by NSS."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:391 sss-certmap.5.xml:417
+#: sss-certmap.5.xml:393 sss-certmap.5.xml:419
 msgid ""
 "The default conversion option is 'nss', i.e. attribute names according to "
 "NSS and LDAP/RFC 4514 ordering."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:395
+#: sss-certmap.5.xml:397
 msgid ""
 "Example: (ipacertmapdata=X509:&lt;I&gt;{issuer_dn!ad}&lt;S&gt;{subject_dn!"
 "ad})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:400
+#: sss-certmap.5.xml:402
 msgid "{subject_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:403
+#: sss-certmap.5.xml:405
 msgid ""
 "This template will add the full subject DN converted to string according to "
 "RFC 4514. If X.500 ordering (most specific RDN comes last) an option with "
@@ -7933,19 +7987,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:421
+#: sss-certmap.5.xml:423
 msgid ""
 "Example: (ipacertmapdata=X509:&lt;I&gt;{issuer_dn!nss_x500}&lt;S&gt;"
 "{subject_dn!nss_x500})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:426
+#: sss-certmap.5.xml:428
 msgid "{cert[!(bin|base64)]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:429
+#: sss-certmap.5.xml:431
 msgid ""
 "This template will add the whole DER encoded certificate as a string to the "
 "search filter. Depending on the conversion option the binary certificate is "
@@ -7955,17 +8009,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:437
+#: sss-certmap.5.xml:439
 msgid "Example: (userCertificate;binary={cert!bin})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:442
+#: sss-certmap.5.xml:444
 msgid "{subject_principal[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:445
+#: sss-certmap.5.xml:447
 msgid ""
 "This template will add the Kerberos principal which is taken either from the "
 "SAN used by pkinit or the one used by AD. The 'short_name' component "
@@ -7973,19 +8027,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:451 sss-certmap.5.xml:479
+#: sss-certmap.5.xml:453 sss-certmap.5.xml:481
 msgid ""
 "Example: (|(userPrincipal={subject_principal})"
 "(samAccountName={subject_principal.short_name}))"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:456
+#: sss-certmap.5.xml:458
 msgid "{subject_pkinit_principal[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:459
+#: sss-certmap.5.xml:461
 msgid ""
 "This template will add the Kerberos principal which is given by the SAN used "
 "by pkinit. The 'short_name' component represents the first part of the "
@@ -7993,19 +8047,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:465
+#: sss-certmap.5.xml:467
 msgid ""
 "Example: (|(userPrincipal={subject_pkinit_principal})"
 "(uid={subject_pkinit_principal.short_name}))"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:470
+#: sss-certmap.5.xml:472
 msgid "{subject_nt_principal[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:473
+#: sss-certmap.5.xml:475
 msgid ""
 "This template will add the Kerberos principal which is given by the SAN used "
 "by AD. The 'short_name' component represent the first part of the principal "
@@ -8013,12 +8067,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:484
+#: sss-certmap.5.xml:486
 msgid "{subject_rfc822_name[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:487
+#: sss-certmap.5.xml:489
 msgid ""
 "This template will add the string which is stored in the rfc822Name "
 "component of the SAN, typically an email address. The 'short_name' component "
@@ -8026,19 +8080,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:493
+#: sss-certmap.5.xml:495
 msgid ""
 "Example: (|(mail={subject_rfc822_name})(uid={subject_rfc822_name."
 "short_name}))"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:498
+#: sss-certmap.5.xml:500
 msgid "{subject_dns_name[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:501
+#: sss-certmap.5.xml:503
 msgid ""
 "This template will add the string which is stored in the dNSName component "
 "of the SAN, typically a fully-qualified host name.  The 'short_name' "
@@ -8046,116 +8100,116 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:507
+#: sss-certmap.5.xml:509
 msgid ""
 "Example: (|(fqdn={subject_dns_name})(host={subject_dns_name.short_name}))"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:512
+#: sss-certmap.5.xml:514
 msgid "{subject_uri}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:515
+#: sss-certmap.5.xml:517
 msgid ""
 "This template will add the string which is stored in the "
 "uniformResourceIdentifier component of the SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:519
+#: sss-certmap.5.xml:521
 msgid "Example: (uri={subject_uri})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:524
+#: sss-certmap.5.xml:526
 msgid "{subject_ip_address}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:527
+#: sss-certmap.5.xml:529
 msgid ""
 "This template will add the string which is stored in the iPAddress component "
 "of the SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:531
+#: sss-certmap.5.xml:533
 msgid "Example: (ip={subject_ip_address})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:536
+#: sss-certmap.5.xml:538
 msgid "{subject_x400_address}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:539
+#: sss-certmap.5.xml:541
 msgid ""
 "This template will add the value which is stored in the x400Address "
 "component of the SAN as escaped hex sequence."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:544
+#: sss-certmap.5.xml:546
 msgid "Example: (attr:binary={subject_x400_address})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:549
+#: sss-certmap.5.xml:551
 msgid ""
 "{subject_directory_name[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:552
+#: sss-certmap.5.xml:554
 msgid ""
 "This template will add the DN string of the value which is stored in the "
 "directoryName component of the SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:556
+#: sss-certmap.5.xml:558
 msgid "Example: (orig_dn={subject_directory_name})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:561
+#: sss-certmap.5.xml:563
 msgid "{subject_ediparty_name}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:564
+#: sss-certmap.5.xml:566
 msgid ""
 "This template will add the value which is stored in the ediPartyName "
 "component of the SAN as escaped hex sequence."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:569
+#: sss-certmap.5.xml:571
 msgid "Example: (attr:binary={subject_ediparty_name})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:574
+#: sss-certmap.5.xml:576
 msgid "{subject_registered_id}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:577
+#: sss-certmap.5.xml:579
 msgid ""
 "This template will add the OID which is stored in the registeredID component "
 "of the SAN as a dotted-decimal string."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:582
+#: sss-certmap.5.xml:584
 msgid "Example: (oid={subject_registered_id})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:367
+#: sss-certmap.5.xml:369
 msgid ""
 "The templates to add certificate data to the search filter are based on "
 "Python-style formatting strings. They consist of a keyword in curly braces "
@@ -8165,12 +8219,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sss-certmap.5.xml:590
+#: sss-certmap.5.xml:592
 msgid "DOMAIN LIST"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:592
+#: sss-certmap.5.xml:594
 msgid ""
 "If the domain list is not empty users mapped to a given certificate are not "
 "only searched in the local domain but in the listed domains as well as long "
@@ -8291,7 +8345,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:863
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:866
 msgid "dyndns_update (boolean)"
 msgstr ""
 
@@ -8306,7 +8360,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:140 sssd-ad.5.xml:877
+#: sssd-ipa.5.xml:140 sssd-ad.5.xml:880
 msgid ""
 "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
 "the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -8321,12 +8375,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:157 sssd-ad.5.xml:888
+#: sssd-ipa.5.xml:157 sssd-ad.5.xml:891
 msgid "dyndns_ttl (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:160 sssd-ad.5.xml:891
+#: sssd-ipa.5.xml:160 sssd-ad.5.xml:894
 msgid ""
 "The TTL to apply to the client DNS record when updating it.  If "
 "dyndns_update is false this has no effect. This will override the TTL "
@@ -8347,12 +8401,12 @@ msgid "Default: 1200 (seconds)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:177 sssd-ad.5.xml:902
+#: sssd-ipa.5.xml:177 sssd-ad.5.xml:905
 msgid "dyndns_iface (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:180 sssd-ad.5.xml:905
+#: sssd-ipa.5.xml:180 sssd-ad.5.xml:908
 msgid ""
 "Optional. Applicable only when dyndns_update is true. Choose the interface "
 "or a list of interfaces whose IP addresses should be used for dynamic DNS "
@@ -8376,17 +8430,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:197 sssd-ad.5.xml:916
+#: sssd-ipa.5.xml:197 sssd-ad.5.xml:919
 msgid "Example: dyndns_iface = em1, vnet1, vnet2"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:203 sssd-ad.5.xml:967
+#: sssd-ipa.5.xml:203 sssd-ad.5.xml:970
 msgid "dyndns_auth (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:206 sssd-ad.5.xml:970
+#: sssd-ipa.5.xml:206 sssd-ad.5.xml:973
 msgid ""
 "Whether the nsupdate utility should use GSS-TSIG authentication for secure "
 "updates with the DNS server, insecure updates can be sent by setting this "
@@ -8394,7 +8448,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:212 sssd-ad.5.xml:976
+#: sssd-ipa.5.xml:212 sssd-ad.5.xml:979
 msgid "Default: GSS-TSIG"
 msgstr ""
 
@@ -8404,7 +8458,7 @@ msgid "ipa_enable_dns_sites (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:221 sssd-ad.5.xml:210
+#: sssd-ipa.5.xml:221 sssd-ad.5.xml:213
 msgid "Enables DNS sites - location based service discovery."
 msgstr ""
 
@@ -8421,7 +8475,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:244 sssd-ad.5.xml:922
+#: sssd-ipa.5.xml:244 sssd-ad.5.xml:925
 msgid "dyndns_refresh_interval (integer)"
 msgstr ""
 
@@ -8434,12 +8488,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:940
+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:943
 msgid "dyndns_update_ptr (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:263 sssd-ad.5.xml:943
+#: sssd-ipa.5.xml:263 sssd-ad.5.xml:946
 msgid ""
 "Whether the PTR record should also be explicitly updated when updating the "
 "client's DNS records.  Applicable only when dyndns_update is true."
@@ -8458,50 +8512,50 @@ msgid "Default: False (disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:280 sssd-ad.5.xml:954
+#: sssd-ipa.5.xml:280 sssd-ad.5.xml:957
 msgid "dyndns_force_tcp (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:283 sssd-ad.5.xml:957
+#: sssd-ipa.5.xml:283 sssd-ad.5.xml:960
 msgid ""
 "Whether the nsupdate utility should default to using TCP for communicating "
 "with the DNS server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:287 sssd-ad.5.xml:961
+#: sssd-ipa.5.xml:287 sssd-ad.5.xml:964
 msgid "Default: False (let nsupdate choose the protocol)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:293 sssd-ad.5.xml:982
+#: sssd-ipa.5.xml:293 sssd-ad.5.xml:985
 msgid "dyndns_server (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:296 sssd-ad.5.xml:985
+#: sssd-ipa.5.xml:296 sssd-ad.5.xml:988
 msgid ""
 "The DNS server to use when performing a DNS update. In most setups, it's "
 "recommended to leave this option unset."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:301 sssd-ad.5.xml:990
+#: sssd-ipa.5.xml:301 sssd-ad.5.xml:993
 msgid ""
 "Setting this option makes sense for environments where the DNS server is "
 "different from the identity server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:306 sssd-ad.5.xml:995
+#: sssd-ipa.5.xml:306 sssd-ad.5.xml:998
 msgid ""
 "Please note that this option will be only used in fallback attempt when "
 "previous attempt using autodetected settings failed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1000
+#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1003
 msgid "Default: None (let nsupdate choose the server)"
 msgstr ""
 
@@ -8612,26 +8666,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:443 sssd-ad.5.xml:1009
+#: sssd-ipa.5.xml:443 sssd-ad.5.xml:1012
 msgid "krb5_confd_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:446 sssd-ad.5.xml:1012
+#: sssd-ipa.5.xml:446 sssd-ad.5.xml:1015
 msgid ""
 "Absolute path of a directory where SSSD should place Kerberos configuration "
 "snippets."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:450 sssd-ad.5.xml:1016
+#: sssd-ipa.5.xml:450 sssd-ad.5.xml:1019
 msgid ""
 "To disable the creation of the configuration snippets set the parameter to "
 "'none'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454 sssd-ad.5.xml:1020
+#: sssd-ipa.5.xml:454 sssd-ad.5.xml:1023
 msgid ""
 "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
 msgstr ""
@@ -8650,7 +8704,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471 sssd-ipa.5.xml:501 sssd-ipa.5.xml:517 sssd-ad.5.xml:428
+#: sssd-ipa.5.xml:471 sssd-ipa.5.xml:501 sssd-ipa.5.xml:517 sssd-ad.5.xml:431
 msgid "Default: 5 (seconds)"
 msgstr ""
 
@@ -9070,11 +9124,13 @@ msgid ""
 "POSIX attributes are not replicated to the Global Catalog, SSSD must search "
 "all the domains in the forest sequentially. Please note that the "
 "<quote>cache_first</quote> option might be also helpful in speeding up "
-"domainless searches."
+"domainless searches.  Note that if only a subset of POSIX attributes is "
+"present in the Global Catalog, the non-replicated attributes are currently "
+"not read from the LDAP port."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:105
+#: sssd-ad.5.xml:108
 msgid ""
 "Users, groups and other entities served by SSSD are always treated as case-"
 "insensitive in the AD provider for compatibility with Active Directory's "
@@ -9082,38 +9138,38 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:120
+#: sssd-ad.5.xml:123
 msgid "ad_domain (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:123
+#: sssd-ad.5.xml:126
 msgid ""
 "Specifies the name of the Active Directory domain.  This is optional. If not "
 "provided, the configuration domain name is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:128
+#: sssd-ad.5.xml:131
 msgid ""
 "For proper operation, this option should be specified as the lower-case "
 "version of the long version of the Active Directory domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:133
+#: sssd-ad.5.xml:136
 msgid ""
 "The short domain name (also known as the NetBIOS or the flat name) is "
 "autodetected by the SSSD."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:140
+#: sssd-ad.5.xml:143
 msgid "ad_enabled_domains (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:143
+#: sssd-ad.5.xml:146
 msgid ""
 "A comma-separated list of enabled Active Directory domains.  If provided, "
 "SSSD will ignore any domains not listed in this option. If left unset, all "
@@ -9121,7 +9177,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:153
+#: sssd-ad.5.xml:156
 #, no-wrap
 msgid ""
 "ad_enabled_domains = sales.example.com, eng.example.com\n"
@@ -9129,7 +9185,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:149
+#: sssd-ad.5.xml:152
 msgid ""
 "For proper operation, this option must be specified in all lower-case and as "
 "the fully qualified domain name of the Active Directory domain. For example: "
@@ -9137,19 +9193,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:157
+#: sssd-ad.5.xml:160
 msgid ""
 "The short domain name (also known as the NetBIOS or the flat name) will be "
 "autodetected by SSSD."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:167
+#: sssd-ad.5.xml:170
 msgid "ad_server, ad_backup_server (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:170
+#: sssd-ad.5.xml:173
 msgid ""
 "The comma-separated list of hostnames of the AD servers to which SSSD should "
 "connect in order of preference. For more information on failover and server "
@@ -9157,26 +9213,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:177
+#: sssd-ad.5.xml:180
 msgid ""
 "This is optional if autodiscovery is enabled.  For more information on "
 "service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:182
+#: sssd-ad.5.xml:185
 msgid ""
 "Note: Trusted domains will always auto-discover servers even if the primary "
 "server is explicitly defined in the ad_server option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:190
+#: sssd-ad.5.xml:193
 msgid "ad_hostname (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:193
+#: sssd-ad.5.xml:196
 msgid ""
 "Optional. May be set on machines where the hostname(5) does not reflect the "
 "fully qualified name used in the Active Directory domain to identify this "
@@ -9184,19 +9240,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:199
+#: sssd-ad.5.xml:202
 msgid ""
 "This field is used to determine the host principal in use in the keytab. It "
 "must match the hostname for which the keytab was issued."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:207
+#: sssd-ad.5.xml:210
 msgid "ad_enable_dns_sites (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:214
+#: sssd-ad.5.xml:217
 msgid ""
 "If true and service discovery (see Service Discovery paragraph at the bottom "
 "of the man page)  is enabled, the SSSD will first attempt to discover the "
@@ -9207,12 +9263,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:230
+#: sssd-ad.5.xml:233
 msgid "ad_access_filter (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:233
+#: sssd-ad.5.xml:236
 msgid ""
 "This option specifies LDAP access control filter that the user must match in "
 "order to be allowed access. Please note that the <quote>access_provider</"
@@ -9221,7 +9277,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:241
+#: sssd-ad.5.xml:244
 msgid ""
 "The option also supports specifying different filters per domain or forest. "
 "This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>.  "
@@ -9230,7 +9286,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:249
+#: sssd-ad.5.xml:252
 msgid ""
 "If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</"
 "quote> specifies the domain or subdomain the filter applies to.  If the "
@@ -9239,14 +9295,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:257
+#: sssd-ad.5.xml:260
 msgid ""
 "Multiple filters can be separated with the <quote>?</quote> character, "
 "similarly to how search bases work."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:262
+#: sssd-ad.5.xml:265
 msgid ""
 "Nested group membership must be searched for using a special OID "
 "<quote>:1.2.840.113556.1.4.1941:</quote> in addition to the full DOM:domain."
@@ -9259,7 +9315,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:275
+#: sssd-ad.5.xml:278
 msgid ""
 "The most specific match is always used. For example, if the option specified "
 "filter for a domain the user is a member of and a global filter, the per-"
@@ -9268,7 +9324,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ad.5.xml:286
+#: sssd-ad.5.xml:289
 #, no-wrap
 msgid ""
 "# apply filter on domain called dom1 only:\n"
@@ -9286,24 +9342,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:305
+#: sssd-ad.5.xml:308
 msgid "ad_site (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:308
+#: sssd-ad.5.xml:311
 msgid ""
 "Specify AD site to which client should try to connect.  If this option is "
 "not provided, the AD site will be auto-discovered."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:319
+#: sssd-ad.5.xml:322
 msgid "ad_enable_gc (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:322
+#: sssd-ad.5.xml:325
 msgid ""
 "By default, the SSSD connects to the Global Catalog first to retrieve users "
 "from trusted domains and uses the LDAP port to retrieve group memberships or "
@@ -9312,7 +9368,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:330
+#: sssd-ad.5.xml:333
 msgid ""
 "Please note that disabling Global Catalog support does not disable "
 "retrieving users from trusted domains. The SSSD would connect to the LDAP "
@@ -9321,12 +9377,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:344
+#: sssd-ad.5.xml:347
 msgid "ad_gpo_access_control (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:347
+#: sssd-ad.5.xml:350
 msgid ""
 "This option specifies the operation mode for GPO-based access control "
 "functionality: whether it operates in disabled mode, enforcing mode, or "
@@ -9336,14 +9392,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:356
+#: sssd-ad.5.xml:359
 msgid ""
 "GPO-based access control functionality uses GPO policy settings to determine "
 "whether or not a particular user is allowed to logon to a particular host."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:362
+#: sssd-ad.5.xml:365
 msgid ""
 "NOTE: The current version of SSSD does not support host (computer) entries "
 "in the GPO 'Security Filtering' list. Only user and group entries are "
@@ -9351,7 +9407,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:369
+#: sssd-ad.5.xml:372
 msgid ""
 "NOTE: If the operation mode is set to enforcing, it is possible that users "
 "that were previously allowed logon access will now be denied logon access "
@@ -9364,23 +9420,23 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:382
+#: sssd-ad.5.xml:385
 msgid "There are three supported values for this option:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:386
+#: sssd-ad.5.xml:389
 msgid ""
 "disabled: GPO-based access control rules are neither evaluated nor enforced."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:392
+#: sssd-ad.5.xml:395
 msgid "enforcing: GPO-based access control rules are evaluated and enforced."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:398
+#: sssd-ad.5.xml:401
 msgid ""
 "permissive: GPO-based access control rules are evaluated, but not enforced.  "
 "Instead, a syslog message will be emitted indicating that the user would "
@@ -9388,22 +9444,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:409
+#: sssd-ad.5.xml:412
 msgid "Default: permissive"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:412
+#: sssd-ad.5.xml:415
 msgid "Default: enforcing"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:418
+#: sssd-ad.5.xml:421
 msgid "ad_gpo_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:421
+#: sssd-ad.5.xml:424
 msgid ""
 "The amount of time between lookups of GPO policy files against the AD "
 "server. This will reduce the latency and load on the AD server if there are "
@@ -9411,12 +9467,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:434
+#: sssd-ad.5.xml:437
 msgid "ad_gpo_map_interactive (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:437
+#: sssd-ad.5.xml:440
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the InteractiveLogonRight and "
@@ -9424,14 +9480,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:443
+#: sssd-ad.5.xml:446
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Allow "
 "log on locally\" and \"Deny log on locally\"."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:457
+#: sssd-ad.5.xml:460
 #, no-wrap
 msgid ""
 "ad_gpo_map_interactive = +my_pam_service, -login\n"
@@ -9439,7 +9495,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:448
+#: sssd-ad.5.xml:451
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -9451,78 +9507,78 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:461 sssd-ad.5.xml:557 sssd-ad.5.xml:603 sssd-ad.5.xml:648
-#: sssd-ad.5.xml:714
+#: sssd-ad.5.xml:464 sssd-ad.5.xml:560 sssd-ad.5.xml:606 sssd-ad.5.xml:651
+#: sssd-ad.5.xml:717
 msgid "Default: the default set of PAM service names includes:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:465
+#: sssd-ad.5.xml:468
 msgid "login"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:470
+#: sssd-ad.5.xml:473
 msgid "su"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:475
+#: sssd-ad.5.xml:478
 msgid "su-l"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:480
+#: sssd-ad.5.xml:483
 msgid "gdm-fingerprint"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:485
+#: sssd-ad.5.xml:488
 msgid "gdm-password"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:490
+#: sssd-ad.5.xml:493
 msgid "gdm-smartcard"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:495
+#: sssd-ad.5.xml:498
 msgid "kdm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:500
+#: sssd-ad.5.xml:503
 msgid "lightdm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:505
+#: sssd-ad.5.xml:508
 msgid "lxdm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:510
+#: sssd-ad.5.xml:513
 msgid "sddm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:515
+#: sssd-ad.5.xml:518
 msgid "unity"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:520
+#: sssd-ad.5.xml:523
 msgid "xdm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:529
+#: sssd-ad.5.xml:532
 msgid "ad_gpo_map_remote_interactive (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:532
+#: sssd-ad.5.xml:535
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the RemoteInteractiveLogonRight and "
@@ -9530,7 +9586,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:538
+#: sssd-ad.5.xml:541
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Allow "
 "log on through Remote Desktop Services\" and \"Deny log on through Remote "
@@ -9538,7 +9594,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:553
+#: sssd-ad.5.xml:556
 #, no-wrap
 msgid ""
 "ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n"
@@ -9546,7 +9602,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:544
+#: sssd-ad.5.xml:547
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -9558,22 +9614,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:561
+#: sssd-ad.5.xml:564
 msgid "sshd"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:566
+#: sssd-ad.5.xml:569
 msgid "cockpit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:575
+#: sssd-ad.5.xml:578
 msgid "ad_gpo_map_network (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:578
+#: sssd-ad.5.xml:581
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the NetworkLogonRight and "
@@ -9581,7 +9637,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:584
+#: sssd-ad.5.xml:587
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Access "
 "this computer from the network\" and \"Deny access to this computer from the "
@@ -9589,7 +9645,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:599
+#: sssd-ad.5.xml:602
 #, no-wrap
 msgid ""
 "ad_gpo_map_network = +my_pam_service, -ftp\n"
@@ -9597,7 +9653,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:590
+#: sssd-ad.5.xml:593
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -9609,22 +9665,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:607
+#: sssd-ad.5.xml:610
 msgid "ftp"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:612
+#: sssd-ad.5.xml:615
 msgid "samba"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:621
+#: sssd-ad.5.xml:624
 msgid "ad_gpo_map_batch (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:624
+#: sssd-ad.5.xml:627
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the BatchLogonRight and DenyBatchLogonRight "
@@ -9632,14 +9688,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:630
+#: sssd-ad.5.xml:633
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Allow "
 "log on as a batch job\" and \"Deny log on as a batch job\"."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:644
+#: sssd-ad.5.xml:647
 #, no-wrap
 msgid ""
 "ad_gpo_map_batch = +my_pam_service, -crond\n"
@@ -9647,7 +9703,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:635
+#: sssd-ad.5.xml:638
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -9659,17 +9715,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:652
+#: sssd-ad.5.xml:655
 msgid "crond"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:661
+#: sssd-ad.5.xml:664
 msgid "ad_gpo_map_service (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:664
+#: sssd-ad.5.xml:667
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the ServiceLogonRight and "
@@ -9677,14 +9733,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:670
+#: sssd-ad.5.xml:673
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Allow "
 "log on as a service\" and \"Deny log on as a service\"."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:683
+#: sssd-ad.5.xml:686
 #, no-wrap
 msgid ""
 "ad_gpo_map_service = +my_pam_service\n"
@@ -9692,7 +9748,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:675 sssd-ad.5.xml:750
+#: sssd-ad.5.xml:678 sssd-ad.5.xml:753
 msgid ""
 "It is possible to add a PAM service name to the default set by using <quote>"
 "+service_name</quote>.  Since the default set is empty, it is not possible "
@@ -9703,19 +9759,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:693
+#: sssd-ad.5.xml:696
 msgid "ad_gpo_map_permit (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:696
+#: sssd-ad.5.xml:699
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access is "
 "always granted, regardless of any GPO Logon Rights."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:710
+#: sssd-ad.5.xml:713
 #, no-wrap
 msgid ""
 "ad_gpo_map_permit = +my_pam_service, -sudo\n"
@@ -9723,7 +9779,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:701
+#: sssd-ad.5.xml:704
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -9735,39 +9791,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:718
+#: sssd-ad.5.xml:721
 msgid "polkit-1"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:723
+#: sssd-ad.5.xml:726
 msgid "sudo"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:728
+#: sssd-ad.5.xml:731
 msgid "sudo-i"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:733
+#: sssd-ad.5.xml:736
 msgid "systemd-user"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:742
+#: sssd-ad.5.xml:745
 msgid "ad_gpo_map_deny (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:745
+#: sssd-ad.5.xml:748
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access is "
 "always denied, regardless of any GPO Logon Rights."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:758
+#: sssd-ad.5.xml:761
 #, no-wrap
 msgid ""
 "ad_gpo_map_deny = +my_pam_service\n"
@@ -9775,12 +9831,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:768
+#: sssd-ad.5.xml:771
 msgid "ad_gpo_default_right (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:771
+#: sssd-ad.5.xml:774
 msgid ""
 "This option defines how access control is evaluated for PAM service names "
 "that are not explicitly listed in one of the ad_gpo_map_* options. This "
@@ -9793,57 +9849,57 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:784
+#: sssd-ad.5.xml:787
 msgid "Supported values for this option include:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:788
+#: sssd-ad.5.xml:791
 msgid "interactive"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:793
+#: sssd-ad.5.xml:796
 msgid "remote_interactive"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:798
+#: sssd-ad.5.xml:801
 msgid "network"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:803
+#: sssd-ad.5.xml:806
 msgid "batch"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:808
+#: sssd-ad.5.xml:811
 msgid "service"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:813
+#: sssd-ad.5.xml:816
 msgid "permit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:818
+#: sssd-ad.5.xml:821
 msgid "deny"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:824
+#: sssd-ad.5.xml:827
 msgid "Default: deny"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:830
+#: sssd-ad.5.xml:833
 msgid "ad_maximum_machine_account_password_age (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:833
+#: sssd-ad.5.xml:836
 msgid ""
 "SSSD will check once a day if the machine account password is older than the "
 "given age in days and try to renew it. A value of 0 will disable the renewal "
@@ -9851,17 +9907,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:839
+#: sssd-ad.5.xml:842
 msgid "Default: 30 days"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:845
+#: sssd-ad.5.xml:848
 msgid "ad_machine_account_password_renewal_opts (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:848
+#: sssd-ad.5.xml:851
 msgid ""
 "This option should only be used to test the machine account renewal task. "
 "The option expects 2 integers separated by a colon (':'). The first integer "
@@ -9871,12 +9927,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:857
+#: sssd-ad.5.xml:860
 msgid "Default: 86400:750 (24h and 15m)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:866
+#: sssd-ad.5.xml:869
 msgid ""
 "Optional. This option tells SSSD to automatically update the Active "
 "Directory DNS server with the IP address of this client. The update is "
@@ -9887,19 +9943,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:896
+#: sssd-ad.5.xml:899
 msgid "Default: 3600 (seconds)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:912
+#: sssd-ad.5.xml:915
 msgid ""
 "Default: Use the IP addresses of the interface which is used for AD LDAP "
 "connection"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:925
+#: sssd-ad.5.xml:928
 msgid ""
 "How often should the back end perform periodic DNS update in addition to the "
 "automatic update performed when the back end goes online.  This option is "
@@ -9909,12 +9965,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:948 sss_rpcidmapd.5.xml:76
+#: sssd-ad.5.xml:951 sss_rpcidmapd.5.xml:76
 msgid "Default: True"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:1040
+#: sssd-ad.5.xml:1043
 msgid ""
 "The following example assumes that SSSD is correctly configured and example."
 "com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -9922,7 +9978,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:1047
+#: sssd-ad.5.xml:1050
 #, no-wrap
 msgid ""
 "[domain/EXAMPLE]\n"
@@ -9937,7 +9993,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:1067
+#: sssd-ad.5.xml:1070
 #, no-wrap
 msgid ""
 "access_provider = ldap\n"
@@ -9946,7 +10002,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:1063
+#: sssd-ad.5.xml:1066
 msgid ""
 "The AD access control provider checks if the account is expired.  It has the "
 "same effect as the following configuration of the LDAP provider: "
@@ -9954,7 +10010,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:1073
+#: sssd-ad.5.xml:1076
 msgid ""
 "However, unless the <quote>ad</quote> access control provider is explicitly "
 "configured, the default access provider is <quote>permit</quote>. Please "
@@ -9964,15 +10020,15 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:1081
+#: sssd-ad.5.xml:1084
 msgid ""
 "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
 "attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
 "are included in the default Active Directory schema."
 msgstr ""
 
-#. type: Content of: <reference><refentry><refmeta><refentrytitle>
-#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 sssd-session-recording.5.xml:10
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16
 msgid "sssd-sudo"
 msgstr ""
 
@@ -10481,7 +10537,7 @@ msgid "The password to obfuscate will be read from standard input."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:70
+#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:127
 #: sss_ssh_knownhostsproxy.1.xml:78
 msgid ""
 "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
@@ -12498,19 +12554,99 @@ msgid ""
 "\" id=\"0\"/>"
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sss_ssh_authorizedkeys.1.xml:65
+msgid "KEYS FROM CERTIFICATES"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:67
+msgid ""
+"In addition to the public SSH keys for user <replaceable>USER</replaceable> "
+"<command>sss_ssh_authorizedkeys</command> can return public SSH keys derived "
+"from the public key of a X.509 certificate as well."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:73
+msgid ""
+"To enable this the <quote>ssh_use_certificate_keys</quote> option must be "
+"set to true (default) in the [ssh] section of <filename>sssd.conf</"
+"filename>. If the user entry contains certificates (see "
+"<quote>ldap_user_certificate</quote> in <citerefentry><refentrytitle>sssd-"
+"ldap</refentrytitle> <manvolnum>5</manvolnum></citerefentry> for details) or "
+"there is a certificate in an override entry for the user (see "
+"<citerefentry><refentrytitle>sss_override</refentrytitle> <manvolnum>8</"
+"manvolnum></citerefentry> or <citerefentry><refentrytitle>sssd-ipa</"
+"refentrytitle> <manvolnum>5</manvolnum></citerefentry> for details) and the "
+"certificate is valid SSSD will extract the public key from the certificate "
+"and convert it into the format expected by sshd."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:90
+msgid "Besides <quote>ssh_use_certificate_keys</quote> the options"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+#: sss_ssh_authorizedkeys.1.xml:92
+msgid "ca_db"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+#: sss_ssh_authorizedkeys.1.xml:93
+msgid "p11_child_timeout"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+#: sss_ssh_authorizedkeys.1.xml:94
+msgid "certificate_verification"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:96
+msgid ""
+"can be used to control how the certificates are validated (see "
+"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry> for details)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:101
+msgid ""
+"The validation is the benefit of using X.509 certificates instead of SSH "
+"keys directly because e.g. it gives a better control of the lifetime of the "
+"keys. When the ssh client is configured to use the private keys from a "
+"Smartcard with the help of a PKCS#11 shared library (see "
+"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></"
+"citerefentry> for details) it might be irritating that authentication is "
+"still working even if the related X.509 certificate on the Smartcard is "
+"already expired because neither <command>ssh</command> nor <command>sshd</"
+"command> will look at the certificate at all."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:114
+msgid ""
+"It has to be noted that the derived public SSH key can still be added to the "
+"<filename>authorized_keys</filename> file of the user to bypass the "
+"certificate validation if the <command>sshd</command> configuration permits "
+"this."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_authorizedkeys.1.xml:75
+#: sss_ssh_authorizedkeys.1.xml:132
 msgid ""
 "Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_authorizedkeys.1.xml:84 sss_ssh_knownhostsproxy.1.xml:92
+#: sss_ssh_authorizedkeys.1.xml:141 sss_ssh_knownhostsproxy.1.xml:92
 msgid "EXIT STATUS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:86 sss_ssh_knownhostsproxy.1.xml:94
+#: sss_ssh_authorizedkeys.1.xml:143 sss_ssh_knownhostsproxy.1.xml:94
 msgid ""
 "In case of success, an exit value of 0 is returned. Otherwise, 1 is returned."
 msgstr ""
@@ -12711,25 +12847,61 @@ msgid ""
 "manvolnum> </citerefentry>."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-files.5.xml:69
+msgid "passwd_files (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:72
+msgid ""
+"Comma-separated list of one or multiple password filenames to be read and "
+"enumerated by the files provider, inotify monitor watches will be set on "
+"each file to detect changes dynamically."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:78
+msgid "Default: /etc/passwd"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-files.5.xml:84
+msgid "group_files (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:87
+msgid ""
+"Comma-separated list of one or multiple group filenames to be read and "
+"enumerated by the files provider, inotify monitor watches will be set on "
+"each file to detect changes dynamically."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:93
+msgid "Default: /etc/group"
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-files.5.xml:59
 msgid ""
-"The files provider has no specific options of its own, however, generic SSSD "
-"domain options can be set where applicable.  Refer to the section "
-"<quote>DOMAIN SECTIONS</quote> of the <citerefentry> <refentrytitle>sssd."
-"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page "
-"for details on the configuration of an SSSD domain."
+"In addition to the options listed below, generic SSSD domain options can be "
+"set where applicable.  Refer to the section <quote>DOMAIN SECTIONS</quote> "
+"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> manual page for details on the configuration of "
+"an SSSD domain.  <placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-files.5.xml:73
+#: sssd-files.5.xml:105
 msgid ""
 "The following example assumes that SSSD is correctly configured and files is "
 "one of the domains in the <replaceable>[sssd]</replaceable> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-files.5.xml:79
+#: sssd-files.5.xml:111
 #, no-wrap
 msgid ""
 "[domain/files]\n"
@@ -13498,7 +13670,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-session-recording.5.xml:16
+#: sssd-session-recording.5.xml:10 sssd-session-recording.5.xml:16
 msgid "sssd-session-recording"
 msgstr ""
 
@@ -14349,7 +14521,7 @@ msgstr ""
 #: include/failover.xml:100
 msgid ""
 "For LDAP-based providers, the resolve operation is performed as part of an "
-"LDAP connection operation. Thefore, also the <quote>ldap_opt_timeout></"
+"LDAP connection operation. Therefore, also the <quote>ldap_opt_timeout></"
 "quote> timeout should be set to a larger value than "
 "<quote>dns_resolver_timeout</quote> which in turn should be set to a larger "
 "value than <quote>dns_resolver_op_timeout</quote>."
@@ -15187,6 +15359,23 @@ msgstr ""
 msgid "ldap_use_tokengroups = true"
 msgstr ""
 
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ad_modified_defaults.xml:63
+msgid "ldap_sasl_authid = sAMAccountName@REALM (typically SHORTNAME$@REALM)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ad_modified_defaults.xml:66
+msgid ""
+"The AD provider looks for a different principal than the LDAP provider by "
+"default, because in an Active Directory environment the principals are "
+"divided into two groups - User Principals and Service Principals. Only User "
+"Principal can be used to obtain a TGT and by default, computer object's "
+"principal is constructed from its sAMAccountName and the AD realm. The well-"
+"known host/hostname@REALM principal is a Service Principal and thus cannot "
+"be used to get a TGT with."
+msgstr ""
+
 #. type: Content of: <refsect1><para>
 #: include/ipa_modified_defaults.xml:4
 msgid ""
diff --git a/src/man/po/fi.po b/src/man/po/fi.po
index 9b232cf..4672a3d 100644
--- a/src/man/po/fi.po
+++ b/src/man/po/fi.po
@@ -1,17 +1,17 @@
 # Toni Rantala <trantalafilo@gmail.com>, 2017. #zanata
 msgid ""
 msgstr ""
-"Project-Id-Version: sssd-docs 1.15.3\n"
+"Project-Id-Version: sssd-docs 1.16.1\n"
 "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2018-03-09 12:30+0100\n"
-"PO-Revision-Date: 2017-03-24 08:46-0400\n"
+"POT-Creation-Date: 2018-06-08 21:00+0200\n"
+"PO-Revision-Date: 2017-03-24 08:46+0000\n"
 "Last-Translator: Toni Rantala <trantalafilo@gmail.com>\n"
 "Language-Team: Finnish\n"
 "Language: fi\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"X-Generator: Zanata 3.9.6\n"
+"X-Generator: Zanata 4.4.5\n"
 "Plural-Forms: nplurals=2; plural=(n != 1)\n"
 
 #. type: Content of: <reference><title>
@@ -83,7 +83,7 @@ msgstr ""
 #: sss_groupmod.8.xml:39 pam_sss.8.xml:64 sssd.8.xml:42 sss_obfuscate.8.xml:58
 #: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
 #: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
-#: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:66
+#: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:123
 #: sss_ssh_knownhostsproxy.1.xml:62
 msgid "OPTIONS"
 msgstr "VALINNAT"
@@ -179,7 +179,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd.conf.5.xml:41
 msgid ""
-"A line comment starts with a hash sign (<quote>#</quote>) or a semicolon "
+"A comment line starts with a hash sign (<quote>#</quote>) or a semicolon "
 "(<quote>;</quote>).  Inline comments are not supported."
 msgstr ""
 
@@ -287,11 +287,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:133 sssd.conf.5.xml:543 sssd.conf.5.xml:837
-#: sssd.conf.5.xml:1474 sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1937
-#: sssd-ldap.5.xml:1999 sssd-ldap.5.xml:2565 sssd-ldap.5.xml:2630
-#: sssd-ldap.5.xml:2648 sssd-ad.5.xml:224 sssd-ad.5.xml:338 sssd-ad.5.xml:882
-#: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
+#: sssd.conf.5.xml:133 sssd.conf.5.xml:543 sssd.conf.5.xml:839
+#: sssd.conf.5.xml:1491 sssd.conf.5.xml:1521 sssd-ldap.5.xml:1840
+#: sssd-ldap.5.xml:1937 sssd-ldap.5.xml:1999 sssd-ldap.5.xml:2565
+#: sssd-ldap.5.xml:2630 sssd-ldap.5.xml:2648 sssd-ad.5.xml:227
+#: sssd-ad.5.xml:341 sssd-ad.5.xml:885 sssd-krb5.5.xml:499
+#: sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
 msgid "Default: true"
 msgstr "Oletus:tosi"
 
@@ -308,8 +309,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:146 sssd.conf.5.xml:540 sssd.conf.5.xml:721
-#: sssd.conf.5.xml:1407 sssd.conf.5.xml:2925 sssd-ldap.5.xml:708
+#: sssd.conf.5.xml:146 sssd.conf.5.xml:540 sssd.conf.5.xml:722
+#: sssd.conf.5.xml:1424 sssd.conf.5.xml:2983 sssd-ldap.5.xml:708
 #: sssd-ldap.5.xml:1714 sssd-ldap.5.xml:1733 sssd-ldap.5.xml:1909
 #: sssd-ldap.5.xml:2335 sssd-ipa.5.xml:151 sssd-ipa.5.xml:238
 #: sssd-ipa.5.xml:559 sssd-krb5.5.xml:266 sssd-krb5.5.xml:300
@@ -343,7 +344,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:169 sssd.conf.5.xml:1359 sssd.conf.5.xml:2941
+#: sssd.conf.5.xml:169 sssd.conf.5.xml:1376 sssd.conf.5.xml:2999
 #: sssd-ldap.5.xml:1585 include/ldap_id_mapping.xml:264
 msgid "Default: 10"
 msgstr ""
@@ -359,7 +360,7 @@ msgid "The [sssd] section"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:191 sssd.conf.5.xml:3030
+#: sssd.conf.5.xml:191 sssd.conf.5.xml:3088
 msgid "Section parameters"
 msgstr ""
 
@@ -407,19 +408,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231 sssd.conf.5.xml:613
+#: sssd.conf.5.xml:231 sssd.conf.5.xml:614
 msgid "reconnection_retries (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:234 sssd.conf.5.xml:616
+#: sssd.conf.5.xml:234 sssd.conf.5.xml:617
 msgid ""
 "Number of times services should attempt to reconnect in the event of a Data "
 "Provider crash or restart before they give up"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:239 sssd.conf.5.xml:621
+#: sssd.conf.5.xml:239 sssd.conf.5.xml:622
 msgid "Default: 3"
 msgstr ""
 
@@ -439,7 +440,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:259 sssd.conf.5.xml:2539
+#: sssd.conf.5.xml:259 sssd.conf.5.xml:2597
 msgid "re_expression (string)"
 msgstr ""
 
@@ -459,12 +460,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:276 sssd.conf.5.xml:2590
+#: sssd.conf.5.xml:276 sssd.conf.5.xml:2648
 msgid "full_name_format (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:279 sssd.conf.5.xml:2593
+#: sssd.conf.5.xml:279 sssd.conf.5.xml:2651
 msgid ""
 "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
 "manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -472,39 +473,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:290 sssd.conf.5.xml:2604
+#: sssd.conf.5.xml:290 sssd.conf.5.xml:2662
 msgid "%1$s"
 msgstr "%1$s"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:291 sssd.conf.5.xml:2605
+#: sssd.conf.5.xml:291 sssd.conf.5.xml:2663
 msgid "user name"
 msgstr "käyttäjänimi"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:294 sssd.conf.5.xml:2608
+#: sssd.conf.5.xml:294 sssd.conf.5.xml:2666
 msgid "%2$s"
 msgstr "%2$s"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:297 sssd.conf.5.xml:2611
+#: sssd.conf.5.xml:297 sssd.conf.5.xml:2669
 msgid "domain name as specified in the SSSD config file."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:303 sssd.conf.5.xml:2617
+#: sssd.conf.5.xml:303 sssd.conf.5.xml:2675
 msgid "%3$s"
 msgstr "%3$s"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:306 sssd.conf.5.xml:2620
+#: sssd.conf.5.xml:306 sssd.conf.5.xml:2678
 msgid ""
 "domain flat name. Mostly usable for Active Directory domains, both directly "
 "configured or discovered via IPA trusts."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:287 sssd.conf.5.xml:2601
+#: sssd.conf.5.xml:287 sssd.conf.5.xml:2659
 msgid ""
 "The following expansions are supported: <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
@@ -628,9 +629,9 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:418 sssd.conf.5.xml:1163 sssd-ldap.5.xml:679
+#: sssd.conf.5.xml:418 sssd.conf.5.xml:1165 sssd-ldap.5.xml:679
 #: sssd-ldap.5.xml:1319 sssd-ldap.5.xml:1673 sssd-ldap.5.xml:1685
-#: sssd-ldap.5.xml:1767 sssd-ad.5.xml:687 sssd-ad.5.xml:762 sssd.8.xml:126
+#: sssd-ldap.5.xml:1767 sssd-ad.5.xml:690 sssd-ad.5.xml:765 sssd.8.xml:126
 #: sssd-krb5.5.xml:410 sssd-krb5.5.xml:556 sssd-secrets.5.xml:339
 #: sssd-secrets.5.xml:377 sssd-secrets.5.xml:390 sssd-secrets.5.xml:404
 #: sssd-secrets.5.xml:415 include/ldap_id_mapping.xml:205
@@ -808,21 +809,22 @@ msgstr ""
 #: sssd.conf.5.xml:563
 msgid ""
 "Please, note that when this option is set the output format of all commands "
-"is always fully-qualified even when using short names for input.  In case "
-"the administrator wants the output not fully-qualified, the full_name_format "
-"option can be used as shown below: <quote>full_name_format=%1$s</quote> "
-"However, keep in mind that during login, login applications often "
-"canonicalize the username by calling <citerefentry> <refentrytitle>getpwnam</"
-"refentrytitle> <manvolnum>3</manvolnum> </citerefentry> which, if a "
-"shortname is returned for a qualified input (while trying to reach a user "
-"which exists in multiple domains) might re-route the login attempt into the "
-"domain which users shortnames, making this workaround totally not "
-"recommended in cases where usernames may overlap between domains."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587 sssd.conf.5.xml:1371 sssd.conf.5.xml:2991
-#: sssd-ad.5.xml:161 sssd-ad.5.xml:299 sssd-ad.5.xml:313
+"is always fully-qualified even when using short names for input, for all "
+"users but the ones managed by the files provider.  In case the administrator "
+"wants the output not fully-qualified, the full_name_format option can be "
+"used as shown below: <quote>full_name_format=%1$s</quote> However, keep in "
+"mind that during login, login applications often canonicalize the username "
+"by calling <citerefentry> <refentrytitle>getpwnam</refentrytitle> "
+"<manvolnum>3</manvolnum> </citerefentry> which, if a shortname is returned "
+"for a qualified input (while trying to reach a user which exists in multiple "
+"domains) might re-route the login attempt into the domain which uses "
+"shortnames, making this workaround totally not recommended in cases where "
+"usernames may overlap between domains."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:588 sssd.conf.5.xml:1388 sssd.conf.5.xml:3049
+#: sssd-ad.5.xml:164 sssd-ad.5.xml:302 sssd-ad.5.xml:316
 msgid "Default: Not set"
 msgstr ""
 
@@ -838,12 +840,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:598
+#: sssd.conf.5.xml:599
 msgid "SERVICES SECTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:600
+#: sssd.conf.5.xml:601
 msgid ""
 "Settings that can be used to configure different services are described in "
 "this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -852,22 +854,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:607
+#: sssd.conf.5.xml:608
 msgid "General service configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:609
+#: sssd.conf.5.xml:610
 msgid "These options can be used to configure any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:626
+#: sssd.conf.5.xml:627
 msgid "fd_limit"
 msgstr "fd_limit"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:629
+#: sssd.conf.5.xml:630
 msgid ""
 "This option specifies the maximum number of file descriptors that may be "
 "opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -877,17 +879,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:638
+#: sssd.conf.5.xml:639
 msgid "Default: 8192 (or limits.conf \"hard\" limit)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:643
+#: sssd.conf.5.xml:644
 msgid "client_idle_timeout"
 msgstr "client_idle_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:646
+#: sssd.conf.5.xml:647
 msgid ""
 "This option specifies the number of seconds that a client of an SSSD process "
 "can hold onto a file descriptor without communicating on it. This value is "
@@ -897,18 +899,18 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:655 sssd.conf.5.xml:687 sssd.conf.5.xml:968
-#: sssd.conf.5.xml:1229 sssd-ldap.5.xml:1412
+#: sssd.conf.5.xml:656 sssd.conf.5.xml:688 sssd.conf.5.xml:970
+#: sssd.conf.5.xml:1231 sssd-ldap.5.xml:1412
 msgid "Default: 60"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:660
+#: sssd.conf.5.xml:661
 msgid "offline_timeout (integer)"
 msgstr "offline_timeout (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:663
+#: sssd.conf.5.xml:664
 msgid ""
 "When SSSD switches to offline mode the amount of time before it tries to go "
 "back online will increase based upon the time spent disconnected.  This "
@@ -916,24 +918,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:670
+#: sssd.conf.5.xml:671
 msgid "offline_timeout + random_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:673
+#: sssd.conf.5.xml:674
 msgid ""
 "The random offset can increment up to 30 seconds.  After each unsuccessful "
 "attempt to go online, the new interval is recalculated by the following:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:678
+#: sssd.conf.5.xml:679
 msgid "new_interval = old_interval*2 + random_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:681
+#: sssd.conf.5.xml:682
 msgid ""
 "Note that the maximum length of each interval is currently limited to one "
 "hour. If the calculated length of new_interval is greater than an hour, it "
@@ -941,12 +943,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:692
+#: sssd.conf.5.xml:693
 msgid "responder_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:695
+#: sssd.conf.5.xml:696
 msgid ""
 "This option specifies the number of seconds that an SSSD responder process "
 "can be up without being used. This value is limited in order to avoid "
@@ -958,58 +960,58 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:709 sssd.conf.5.xml:981 sssd.conf.5.xml:1566
+#: sssd.conf.5.xml:710 sssd.conf.5.xml:983 sssd.conf.5.xml:1616
 #: sssd-ldap.5.xml:722
 msgid "Default: 300"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:714
+#: sssd.conf.5.xml:715
 msgid "cache_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:717
+#: sssd.conf.5.xml:718
 msgid ""
 "This option specifies whether the responder should query all caches before "
 "querying the Data Providers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:729
+#: sssd.conf.5.xml:730
 msgid "NSS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:731
+#: sssd.conf.5.xml:732
 msgid ""
 "These options can be used to configure the Name Service Switch (NSS) service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:736
+#: sssd.conf.5.xml:737
 msgid "enum_cache_timeout (integer)"
 msgstr "enum_cache_timeout (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:739
+#: sssd.conf.5.xml:740
 msgid ""
 "How many seconds should nss_sss cache enumerations (requests for info about "
 "all users)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:743
+#: sssd.conf.5.xml:744
 msgid "Default: 120"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:748
+#: sssd.conf.5.xml:749
 msgid "entry_cache_nowait_percentage (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:751
+#: sssd.conf.5.xml:752
 msgid ""
 "The entry cache can be set to automatically update entries in the background "
 "if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -1017,7 +1019,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:757
+#: sssd.conf.5.xml:758
 msgid ""
 "For example, if the domain's entry_cache_timeout is set to 30s and "
 "entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -1027,7 +1029,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:767
+#: sssd.conf.5.xml:768
 msgid ""
 "Valid values for this option are 0-99 and represent a percentage of the "
 "entry_cache_timeout for each domain. For performance reasons, this "
@@ -1036,17 +1038,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:775 sssd.conf.5.xml:1428
+#: sssd.conf.5.xml:776 sssd.conf.5.xml:1445
 msgid "Default: 50"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:780
+#: sssd.conf.5.xml:781
 msgid "entry_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:784
 msgid ""
 "Specifies for how many seconds nss_sss should cache negative cache hits "
 "(that is, queries for invalid database entries, like nonexistent ones)  "
@@ -1054,34 +1056,35 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:789 sssd.conf.5.xml:1452
+#: sssd.conf.5.xml:790 sssd.conf.5.xml:1469
 msgid "Default: 15"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:794
+#: sssd.conf.5.xml:795
 msgid "local_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:797
+#: sssd.conf.5.xml:798
 msgid ""
 "Specifies for how many seconds nss_sss should keep local users and groups in "
-"negative cache before trying to look it up in the back end again."
+"negative cache before trying to look it up in the back end again. Setting "
+"the option to 0 disables this feature."
 msgstr ""
 
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:802 sssd.conf.5.xml:1217 sssd.conf.5.xml:2846 sssd.8.xml:79
-msgid "Default: 0"
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:804
+msgid "Default: 14400 (4 hours)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:807
+#: sssd.conf.5.xml:809
 msgid "filter_users, filter_groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:810
+#: sssd.conf.5.xml:812
 msgid ""
 "Exclude certain users or groups from being fetched from the sss NSS "
 "database. This is particularly useful for system accounts. This option can "
@@ -1090,7 +1093,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:817
+#: sssd.conf.5.xml:819
 msgid ""
 "NOTE: The filter_groups option doesn't affect inheritance of nested group "
 "members, since filtering happens after they are propagated for returning via "
@@ -1099,41 +1102,41 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:825
+#: sssd.conf.5.xml:827
 msgid "Default: root"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:830
+#: sssd.conf.5.xml:832
 msgid "filter_users_in_groups (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:833
+#: sssd.conf.5.xml:835
 msgid ""
 "If you want filtered user still be group members set this option to false."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:844
+#: sssd.conf.5.xml:846
 msgid "fallback_homedir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:849
 msgid ""
 "Set a default template for a user's home directory if one is not specified "
 "explicitly by the domain's data provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:852
+#: sssd.conf.5.xml:854
 msgid ""
 "The available values for this option are the same as for override_homedir."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:858
+#: sssd.conf.5.xml:860
 #, no-wrap
 msgid ""
 "fallback_homedir = /home/%u\n"
@@ -1141,23 +1144,23 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:856 sssd.conf.5.xml:1296 sssd.conf.5.xml:1315
+#: sssd.conf.5.xml:858 sssd.conf.5.xml:1298 sssd.conf.5.xml:1317
 #: sssd-krb5.5.xml:539 include/override_homedir.xml:59
 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:862
+#: sssd.conf.5.xml:864
 msgid "Default: not set (no substitution for unset home directories)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:870
 msgid "override_shell (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:873
 msgid ""
 "Override the login shell for all users. This option supersedes any other "
 "shell options if it takes effect and can be set either in the [nss] section "
@@ -1165,47 +1168,47 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:877
+#: sssd.conf.5.xml:879
 msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:883
+#: sssd.conf.5.xml:885
 msgid "allowed_shells (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:886
+#: sssd.conf.5.xml:888
 msgid ""
 "Restrict user shell to one of the listed values. The order of evaluation is:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:889
+#: sssd.conf.5.xml:891
 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:895
 msgid ""
 "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
 "quote>, use the value of the shell_fallback parameter."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:898
+#: sssd.conf.5.xml:900
 msgid ""
 "3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
 "shells</quote>, a nologin shell is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:903
+#: sssd.conf.5.xml:905
 msgid "The wildcard (*) can be used to allow any shell."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:906
+#: sssd.conf.5.xml:908
 msgid ""
 "The (*) is useful if you want to use shell_fallback in case that user's "
 "shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -1213,112 +1216,112 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:913
+#: sssd.conf.5.xml:915
 msgid "An empty string for shell is passed as-is to libc."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:918
 msgid ""
 "The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
 "that a restart of the SSSD is required in case a new shell is installed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:920
+#: sssd.conf.5.xml:922
 msgid "Default: Not set. The user shell is automatically used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:925
+#: sssd.conf.5.xml:927
 msgid "vetoed_shells (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:928
+#: sssd.conf.5.xml:930
 msgid "Replace any instance of these shells with the shell_fallback"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:933
+#: sssd.conf.5.xml:935
 msgid "shell_fallback (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:936
+#: sssd.conf.5.xml:938
 msgid ""
 "The default shell to use if an allowed shell is not installed on the machine."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
+#: sssd.conf.5.xml:942
 msgid "Default: /bin/sh"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:945
+#: sssd.conf.5.xml:947
 msgid "default_shell"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:950
 msgid ""
 "The default shell to use if the provider does not return one during lookup. "
 "This option can be specified globally in the [nss] section or per-domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:956
 msgid ""
 "Default: not set (Return NULL if no shell is specified and rely on libc to "
 "substitute something sensible when necessary, usually /bin/sh)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:961 sssd.conf.5.xml:1222
+#: sssd.conf.5.xml:963 sssd.conf.5.xml:1224
 msgid "get_domains_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:964 sssd.conf.5.xml:1225
+#: sssd.conf.5.xml:966 sssd.conf.5.xml:1227
 msgid ""
 "Specifies time in seconds for which the list of subdomains will be "
 "considered valid."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:973
+#: sssd.conf.5.xml:975
 msgid "memcache_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:976
+#: sssd.conf.5.xml:978
 msgid ""
 "Specifies time in seconds for which records in the in-memory cache will be "
 "valid. Setting this option to zero will disable the in-memory cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:984
+#: sssd.conf.5.xml:986
 msgid ""
 "WARNING: Disabling the in-memory cache will have significant negative impact "
 "on SSSD's performance and should only be used for testing."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:990
+#: sssd.conf.5.xml:992
 msgid ""
 "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
 "client applications will not use the fast in-memory cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:998 sssd-ifp.5.xml:74
+#: sssd.conf.5.xml:1000 sssd-ifp.5.xml:74
 msgid "user_attributes (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1001
+#: sssd.conf.5.xml:1003
 msgid ""
 "Some of the additional NSS responder requests can return more attributes "
 "than just the POSIX ones defined by the NSS interface. The list of "
@@ -1329,96 +1332,96 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1014
+#: sssd.conf.5.xml:1016
 msgid ""
 "To make configuration more easy the NSS responder will check the InfoPipe "
 "option if it is not set for the NSS responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1019
+#: sssd.conf.5.xml:1021
 msgid "Default: not set, fallback to InfoPipe option"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1026
 msgid "pwfield (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1029
 msgid ""
 "The value that NSS operations that return users or groups will return for "
 "the <quote>password</quote> field."
 msgstr ""
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:1032 include/override_homedir.xml:56
+#: sssd.conf.5.xml:1034 include/override_homedir.xml:56
 msgid "This option can also be set per-domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1035
+#: sssd.conf.5.xml:1037
 msgid ""
 "Default: <quote>*</quote> (remote domains)  or <quote>x</quote> (the files "
 "domain)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1043
+#: sssd.conf.5.xml:1045
 msgid "PAM configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1047
 msgid ""
 "These options can be used to configure the Pluggable Authentication Module "
 "(PAM) service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1050
+#: sssd.conf.5.xml:1052
 msgid "offline_credentials_expiration (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1053
+#: sssd.conf.5.xml:1055
 msgid ""
 "If the authentication provider is offline, how long should we allow cached "
 "logins (in days since the last successful online login)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1058 sssd.conf.5.xml:1071
+#: sssd.conf.5.xml:1060 sssd.conf.5.xml:1073
 msgid "Default: 0 (No limit)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1064
+#: sssd.conf.5.xml:1066
 msgid "offline_failed_login_attempts (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1067
+#: sssd.conf.5.xml:1069
 msgid ""
 "If the authentication provider is offline, how many failed login attempts "
 "are allowed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1077
+#: sssd.conf.5.xml:1079
 msgid "offline_failed_login_delay (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1080
+#: sssd.conf.5.xml:1082
 msgid ""
 "The time in minutes which has to pass after offline_failed_login_attempts "
 "has been reached before a new login attempt is possible."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1085
+#: sssd.conf.5.xml:1087
 msgid ""
 "If set to 0 the user cannot authenticate offline if "
 "offline_failed_login_attempts has been reached. Only a successful online "
@@ -1426,59 +1429,59 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1091 sssd.conf.5.xml:1189
+#: sssd.conf.5.xml:1093 sssd.conf.5.xml:1191
 msgid "Default: 5"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1097
+#: sssd.conf.5.xml:1099
 msgid "pam_verbosity (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1100
+#: sssd.conf.5.xml:1102
 msgid ""
 "Controls what kind of messages are shown to the user during authentication. "
 "The higher the number to more messages are displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1105
+#: sssd.conf.5.xml:1107
 msgid "Currently sssd supports the following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1108
+#: sssd.conf.5.xml:1110
 msgid "<emphasis>0</emphasis>: do not show any message"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1111
+#: sssd.conf.5.xml:1113
 msgid "<emphasis>1</emphasis>: show only important messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1115
+#: sssd.conf.5.xml:1117
 msgid "<emphasis>2</emphasis>: show informational messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1118
+#: sssd.conf.5.xml:1120
 msgid "<emphasis>3</emphasis>: show all messages and debug information"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1122 sssd.8.xml:63
+#: sssd.conf.5.xml:1124 sssd.8.xml:63
 msgid "Default: 1"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1128
+#: sssd.conf.5.xml:1130
 msgid "pam_response_filter (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1131
+#: sssd.conf.5.xml:1133
 msgid ""
 "A comma separated list of strings which allows to remove (filter) data sent "
 "by the PAM responder to pam_sss PAM module. There are different kind of "
@@ -1487,61 +1490,61 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1139
+#: sssd.conf.5.xml:1141
 msgid ""
 "While messages already can be controlled with the help of the pam_verbosity "
 "option this option allows to filter out other kind of responses as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1148
 msgid "ENV"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1147
+#: sssd.conf.5.xml:1149
 msgid "Do not send any environment variables to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1150
+#: sssd.conf.5.xml:1152
 msgid "ENV:var_name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1151
+#: sssd.conf.5.xml:1153
 msgid "Do not send environment variable var_name to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1155
+#: sssd.conf.5.xml:1157
 msgid "ENV:var_name:service"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1156
+#: sssd.conf.5.xml:1158
 msgid "Do not send environment variable var_name to service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1144
+#: sssd.conf.5.xml:1146
 msgid ""
 "Currently the following filters are supported: <placeholder type="
 "\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1166
+#: sssd.conf.5.xml:1168
 msgid "Example: ENV:KRB5CCNAME:sudo-i"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1174
 msgid "pam_id_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1175
+#: sssd.conf.5.xml:1177
 msgid ""
 "For any PAM request while SSSD is online, the SSSD will attempt to "
 "immediately update the cached identity information for the user in order to "
@@ -1549,7 +1552,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1181
+#: sssd.conf.5.xml:1183
 msgid ""
 "A complete PAM conversation may perform multiple PAM requests, such as "
 "account management and session opening. This option controls (on a per-"
@@ -1558,17 +1561,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1195
+#: sssd.conf.5.xml:1197
 msgid "pam_pwd_expiration_warning (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1198 sssd.conf.5.xml:2028
+#: sssd.conf.5.xml:1200 sssd.conf.5.xml:2078
 msgid "Display a warning N days before the password expires."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1201
+#: sssd.conf.5.xml:1203
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -1576,26 +1579,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1207 sssd.conf.5.xml:2031
+#: sssd.conf.5.xml:1209 sssd.conf.5.xml:2081
 msgid ""
 "If zero is set, then this filter is not applied, i.e. if the expiration "
 "warning was received from backend server, it will automatically be displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1212
+#: sssd.conf.5.xml:1214
 msgid ""
 "This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
 "emphasis> for a particular domain."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1219 sssd.conf.5.xml:2904 sssd.8.xml:79
+msgid "Default: 0"
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1234
+#: sssd.conf.5.xml:1236
 msgid "pam_trusted_users (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1237
+#: sssd.conf.5.xml:1239
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to run PAM conversations against trusted domains.  Users not "
@@ -1605,74 +1613,74 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1247
+#: sssd.conf.5.xml:1249
 msgid "Default: All users are considered trusted by default"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1251
+#: sssd.conf.5.xml:1253
 msgid ""
 "Please note that UID 0 is always allowed to access the PAM responder even in "
 "case it is not in the pam_trusted_users list."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1258
+#: sssd.conf.5.xml:1260
 msgid "pam_public_domains (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1261
+#: sssd.conf.5.xml:1263
 msgid ""
 "Specifies the comma-separated list of domain names that are accessible even "
 "to untrusted users."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1265
+#: sssd.conf.5.xml:1267
 msgid "Two special values for pam_public_domains option are defined:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1269
+#: sssd.conf.5.xml:1271
 msgid ""
 "all (Untrusted users are allowed to access all domains in PAM responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1273
+#: sssd.conf.5.xml:1275
 msgid ""
 "none (Untrusted users are not allowed to access any domains PAM in "
 "responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1277 sssd.conf.5.xml:1302 sssd.conf.5.xml:1321
-#: sssd.conf.5.xml:1825 sssd.conf.5.xml:2782 sssd-ldap.5.xml:1968
+#: sssd.conf.5.xml:1279 sssd.conf.5.xml:1304 sssd.conf.5.xml:1323
+#: sssd.conf.5.xml:1875 sssd.conf.5.xml:2840 sssd-ldap.5.xml:1968
 msgid "Default: none"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1282
+#: sssd.conf.5.xml:1284
 msgid "pam_account_expired_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1285
+#: sssd.conf.5.xml:1287
 msgid ""
 "Allows a custom expiration message to be set, replacing the default "
 "'Permission denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1290
+#: sssd.conf.5.xml:1292
 msgid ""
 "Note: Please be aware that message is only printed for the SSH service "
 "unless pam_verbosity is set to 3 (show all messages and debug information)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1298
+#: sssd.conf.5.xml:1300
 #, no-wrap
 msgid ""
 "pam_account_expired_message = Account expired, please contact help desk.\n"
@@ -1680,19 +1688,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1307
+#: sssd.conf.5.xml:1309
 msgid "pam_account_locked_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1310
+#: sssd.conf.5.xml:1312
 msgid ""
 "Allows a custom lockout message to be set, replacing the default 'Permission "
 "denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1317
+#: sssd.conf.5.xml:1319
 #, no-wrap
 msgid ""
 "pam_account_locked_message = Account locked, please contact help desk.\n"
@@ -1700,12 +1708,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1326
+#: sssd.conf.5.xml:1328
 msgid "pam_cert_auth (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1329
+#: sssd.conf.5.xml:1331
 msgid ""
 "Enable certificate based Smartcard authentication.  Since this requires "
 "additional communication with the Smartcard which will delay the "
@@ -1713,58 +1721,82 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1335 sssd.conf.5.xml:2875 sssd-ldap.5.xml:1087
+#: sssd.conf.5.xml:1337 sssd.conf.5.xml:2933 sssd-ldap.5.xml:1087
 #: sssd-ldap.5.xml:1114 sssd-ldap.5.xml:1514 sssd-ldap.5.xml:1535
 #: sssd-ldap.5.xml:2041 include/ldap_id_mapping.xml:244
 msgid "Default: False"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1340
+#: sssd.conf.5.xml:1342
 msgid "pam_cert_db_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1343
+#: sssd.conf.5.xml:1345
 msgid ""
 "The path to the certificate database which contain the PKCS#11 modules to "
 "access the Smartcard."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1347
-msgid "Default: /etc/pki/nssdb (NSS version)"
+#: sssd.conf.5.xml:1349 sssd.conf.5.xml:1534
+#, fuzzy
+#| msgid "Default: true"
+msgid "Default:"
+msgstr "Oletus:tosi"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:1351 sssd.conf.5.xml:1536
+msgid "/etc/pki/nssdb (NSS version, path to a NSS database)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:1354 sssd.conf.5.xml:1539
+msgid ""
+"/etc/sssd/pki/sssd_auth_ca_db.pem (OpenSSL version, path to a file with "
+"trusted CA certificates in PEM format)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1361 sssd.conf.5.xml:1546
+msgid "This man page was generated for the NSS version."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1364 sssd.conf.5.xml:1549
+msgid "This man page was generated for the OpenSSL version."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1352
+#: sssd.conf.5.xml:1369
 msgid "p11_child_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1355
+#: sssd.conf.5.xml:1372
 msgid "How many seconds will pam_sss wait for p11_child to finish."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1364
+#: sssd.conf.5.xml:1381
 msgid "pam_app_services (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1367
+#: sssd.conf.5.xml:1384
 msgid ""
 "Which PAM services are permitted to contact domains of type "
 "<quote>application</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1380
+#: sssd.conf.5.xml:1397
 msgid "SUDO configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1382
+#: sssd.conf.5.xml:1399
 msgid ""
 "These options can be used to configure the sudo service.  The detailed "
 "instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -1775,26 +1807,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1399
+#: sssd.conf.5.xml:1416
 msgid "sudo_timed (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1402
+#: sssd.conf.5.xml:1419
 msgid ""
 "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
 "that implement time-dependent sudoers entries."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1414
-#, fuzzy
-#| msgid "debug_level (integer)"
+#: sssd.conf.5.xml:1431
 msgid "sudo_threshold (integer)"
-msgstr "debug_level (integer)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1417
+#: sssd.conf.5.xml:1434
 msgid ""
 "Maximum number of expired rules that can be refreshed at once. If number of "
 "expired rules is below threshold, those rules are refreshed with "
@@ -1804,22 +1834,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1436
+#: sssd.conf.5.xml:1453
 msgid "AUTOFS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1438
+#: sssd.conf.5.xml:1455
 msgid "These options can be used to configure the autofs service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1442
+#: sssd.conf.5.xml:1459
 msgid "autofs_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1445
+#: sssd.conf.5.xml:1462
 msgid ""
 "Specifies for how many seconds should the autofs responder negative cache "
 "hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1827,68 +1857,77 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1461
+#: sssd.conf.5.xml:1478
 msgid "SSH configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1463
+#: sssd.conf.5.xml:1480
 msgid "These options can be used to configure the SSH service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1467
+#: sssd.conf.5.xml:1484
 msgid "ssh_hash_known_hosts (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1470
+#: sssd.conf.5.xml:1487
 msgid ""
 "Whether or not to hash host names and addresses in the managed known_hosts "
 "file."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1479
+#: sssd.conf.5.xml:1496
 msgid "ssh_known_hosts_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1482
+#: sssd.conf.5.xml:1499
 msgid ""
 "How many seconds to keep a host in the managed known_hosts file after its "
 "host keys were requested."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1486
+#: sssd.conf.5.xml:1503
 msgid "Default: 180"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1491
-msgid "ca_db (string)"
+#: sssd.conf.5.xml:1508
+msgid "ssh_use_certificate_keys (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1494
+#: sssd.conf.5.xml:1511
 msgid ""
-"Path to a storage of trusted CA certificates. The option is used to validate "
-"user certificates before deriving public ssh keys from them."
+"If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh "
+"keys derived from the public key of X.509 certificates stored in the user "
+"entry as well. See <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</"
+"refentrytitle> <manvolnum>1</manvolnum> </citerefentry> for details."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1526
+msgid "ca_db (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1499
-msgid "Default: /etc/pki/nssdb"
+#: sssd.conf.5.xml:1529
+msgid ""
+"Path to a storage of trusted CA certificates. The option is used to validate "
+"user certificates before deriving public ssh keys from them."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1507
+#: sssd.conf.5.xml:1557
 msgid "PAC responder configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1509
+#: sssd.conf.5.xml:1559
 msgid ""
 "The PAC responder works together with the authorization data plugin for MIT "
 "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -1899,7 +1938,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1518
+#: sssd.conf.5.xml:1568
 msgid ""
 "If the remote user does not exist in the cache, it is created. The UID is "
 "determined with the help of the SID, trusted domains will have UPGs and the "
@@ -1910,24 +1949,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1526
+#: sssd.conf.5.xml:1576
 msgid ""
 "If there are SIDs of groups from domains sssd knows about, the user will be "
 "added to those groups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1532
+#: sssd.conf.5.xml:1582
 msgid "These options can be used to configure the PAC responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1536 sssd-ifp.5.xml:50
+#: sssd.conf.5.xml:1586 sssd-ifp.5.xml:50
 msgid "allowed_uids (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1539
+#: sssd.conf.5.xml:1589
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -1935,12 +1974,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1545
+#: sssd.conf.5.xml:1595
 msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1549
+#: sssd.conf.5.xml:1599
 msgid ""
 "Please note that although the UID 0 is used as the default it will be "
 "overwritten with this option. If you still want to allow the root user to "
@@ -1949,24 +1988,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1558
+#: sssd.conf.5.xml:1608
 msgid "pac_lifetime (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1561
+#: sssd.conf.5.xml:1611
 msgid ""
 "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
 "data can be used to determine the group memberships of a user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1574
+#: sssd.conf.5.xml:1624
 msgid "Session recording configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1576
+#: sssd.conf.5.xml:1626
 msgid ""
 "Session recording works in conjunction with <citerefentry> "
 "<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </"
@@ -1976,68 +2015,66 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1589
+#: sssd.conf.5.xml:1639
 msgid "These options can be used to configure session recording."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1593 sssd-session-recording.5.xml:64
+#: sssd.conf.5.xml:1643 sssd-session-recording.5.xml:64
 msgid "scope (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1600 sssd-session-recording.5.xml:71
+#: sssd.conf.5.xml:1650 sssd-session-recording.5.xml:71
 msgid "\"none\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1603 sssd-session-recording.5.xml:74
+#: sssd.conf.5.xml:1653 sssd-session-recording.5.xml:74
 msgid "No users are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1608 sssd-session-recording.5.xml:79
+#: sssd.conf.5.xml:1658 sssd-session-recording.5.xml:79
 msgid "\"some\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1611 sssd-session-recording.5.xml:82
+#: sssd.conf.5.xml:1661 sssd-session-recording.5.xml:82
 msgid ""
 "Users/groups specified by <replaceable>users</replaceable> and "
 "<replaceable>groups</replaceable> options are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1620 sssd-session-recording.5.xml:91
+#: sssd.conf.5.xml:1670 sssd-session-recording.5.xml:91
 msgid "\"all\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1623 sssd-session-recording.5.xml:94
+#: sssd.conf.5.xml:1673 sssd-session-recording.5.xml:94
 msgid "All users are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1596 sssd-session-recording.5.xml:67
+#: sssd.conf.5.xml:1646 sssd-session-recording.5.xml:67
 msgid ""
 "One of the following strings specifying the scope of session recording: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1630 sssd-session-recording.5.xml:101
-#, fuzzy
-#| msgid "Default: not set"
+#: sssd.conf.5.xml:1680 sssd-session-recording.5.xml:101
 msgid "Default: \"none\""
-msgstr "Oletus: ei asetettu"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1635 sssd-session-recording.5.xml:106
+#: sssd.conf.5.xml:1685 sssd-session-recording.5.xml:106
 msgid "users (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1638 sssd-session-recording.5.xml:109
+#: sssd.conf.5.xml:1688 sssd-session-recording.5.xml:109
 msgid ""
 "A comma-separated list of users which should have session recording enabled. "
 "Matches user names as returned by NSS. I.e. after the possible space "
@@ -2045,17 +2082,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1644 sssd-session-recording.5.xml:115
+#: sssd.conf.5.xml:1694 sssd-session-recording.5.xml:115
 msgid "Default: Empty. Matches no users."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1649 sssd-session-recording.5.xml:120
+#: sssd.conf.5.xml:1699 sssd-session-recording.5.xml:120
 msgid "groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1652 sssd-session-recording.5.xml:123
+#: sssd.conf.5.xml:1702 sssd-session-recording.5.xml:123
 msgid ""
 "A comma-separated list of groups, members of which should have session "
 "recording enabled. Matches group names as returned by NSS. I.e. after the "
@@ -2063,7 +2100,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1658 sssd-session-recording.5.xml:129
+#: sssd.conf.5.xml:1708 sssd-session-recording.5.xml:129
 msgid ""
 "NOTE: using this option (having it set to anything) has a considerable "
 "performance cost, because each uncached request for a user requires "
@@ -2071,22 +2108,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1665 sssd-session-recording.5.xml:136
+#: sssd.conf.5.xml:1715 sssd-session-recording.5.xml:136
 msgid "Default: Empty. Matches no groups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1675
+#: sssd.conf.5.xml:1725
 msgid "DOMAIN SECTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1682
+#: sssd.conf.5.xml:1732
 msgid "domain_type (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1685
+#: sssd.conf.5.xml:1735
 msgid ""
 "Specifies whether the domain is meant to be used by POSIX-aware clients such "
 "as the Name Service Switch or by applications that do not need POSIX data to "
@@ -2095,14 +2132,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1693
+#: sssd.conf.5.xml:1743
 msgid ""
 "Allowed values for this option are <quote>posix</quote> and "
 "<quote>application</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1697
+#: sssd.conf.5.xml:1747
 msgid ""
 "POSIX domains are reachable by all services. Application domains are only "
 "reachable from the InfoPipe responder (see <citerefentry> "
@@ -2111,38 +2148,38 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1705
+#: sssd.conf.5.xml:1755
 msgid ""
 "NOTE: The application domains are currently well tested with "
 "<quote>id_provider=ldap</quote> only."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1709
+#: sssd.conf.5.xml:1759
 msgid ""
 "For an easy way to configure a non-POSIX domains, please see the "
 "<quote>Application domains</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1713
+#: sssd.conf.5.xml:1763
 msgid "Default: posix"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1719
+#: sssd.conf.5.xml:1769
 msgid "min_id,max_id (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1722
+#: sssd.conf.5.xml:1772
 msgid ""
 "UID and GID limits for the domain. If a domain contains an entry that is "
 "outside these limits, it is ignored."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1727
+#: sssd.conf.5.xml:1777
 msgid ""
 "For users, this affects the primary GID limit. The user will not be returned "
 "to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -2151,24 +2188,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1734
+#: sssd.conf.5.xml:1784
 msgid ""
 "These ID limits affect even saving entries to cache, not only returning them "
 "by name or ID."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1738
+#: sssd.conf.5.xml:1788
 msgid "Default: 1 for min_id, 0 (no limit) for max_id"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1744
+#: sssd.conf.5.xml:1794
 msgid "enumerate (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1747
+#: sssd.conf.5.xml:1797
 msgid ""
 "Determines if a domain can be enumerated, that is, whether the domain can "
 "list all the users and group it contains. Note that it is not required to "
@@ -2177,29 +2214,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1755
+#: sssd.conf.5.xml:1805
 msgid "TRUE = Users and groups are enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1758
+#: sssd.conf.5.xml:1808
 msgid "FALSE = No enumerations for this domain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1761 sssd.conf.5.xml:1983 sssd.conf.5.xml:2150
+#: sssd.conf.5.xml:1811 sssd.conf.5.xml:2033 sssd.conf.5.xml:2208
 msgid "Default: FALSE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1764
+#: sssd.conf.5.xml:1814
 msgid ""
 "Enumerating a domain requires SSSD to download and store ALL user and group "
 "entries from the remote server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1769
+#: sssd.conf.5.xml:1819
 msgid ""
 "Note: Enabling enumeration has a moderate performance impact on SSSD while "
 "enumeration is running. It may take up to several minutes after SSSD startup "
@@ -2213,14 +2250,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1784
+#: sssd.conf.5.xml:1834
 msgid ""
 "While the first enumeration is running, requests for the complete user or "
 "group lists may return no results until it completes."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1789
+#: sssd.conf.5.xml:1839
 msgid ""
 "Further, enabling enumeration may increase the time necessary to detect "
 "network disconnection, as longer timeouts are required to ensure that "
@@ -2229,39 +2266,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1797
+#: sssd.conf.5.xml:1847
 msgid ""
 "For the reasons cited above, enabling enumeration is not recommended, "
 "especially in large environments."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1805
+#: sssd.conf.5.xml:1855
 msgid "subdomain_enumerate (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1812
+#: sssd.conf.5.xml:1862
 msgid "all"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1813
+#: sssd.conf.5.xml:1863
 msgid "All discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1816
+#: sssd.conf.5.xml:1866
 msgid "none"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1817
+#: sssd.conf.5.xml:1867
 msgid "No discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1808
+#: sssd.conf.5.xml:1858
 msgid ""
 "Whether any of autodetected trusted domains should be enumerated. The "
 "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -2270,19 +2307,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1831
+#: sssd.conf.5.xml:1881
 msgid "entry_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1834
+#: sssd.conf.5.xml:1884
 msgid ""
 "How many seconds should nss_sss consider entries valid before asking the "
 "backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1838
+#: sssd.conf.5.xml:1888
 msgid ""
 "The cache expiration timestamps are stored as attributes of individual "
 "objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -2293,151 +2330,151 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1851
+#: sssd.conf.5.xml:1901
 msgid "Default: 5400"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1857
+#: sssd.conf.5.xml:1907
 msgid "entry_cache_user_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1860
+#: sssd.conf.5.xml:1910
 msgid ""
 "How many seconds should nss_sss consider user entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1864 sssd.conf.5.xml:1877 sssd.conf.5.xml:1890
-#: sssd.conf.5.xml:1903 sssd.conf.5.xml:1916 sssd.conf.5.xml:1930
-#: sssd.conf.5.xml:1944
+#: sssd.conf.5.xml:1914 sssd.conf.5.xml:1927 sssd.conf.5.xml:1940
+#: sssd.conf.5.xml:1953 sssd.conf.5.xml:1966 sssd.conf.5.xml:1980
+#: sssd.conf.5.xml:1994
 msgid "Default: entry_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1870
+#: sssd.conf.5.xml:1920
 msgid "entry_cache_group_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1873
+#: sssd.conf.5.xml:1923
 msgid ""
 "How many seconds should nss_sss consider group entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1883
+#: sssd.conf.5.xml:1933
 msgid "entry_cache_netgroup_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1886
+#: sssd.conf.5.xml:1936
 msgid ""
 "How many seconds should nss_sss consider netgroup entries valid before "
 "asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1896
+#: sssd.conf.5.xml:1946
 msgid "entry_cache_service_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1899
+#: sssd.conf.5.xml:1949
 msgid ""
 "How many seconds should nss_sss consider service entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1909
+#: sssd.conf.5.xml:1959
 msgid "entry_cache_sudo_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:1962
 msgid ""
 "How many seconds should sudo consider rules valid before asking the backend "
 "again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1922
+#: sssd.conf.5.xml:1972
 msgid "entry_cache_autofs_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1925
+#: sssd.conf.5.xml:1975
 msgid ""
 "How many seconds should the autofs service consider automounter maps valid "
 "before asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1936
+#: sssd.conf.5.xml:1986
 msgid "entry_cache_ssh_host_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1939
+#: sssd.conf.5.xml:1989
 msgid ""
 "How many seconds to keep a host ssh key after refresh. IE how long to cache "
 "the host key for."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1950
+#: sssd.conf.5.xml:2000
 msgid "refresh_expired_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1953
+#: sssd.conf.5.xml:2003
 msgid ""
 "Specifies how many seconds SSSD has to wait before triggering a background "
 "refresh task which will refresh all expired or nearly expired records."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1958
+#: sssd.conf.5.xml:2008
 msgid ""
 "The background refresh will process users, groups and netgroups in the cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1962
+#: sssd.conf.5.xml:2012
 msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1966 sssd-ldap.5.xml:746 sssd-ipa.5.xml:254
+#: sssd.conf.5.xml:2016 sssd-ldap.5.xml:746 sssd-ipa.5.xml:254
 msgid "Default: 0 (disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1972
+#: sssd.conf.5.xml:2022
 msgid "cache_credentials (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1975
+#: sssd.conf.5.xml:2025
 msgid "Determines if user credentials are also cached in the local LDB cache"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1979
+#: sssd.conf.5.xml:2029
 msgid "User credentials are stored in a SHA512 hash, not in plaintext"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1989
+#: sssd.conf.5.xml:2039
 msgid "cache_credentials_minimal_first_factor_length (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1992
+#: sssd.conf.5.xml:2042
 msgid ""
 "If 2-Factor-Authentication (2FA) is used and credentials should be saved "
 "this value determines the minimal length the first authentication factor "
@@ -2445,24 +2482,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1999
+#: sssd.conf.5.xml:2049
 msgid ""
 "This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
 "the cache which would make them easy targets for brute-force attacks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2004
+#: sssd.conf.5.xml:2054
 msgid "Default: 8"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2010
+#: sssd.conf.5.xml:2060
 msgid "account_cache_expiration (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2013
+#: sssd.conf.5.xml:2063
 msgid ""
 "Number of days entries are left in cache after last successful login before "
 "being removed during a cleanup of the cache. 0 means keep forever.  The "
@@ -2471,17 +2508,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2020
+#: sssd.conf.5.xml:2070
 msgid "Default: 0 (unlimited)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2025
+#: sssd.conf.5.xml:2075
 msgid "pwd_expiration_warning (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2036
+#: sssd.conf.5.xml:2086
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -2490,33 +2527,42 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2043
+#: sssd.conf.5.xml:2093
 msgid "Default: 7 (Kerberos), 0 (LDAP)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2049
+#: sssd.conf.5.xml:2099
 msgid "id_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2052
+#: sssd.conf.5.xml:2102
 msgid ""
 "The identification provider used for the domain.  Supported ID providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2056
-msgid "<quote>proxy</quote>: Support a legacy NSS provider"
+#: sssd.conf.5.xml:2106
+msgid "<quote>proxy</quote>: Support a legacy NSS provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2059 sssd.conf.5.xml:2196
-msgid "<quote>local</quote>: SSSD internal provider for local users"
+#: sssd.conf.5.xml:2109
+msgid ""
+"<quote>local</quote>: SSSD internal provider for local users (DEPRECATED)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2063
+#: sssd.conf.5.xml:2113
+msgid ""
+"<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-"
+"files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
+"information on how to mirror local users and groups into SSSD."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2121
 msgid ""
 "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
 "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -2524,8 +2570,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2071 sssd.conf.5.xml:2176 sssd.conf.5.xml:2231
-#: sssd.conf.5.xml:2294
+#: sssd.conf.5.xml:2129 sssd.conf.5.xml:2234 sssd.conf.5.xml:2289
+#: sssd.conf.5.xml:2352
 msgid ""
 "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
 "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -2534,8 +2580,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2080 sssd.conf.5.xml:2185 sssd.conf.5.xml:2240
-#: sssd.conf.5.xml:2303
+#: sssd.conf.5.xml:2138 sssd.conf.5.xml:2243 sssd.conf.5.xml:2298
+#: sssd.conf.5.xml:2361
 msgid ""
 "<quote>ad</quote>: Active Directory provider. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2543,19 +2589,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2091
+#: sssd.conf.5.xml:2149
 msgid "use_fully_qualified_names (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2094
+#: sssd.conf.5.xml:2152
 msgid ""
 "Use the full name and domain (as formatted by the domain's full_name_format) "
 "as the user's login name reported to NSS."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2099
+#: sssd.conf.5.xml:2157
 msgid ""
 "If set to TRUE, all requests to this domain must use fully qualified names. "
 "For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -2564,7 +2610,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2107
+#: sssd.conf.5.xml:2165
 msgid ""
 "NOTE: This option has no effect on netgroup lookups due to their tendency to "
 "include nested netgroups without qualified names. For netgroups, all domains "
@@ -2572,22 +2618,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2114
+#: sssd.conf.5.xml:2172
 msgid "Default: FALSE (TRUE if default_domain_suffix is used)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2120
+#: sssd.conf.5.xml:2178
 msgid "ignore_group_members (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2123
+#: sssd.conf.5.xml:2181
 msgid "Do not return group members for group lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2126
+#: sssd.conf.5.xml:2184
 msgid ""
 "If set to TRUE, the group membership attribute is not requested from the "
 "ldap server, and group members are not returned when processing group lookup "
@@ -2599,7 +2645,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2144
+#: sssd.conf.5.xml:2202
 msgid ""
 "Enabling this option can also make access provider checks for group "
 "membership significantly faster, especially for groups containing many "
@@ -2607,19 +2653,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2155
+#: sssd.conf.5.xml:2213
 msgid "auth_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2158
+#: sssd.conf.5.xml:2216
 msgid ""
 "The authentication provider used for the domain.  Supported auth providers "
 "are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2162 sssd.conf.5.xml:2224
+#: sssd.conf.5.xml:2220 sssd.conf.5.xml:2282
 msgid ""
 "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2627,7 +2673,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2169
+#: sssd.conf.5.xml:2227
 msgid ""
 "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2635,30 +2681,35 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2193
+#: sssd.conf.5.xml:2251
 msgid ""
 "<quote>proxy</quote> for relaying authentication to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2200
+#: sssd.conf.5.xml:2254
+msgid "<quote>local</quote>: SSSD internal provider for local users"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2258
 msgid "<quote>none</quote> disables authentication explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2203
+#: sssd.conf.5.xml:2261
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "authentication requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2209
+#: sssd.conf.5.xml:2267
 msgid "access_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2212
+#: sssd.conf.5.xml:2270
 msgid ""
 "The access control provider used for the domain.  There are two built-in "
 "access providers (in addition to any included in installed backends)  "
@@ -2666,19 +2717,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2218
+#: sssd.conf.5.xml:2276
 msgid ""
 "<quote>permit</quote> always allow access. It's the only permitted access "
 "provider for a local domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2221
+#: sssd.conf.5.xml:2279
 msgid "<quote>deny</quote> always deny access."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2248
+#: sssd.conf.5.xml:2306
 msgid ""
 "<quote>simple</quote> access control based on access or deny lists. See "
 "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -2687,7 +2738,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2255
+#: sssd.conf.5.xml:2313
 msgid ""
 "<quote>krb5</quote>: .k5login based access control.  See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
@@ -2695,29 +2746,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2262
+#: sssd.conf.5.xml:2320
 msgid "<quote>proxy</quote> for relaying access control to another PAM module."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2265
+#: sssd.conf.5.xml:2323
 msgid "Default: <quote>permit</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2270
+#: sssd.conf.5.xml:2328
 msgid "chpass_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2273
+#: sssd.conf.5.xml:2331
 msgid ""
 "The provider which should handle change password operations for the domain.  "
 "Supported change password providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2278
+#: sssd.conf.5.xml:2336
 msgid ""
 "<quote>ldap</quote> to change a password stored in a LDAP server. See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -2725,7 +2776,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2286
+#: sssd.conf.5.xml:2344
 msgid ""
 "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2733,35 +2784,35 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2311
+#: sssd.conf.5.xml:2369
 msgid ""
 "<quote>proxy</quote> for relaying password changes to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2315
+#: sssd.conf.5.xml:2373
 msgid "<quote>none</quote> disallows password changes explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2318
+#: sssd.conf.5.xml:2376
 msgid ""
 "Default: <quote>auth_provider</quote> is used if it is set and can handle "
 "change password requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2325
+#: sssd.conf.5.xml:2383
 msgid "sudo_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2328
+#: sssd.conf.5.xml:2386
 msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2332
+#: sssd.conf.5.xml:2390
 msgid ""
 "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2769,32 +2820,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2340
+#: sssd.conf.5.xml:2398
 msgid ""
 "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2344
+#: sssd.conf.5.xml:2402
 msgid ""
 "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2348
+#: sssd.conf.5.xml:2406
 msgid "<quote>none</quote> disables SUDO explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2351 sssd.conf.5.xml:2437 sssd.conf.5.xml:2507
-#: sssd.conf.5.xml:2532
+#: sssd.conf.5.xml:2409 sssd.conf.5.xml:2495 sssd.conf.5.xml:2565
+#: sssd.conf.5.xml:2590
 msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2355
+#: sssd.conf.5.xml:2413
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -2805,7 +2856,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2370
+#: sssd.conf.5.xml:2428
 msgid ""
 "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the "
 "background unless the sudo provider is explicitly disabled. Set "
@@ -2814,12 +2865,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2380
+#: sssd.conf.5.xml:2438
 msgid "selinux_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2383
+#: sssd.conf.5.xml:2441
 msgid ""
 "The provider which should handle loading of selinux settings. Note that this "
 "provider will be called right after access provider ends.  Supported selinux "
@@ -2827,7 +2878,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2389
+#: sssd.conf.5.xml:2447
 msgid ""
 "<quote>ipa</quote> to load selinux settings from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2835,31 +2886,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2397
+#: sssd.conf.5.xml:2455
 msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2400
+#: sssd.conf.5.xml:2458
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "selinux loading requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2406
+#: sssd.conf.5.xml:2464
 msgid "subdomains_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2409
+#: sssd.conf.5.xml:2467
 msgid ""
 "The provider which should handle fetching of subdomains. This value should "
 "be always the same as id_provider.  Supported subdomain providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2415
+#: sssd.conf.5.xml:2473
 msgid ""
 "<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2867,7 +2918,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2424
+#: sssd.conf.5.xml:2482
 msgid ""
 "<quote>ad</quote> to load a list of subdomains from an Active Directory "
 "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -2876,17 +2927,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2433
+#: sssd.conf.5.xml:2491
 msgid "<quote>none</quote> disallows fetching subdomains explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2443
+#: sssd.conf.5.xml:2501
 msgid "session_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2446
+#: sssd.conf.5.xml:2504
 msgid ""
 "The provider which configures and manages user session related tasks. The "
 "only user session task currently provided is the integration with Fleet "
@@ -2894,43 +2945,43 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2453
+#: sssd.conf.5.xml:2511
 msgid "<quote>ipa</quote> to allow performing user session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2457
+#: sssd.conf.5.xml:2515
 msgid ""
 "<quote>none</quote> does not perform any kind of user session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2461
+#: sssd.conf.5.xml:2519
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can perform "
 "session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2465
+#: sssd.conf.5.xml:2523
 msgid ""
 "<emphasis>NOTE:</emphasis> In order to have this feature working as expected "
 "SSSD must be running as \"root\" and not as the unprivileged user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2473
+#: sssd.conf.5.xml:2531
 msgid "autofs_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2476
+#: sssd.conf.5.xml:2534
 msgid ""
 "The autofs provider used for the domain.  Supported autofs providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2480
+#: sssd.conf.5.xml:2538
 msgid ""
 "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2938,7 +2989,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2487
+#: sssd.conf.5.xml:2545
 msgid ""
 "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
 "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2946,7 +2997,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2495
+#: sssd.conf.5.xml:2553
 msgid ""
 "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2954,24 +3005,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2504
+#: sssd.conf.5.xml:2562
 msgid "<quote>none</quote> disables autofs explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2514
+#: sssd.conf.5.xml:2572
 msgid "hostid_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2517
+#: sssd.conf.5.xml:2575
 msgid ""
 "The provider used for retrieving host identity information.  Supported "
 "hostid providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2521
+#: sssd.conf.5.xml:2579
 msgid ""
 "<quote>ipa</quote> to load host identity stored in an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2979,12 +3030,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2529
+#: sssd.conf.5.xml:2587
 msgid "<quote>none</quote> disables hostid explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2542
+#: sssd.conf.5.xml:2600
 msgid ""
 "Regular expression for this domain that describes how to parse the string "
 "containing user name and domain into these components.  The \"domain\" can "
@@ -2994,7 +3045,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2551
+#: sssd.conf.5.xml:2609
 msgid ""
 "Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
 "\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -3003,29 +3054,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2556
+#: sssd.conf.5.xml:2614
 msgid "username"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2559
+#: sssd.conf.5.xml:2617
 msgid "username@domain.name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2562
+#: sssd.conf.5.xml:2620
 msgid "domain\\username"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2565
+#: sssd.conf.5.xml:2623
 msgid ""
 "While the first two correspond to the general default the third one is "
 "introduced to allow easy integration of users from Windows domains."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2570
+#: sssd.conf.5.xml:2628
 msgid ""
 "Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
 "which translates to \"the name is everything up to the <quote>@</quote> "
@@ -3033,7 +3084,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2576
+#: sssd.conf.5.xml:2634
 msgid ""
 "PLEASE NOTE: the support for non-unique named subpatterns is not available "
 "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -3041,66 +3092,66 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2583
+#: sssd.conf.5.xml:2641
 msgid ""
 "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
 "P&lt;name&gt;) to label subpatterns."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2630
+#: sssd.conf.5.xml:2688
 msgid "Default: <quote>%1$s@%2$s</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2636
+#: sssd.conf.5.xml:2694
 msgid "lookup_family_order (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2639
+#: sssd.conf.5.xml:2697
 msgid ""
 "Provides the ability to select preferred address family to use when "
 "performing DNS lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2643
+#: sssd.conf.5.xml:2701
 msgid "Supported values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2646
+#: sssd.conf.5.xml:2704
 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2649
+#: sssd.conf.5.xml:2707
 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2652
+#: sssd.conf.5.xml:2710
 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2655
+#: sssd.conf.5.xml:2713
 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2658
+#: sssd.conf.5.xml:2716
 msgid "Default: ipv4_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2664
+#: sssd.conf.5.xml:2722
 msgid "dns_resolver_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2667
+#: sssd.conf.5.xml:2725
 msgid ""
 "Defines the amount of time (in seconds) to wait for a reply from the "
 "internal fail over service before assuming that the service is unreachable. "
@@ -3109,77 +3160,77 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2674
+#: sssd.conf.5.xml:2732
 msgid ""
 "Please see the section <quote>FAILOVER</quote> for more information about "
 "the service resolution."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2679 sssd-ldap.5.xml:1396 sssd-ldap.5.xml:1438
+#: sssd.conf.5.xml:2737 sssd-ldap.5.xml:1396 sssd-ldap.5.xml:1438
 #: sssd-ldap.5.xml:1456 sssd-krb5.5.xml:248
 msgid "Default: 6"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2685
+#: sssd.conf.5.xml:2743
 msgid "dns_discovery_domain (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2688
+#: sssd.conf.5.xml:2746
 msgid ""
 "If service discovery is used in the back end, specifies the domain part of "
 "the service discovery DNS query."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2692
+#: sssd.conf.5.xml:2750
 msgid "Default: Use the domain part of machine's hostname"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2698
+#: sssd.conf.5.xml:2756
 msgid "override_gid (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2701
+#: sssd.conf.5.xml:2759
 msgid "Override the primary GID value with the one specified."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2707
+#: sssd.conf.5.xml:2765
 msgid "case_sensitive (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2715
+#: sssd.conf.5.xml:2773
 msgid "True"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2718
+#: sssd.conf.5.xml:2776
 msgid "Case sensitive. This value is invalid for AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2724
+#: sssd.conf.5.xml:2782
 msgid "False"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2726
+#: sssd.conf.5.xml:2784
 msgid "Case insensitive."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2730
+#: sssd.conf.5.xml:2788
 msgid "Preserving"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2733
+#: sssd.conf.5.xml:2791
 msgid ""
 "Same as False (case insensitive), but does not lowercase names in the result "
 "of NSS operations. Note that name aliases (and in case of services also "
@@ -3187,7 +3238,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2710
+#: sssd.conf.5.xml:2768
 msgid ""
 "Treat user and group names as case sensitive. At the moment, this option is "
 "not supported in the local provider. Possible option values are: "
@@ -3195,17 +3246,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2745
+#: sssd.conf.5.xml:2803
 msgid "Default: True (False for AD provider)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2751
+#: sssd.conf.5.xml:2809
 msgid "subdomain_inherit (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2754
+#: sssd.conf.5.xml:2812
 msgid ""
 "Specifies a list of configuration parameters that should be inherited by a "
 "subdomain. Please note that only selected parameters can be inherited.  "
@@ -3213,34 +3264,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2760
+#: sssd.conf.5.xml:2818
 msgid "ignore_group_members"
 msgstr "ignore_group_members"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2763
+#: sssd.conf.5.xml:2821
 msgid "ldap_purge_cache_timeout"
 msgstr "ldap_purge_cache_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2766 sssd-ldap.5.xml:1120
+#: sssd.conf.5.xml:2824 sssd-ldap.5.xml:1120
 msgid "ldap_use_tokengroups"
 msgstr "ldap_use_tokengroups"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2769
+#: sssd.conf.5.xml:2827
 msgid "ldap_user_principal"
 msgstr "ldap_user_principal"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2772
+#: sssd.conf.5.xml:2830
 msgid ""
 "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
 "is not set explicitly)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:2778
+#: sssd.conf.5.xml:2836
 #, no-wrap
 msgid ""
 "subdomain_inherit = ldap_purge_cache_timeout\n"
@@ -3250,32 +3301,32 @@ msgstr ""
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2776 sssd-secrets.5.xml:448
+#: sssd.conf.5.xml:2834 sssd-secrets.5.xml:448
 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr "Esimerkki: <placeholder type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2785
+#: sssd.conf.5.xml:2843
 msgid "Note: This option only works with the IPA and AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2792
+#: sssd.conf.5.xml:2850
 msgid "subdomain_homedir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2803
+#: sssd.conf.5.xml:2861
 msgid "%F"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2804
+#: sssd.conf.5.xml:2862
 msgid "flat (NetBIOS) name of a subdomain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2795
+#: sssd.conf.5.xml:2853
 msgid ""
 "Use this homedir as default value for all subdomains within this domain in "
 "IPA AD trust.  See <emphasis>override_homedir</emphasis> for info about "
@@ -3285,34 +3336,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2809
+#: sssd.conf.5.xml:2867
 msgid ""
 "The value can be overridden by <emphasis>override_homedir</emphasis> option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2813
+#: sssd.conf.5.xml:2871
 msgid "Default: <filename>/home/%d/%u</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2818
+#: sssd.conf.5.xml:2876
 msgid "realmd_tags (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2821
+#: sssd.conf.5.xml:2879
 msgid ""
 "Various tags stored by the realmd configuration service for this domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2827
+#: sssd.conf.5.xml:2885
 msgid "cached_auth_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2830
+#: sssd.conf.5.xml:2888
 msgid ""
 "Specifies time in seconds since last successful online authentication for "
 "which user will be authenticated using cached credentials while SSSD is in "
@@ -3320,12 +3371,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2836
+#: sssd.conf.5.xml:2894
 msgid "Special value 0 implies that this feature is disabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2840
+#: sssd.conf.5.xml:2898
 msgid ""
 "Please note that if <quote>cached_auth_timeout</quote> is longer than "
 "<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -3333,26 +3384,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2851
+#: sssd.conf.5.xml:2909
 msgid "auto_private_groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2854
+#: sssd.conf.5.xml:2912
 msgid ""
 "If this option is enabled, SSSD will automatically create user private "
 "groups based on user's UID number. The GID number is ignored in this case."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2859
+#: sssd.conf.5.xml:2917
 msgid ""
 "For POSIX subdomains, setting the option in the main domain is inherited in "
 "the subdomain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2863
+#: sssd.conf.5.xml:2921
 msgid ""
 "For ID-mapping subdomains, auto_private_groups is already enabled for the "
 "subdomains and setting it to false will not have any effect for the "
@@ -3360,7 +3411,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2868
+#: sssd.conf.5.xml:2926
 msgid ""
 "NOTE: Because the GID number and the user private group are inferred from "
 "the UID number, it is not supported to have multiple entries with the same "
@@ -3369,7 +3420,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1677
+#: sssd.conf.5.xml:1727
 msgid ""
 "These configuration options can be present in a domain configuration "
 "section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -3377,29 +3428,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2887
+#: sssd.conf.5.xml:2945
 msgid "proxy_pam_target (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2890
+#: sssd.conf.5.xml:2948
 msgid "The proxy target PAM proxies to."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2893
+#: sssd.conf.5.xml:2951
 msgid ""
 "Default: not set by default, you have to take an existing pam configuration "
 "or create a new one and add the service name here."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2901
+#: sssd.conf.5.xml:2959
 msgid "proxy_lib_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2904
+#: sssd.conf.5.xml:2962
 msgid ""
 "The name of the NSS library to use in proxy domains. The NSS functions "
 "searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -3407,12 +3458,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2914
+#: sssd.conf.5.xml:2972
 msgid "proxy_fast_alias (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2917
+#: sssd.conf.5.xml:2975
 msgid ""
 "When a user or group is looked up by name in the proxy provider, a second "
 "lookup by ID is performed to \"canonicalize\" the name in case the requested "
@@ -3421,12 +3472,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2931
+#: sssd.conf.5.xml:2989
 msgid "proxy_max_children (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2934
+#: sssd.conf.5.xml:2992
 msgid ""
 "This option specifies the number of pre-forked proxy children. It is useful "
 "for high-load SSSD environments where sssd may run out of available child "
@@ -3434,19 +3485,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2883
+#: sssd.conf.5.xml:2941
 msgid ""
 "Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
 "\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2950
+#: sssd.conf.5.xml:3008
 msgid "Application domains"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2952
+#: sssd.conf.5.xml:3010
 msgid ""
 "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</"
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to "
@@ -3463,7 +3514,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2972
+#: sssd.conf.5.xml:3030
 msgid ""
 "Please note that the application domain must still be explicitly enabled in "
 "the <quote>domains</quote> parameter so that the lookup order between the "
@@ -3471,17 +3522,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:2978
+#: sssd.conf.5.xml:3036
 msgid "Application domain parameters"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2980
+#: sssd.conf.5.xml:3038
 msgid "inherit_from (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2983
+#: sssd.conf.5.xml:3041
 msgid ""
 "The SSSD POSIX-type domain the application domain inherits all settings "
 "from. The application domain can moreover add its own settings to the "
@@ -3490,7 +3541,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2997
+#: sssd.conf.5.xml:3055
 msgid ""
 "The following example illustrates the use of an application domain. In this "
 "setup, the POSIX domain is connected to an LDAP server and is used by the OS "
@@ -3500,7 +3551,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting>
-#: sssd.conf.5.xml:3005
+#: sssd.conf.5.xml:3063
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -3520,12 +3571,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:3023
+#: sssd.conf.5.xml:3081
 msgid "The local domain section"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:3025
+#: sssd.conf.5.xml:3083
 msgid ""
 "This section contains settings for domain that stores users and groups in "
 "SSSD native database, that is, a domain that uses "
@@ -3533,73 +3584,73 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3032
+#: sssd.conf.5.xml:3090
 msgid "default_shell (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3035
+#: sssd.conf.5.xml:3093
 msgid "The default shell for users created with SSSD userspace tools."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3039
+#: sssd.conf.5.xml:3097
 msgid "Default: <filename>/bin/bash</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3044
+#: sssd.conf.5.xml:3102
 msgid "base_directory (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3047
+#: sssd.conf.5.xml:3105
 msgid ""
 "The tools append the login name to <replaceable>base_directory</replaceable> "
 "and use that as the home directory."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3052
+#: sssd.conf.5.xml:3110
 msgid "Default: <filename>/home</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3057
+#: sssd.conf.5.xml:3115
 msgid "create_homedir (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3060
+#: sssd.conf.5.xml:3118
 msgid ""
 "Indicate if a home directory should be created by default for new users.  "
 "Can be overridden on command line."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3064 sssd.conf.5.xml:3076
+#: sssd.conf.5.xml:3122 sssd.conf.5.xml:3134
 msgid "Default: TRUE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3069
+#: sssd.conf.5.xml:3127
 msgid "remove_homedir (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3072
+#: sssd.conf.5.xml:3130
 msgid ""
 "Indicate if a home directory should be removed by default for deleted "
 "users.  Can be overridden on command line."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3081
+#: sssd.conf.5.xml:3139
 msgid "homedir_umask (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3084
+#: sssd.conf.5.xml:3142
 msgid ""
 "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
 "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -3607,17 +3658,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3092
+#: sssd.conf.5.xml:3150
 msgid "Default: 077"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3097
+#: sssd.conf.5.xml:3155
 msgid "skel_dir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3100
+#: sssd.conf.5.xml:3158
 msgid ""
 "The skeleton directory, which contains files and directories to be copied in "
 "the user's home directory, when the home directory is created by "
@@ -3626,17 +3677,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3110
+#: sssd.conf.5.xml:3168
 msgid "Default: <filename>/etc/skel</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3115
+#: sssd.conf.5.xml:3173
 msgid "mail_dir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3118
+#: sssd.conf.5.xml:3176
 msgid ""
 "The mail spool directory. This is needed to manipulate the mailbox when its "
 "corresponding user account is modified or deleted.  If not specified, a "
@@ -3644,17 +3695,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3125
+#: sssd.conf.5.xml:3183
 msgid "Default: <filename>/var/mail</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3130
+#: sssd.conf.5.xml:3188
 msgid "userdel_cmd (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3133
+#: sssd.conf.5.xml:3191
 msgid ""
 "The command that is run after a user is removed.  The command us passed the "
 "username of the user being removed as the first and only parameter. The "
@@ -3662,17 +3713,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3139
+#: sssd.conf.5.xml:3197
 msgid "Default: None, no command is run"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:3149
+#: sssd.conf.5.xml:3207
 msgid "TRUSTED DOMAIN SECTION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3151
+#: sssd.conf.5.xml:3209
 msgid ""
 "Some options used in the domain section can also be used in the trusted "
 "domain section, that is, in a section called <quote>[domain/"
@@ -3683,64 +3734,64 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3158
+#: sssd.conf.5.xml:3216
 msgid "ldap_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3159
+#: sssd.conf.5.xml:3217
 msgid "ldap_user_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3160
+#: sssd.conf.5.xml:3218
 msgid "ldap_group_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3161
+#: sssd.conf.5.xml:3219
 msgid "ldap_netgroup_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3162
+#: sssd.conf.5.xml:3220
 msgid "ldap_service_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3163
+#: sssd.conf.5.xml:3221
 msgid "ad_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3164
+#: sssd.conf.5.xml:3222
 msgid "ad_backup_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3165
+#: sssd.conf.5.xml:3223
 msgid "ad_site,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3166
+#: sssd.conf.5.xml:3224
 msgid "use_fully_qualified_names"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3168
+#: sssd.conf.5.xml:3226
 msgid ""
 "For more details about these options see their individual description in the "
 "manual page."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:3174 idmap_sss.8.xml:43
+#: sssd.conf.5.xml:3232 idmap_sss.8.xml:43
 msgid "EXAMPLES"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:3180
+#: sssd.conf.5.xml:3238
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -3770,7 +3821,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3176
+#: sssd.conf.5.xml:3234
 msgid ""
 "1. The following example shows a typical SSSD config. It does not describe "
 "configuration of the domains themselves - refer to documentation on "
@@ -3779,7 +3830,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:3213
+#: sssd.conf.5.xml:3271
 #, no-wrap
 msgid ""
 "[domain/ipa.com/child.ad.com]\n"
@@ -3787,7 +3838,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3207
+#: sssd.conf.5.xml:3265
 msgid ""
 "2. The following example shows configuration of IPA AD trust where the AD "
 "forest consists of two domains in a parent-child structure.  Suppose IPA "
@@ -3835,7 +3886,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:81 sssd-ad.5.xml:112
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:81 sssd-ad.5.xml:115
 #: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44 sssd-files.5.xml:57
 #: sssd-secrets.5.xml:120 sssd-session-recording.5.xml:58 sssd-kcm.8.xml:139
 msgid "CONFIGURATION OPTIONS"
@@ -3936,7 +3987,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:662 sssd-ad.5.xml:283
+#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:662 sssd-ad.5.xml:286
 #: sss_override.8.xml:137 sss_override.8.xml:234
 msgid "Examples:"
 msgstr ""
@@ -4762,10 +4813,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:855
-#, fuzzy
-#| msgid "Default: not set"
 msgid "Default: rhost"
-msgstr "Oletus: ei asetettu"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:861
@@ -5151,10 +5200,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1248
-#, fuzzy
-#| msgid "Default: false"
 msgid "Default: fqdn"
-msgstr "Oletus:epätosi"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1254
@@ -5163,10 +5210,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1261
-#, fuzzy
-#| msgid "Default: not set"
 msgid "Default: serverHostname"
-msgstr "Oletus: ei asetettu"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1267
@@ -5756,7 +5801,7 @@ msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1853 sssd-ad.5.xml:934
+#: sssd-ldap.5.xml:1853 sssd-ad.5.xml:937
 msgid "Default: 86400 (24 hours)"
 msgstr ""
 
@@ -6300,10 +6345,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:2341 sssd-ifp.5.xml:136
-#, fuzzy
-#| msgid "enum_cache_timeout (integer)"
 msgid "wildcard_limit (integer)"
-msgstr "enum_cache_timeout (integer)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:2344
@@ -6830,8 +6873,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd-ldap.5.xml:2816 sssd-simple.5.xml:131 sssd-ipa.5.xml:736
-#: sssd-ad.5.xml:1038 sssd-krb5.5.xml:570 sss_rpcidmapd.5.xml:98
-#: sssd-files.5.xml:71 sssd-session-recording.5.xml:144
+#: sssd-ad.5.xml:1041 sssd-krb5.5.xml:570 sss_rpcidmapd.5.xml:98
+#: sssd-files.5.xml:103 sssd-session-recording.5.xml:144
 msgid "EXAMPLE"
 msgstr ""
 
@@ -6858,8 +6901,8 @@ msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para>
 #: sssd-ldap.5.xml:2823 sssd-ldap.5.xml:2841 sssd-simple.5.xml:139
-#: sssd-ipa.5.xml:744 sssd-ad.5.xml:1046 sssd-sudo.5.xml:56 sssd-krb5.5.xml:579
-#: sssd-files.5.xml:78 sssd-session-recording.5.xml:150
+#: sssd-ipa.5.xml:744 sssd-ad.5.xml:1049 sssd-sudo.5.xml:56 sssd-krb5.5.xml:579
+#: sssd-files.5.xml:110 sssd-session-recording.5.xml:150
 #: include/ldap_id_mapping.xml:105
 msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
@@ -6894,7 +6937,7 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd-ldap.5.xml:2857 sssd_krb5_locator_plugin.8.xml:61 sssd-simple.5.xml:148
-#: sssd-ad.5.xml:1061 sssd.8.xml:230 sss_seed.8.xml:163
+#: sssd-ad.5.xml:1064 sssd.8.xml:230 sss_seed.8.xml:163
 msgid "NOTES"
 msgstr ""
 
@@ -7305,7 +7348,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:82 sssd-ad.5.xml:113
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:82 sssd-ad.5.xml:116
 msgid ""
 "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
 "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -7402,23 +7445,24 @@ msgstr ""
 msgid ""
 "The rules are processed by priority while the number '0' (zero)  indicates "
 "the highest priority. The higher the number the lower is the priority. A "
-"missing value indicates the lowest priority."
+"missing value indicates the lowest priority. The rules processing is stopped "
+"when a matched rule is found and no further rules are checked."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:50
+#: sss-certmap.5.xml:52
 msgid ""
 "Internally the priority is treated as unsigned 32bit integer, using a "
 "priority value larger than 4294967295 will cause an error."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sss-certmap.5.xml:55
+#: sss-certmap.5.xml:57
 msgid "MATCHING RULE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:57
+#: sss-certmap.5.xml:59
 msgid ""
 "The matching rule is used to select a certificate to which the mapping rule "
 "should be applied. It uses a system similar to the one used by "
@@ -7430,12 +7474,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:69
+#: sss-certmap.5.xml:71
 msgid "&lt;SUBJECT&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:72
+#: sss-certmap.5.xml:74
 msgid ""
 "With this a part or the whole subject name of the certificate can be "
 "matched. For the matching POSIX Extended Regular Expression syntax is used, "
@@ -7443,7 +7487,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:78
+#: sss-certmap.5.xml:80
 msgid ""
 "For the matching the subject name stored in the certificate in DER encoded "
 "ASN.1 is converted into a string according to RFC 4514. This means the most "
@@ -7456,172 +7500,172 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:91
+#: sss-certmap.5.xml:93
 msgid "Example: &lt;SUBJECT&gt;.*,DC=MY,DC=DOMAIN"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:96
+#: sss-certmap.5.xml:98
 msgid "&lt;ISSUER&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:99
+#: sss-certmap.5.xml:101
 msgid ""
 "With this a part or the whole issuer name of the certificate can be matched. "
 "All comments for &lt;SUBJECT&gt; apply her as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:104
+#: sss-certmap.5.xml:106
 msgid "Example: &lt;ISSUER&gt;^CN=My-CA,DC=MY,DC=DOMAIN$"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:109
+#: sss-certmap.5.xml:111
 msgid "&lt;KU&gt;key-usage"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:112
+#: sss-certmap.5.xml:114
 msgid ""
 "This option can be used to specify which key usage values the certificate "
 "should have. The following values can be used in a comma separated list:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:116
+#: sss-certmap.5.xml:118
 msgid "digitalSignature"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:117
+#: sss-certmap.5.xml:119
 msgid "nonRepudiation"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:118
+#: sss-certmap.5.xml:120
 msgid "keyEncipherment"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:119
+#: sss-certmap.5.xml:121
 msgid "dataEncipherment"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:120
+#: sss-certmap.5.xml:122
 msgid "keyAgreement"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:121
+#: sss-certmap.5.xml:123
 msgid "keyCertSign"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:122
+#: sss-certmap.5.xml:124
 msgid "cRLSign"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:123
+#: sss-certmap.5.xml:125
 msgid "encipherOnly"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:124
+#: sss-certmap.5.xml:126
 msgid "decipherOnly"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:128
+#: sss-certmap.5.xml:130
 msgid ""
 "A numerical value in the range of a 32bit unsigned integer can be used as "
 "well to cover special use cases."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:132
+#: sss-certmap.5.xml:134
 msgid "Example: &lt;KU&gt;digitalSignature,keyEncipherment"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:137
+#: sss-certmap.5.xml:139
 msgid "&lt;EKU&gt;extended-key-usage"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:140
+#: sss-certmap.5.xml:142
 msgid ""
 "This option can be used to specify which extended key usage the certificate "
 "should have. The following value can be used in a comma separated list:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:144
+#: sss-certmap.5.xml:146
 msgid "serverAuth"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:145
+#: sss-certmap.5.xml:147
 msgid "clientAuth"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:146
+#: sss-certmap.5.xml:148
 msgid "codeSigning"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:147
+#: sss-certmap.5.xml:149
 msgid "emailProtection"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:148
+#: sss-certmap.5.xml:150
 msgid "timeStamping"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:149
+#: sss-certmap.5.xml:151
 msgid "OCSPSigning"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:150
+#: sss-certmap.5.xml:152
 msgid "KPClientAuth"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:151
+#: sss-certmap.5.xml:153
 msgid "pkinit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:152
+#: sss-certmap.5.xml:154
 msgid "msScLogin"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:156
+#: sss-certmap.5.xml:158
 msgid ""
 "Extended key usages which are not listed above can be specified with their "
 "OID in dotted-decimal notation."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:160
+#: sss-certmap.5.xml:162
 msgid "Example: &lt;EKU&gt;clientAuth,1.3.6.1.5.2.3.4"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:165
+#: sss-certmap.5.xml:167
 msgid "&lt;SAN&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:168
+#: sss-certmap.5.xml:170
 msgid ""
 "To be compatible with the usage of MIT Kerberos this option will match the "
 "Kerberos principals in the PKINIT or AD NT Principal SAN as &lt;SAN:"
@@ -7629,62 +7673,62 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:173
+#: sss-certmap.5.xml:175
 msgid "Example: &lt;SAN&gt;.*@MY\\.REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:178
+#: sss-certmap.5.xml:180
 msgid "&lt;SAN:Principal&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:181
+#: sss-certmap.5.xml:183
 msgid "Match the Kerberos principals in the PKINIT or AD NT Principal SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:185
+#: sss-certmap.5.xml:187
 msgid "Example: &lt;SAN:Principal&gt;.*@MY\\.REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:190
+#: sss-certmap.5.xml:192
 msgid "&lt;SAN:ntPrincipalName&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:193
+#: sss-certmap.5.xml:195
 msgid "Match the Kerberos principals from the AD NT Principal SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:197
+#: sss-certmap.5.xml:199
 msgid "Example: &lt;SAN:ntPrincipalName&gt;.*@MY.AD.REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:202
+#: sss-certmap.5.xml:204
 msgid "&lt;SAN:pkinit&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:205
+#: sss-certmap.5.xml:207
 msgid "Match the Kerberos principals from the PKINIT SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:208
+#: sss-certmap.5.xml:210
 msgid "Example: &lt;SAN:ntPrincipalName&gt;.*@MY\\.PKINIT\\.REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:213
+#: sss-certmap.5.xml:215
 msgid "&lt;SAN:dotted-decimal-oid&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:216
+#: sss-certmap.5.xml:218
 msgid ""
 "Take the value of the otherName SAN component given by the OID in dotted-"
 "decimal notation, interpret it as string and try to match it against the "
@@ -7692,17 +7736,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:222
+#: sss-certmap.5.xml:224
 msgid "Example: &lt;SAN:1.2.3.4&gt;test"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:227
+#: sss-certmap.5.xml:229
 msgid "&lt;SAN:otherName&gt;base64-string"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:230
+#: sss-certmap.5.xml:232
 msgid ""
 "Do a binary match with the base64 encoded blob against all otherName SAN "
 "components. With this option it is possible to match against custom "
@@ -7711,145 +7755,145 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:237
+#: sss-certmap.5.xml:239
 msgid "Example: &lt;SAN:otherName&gt;MTIz"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:242
+#: sss-certmap.5.xml:244
 msgid "&lt;SAN:rfc822Name&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:245
+#: sss-certmap.5.xml:247
 msgid "Match the value of the rfc822Name SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:248
+#: sss-certmap.5.xml:250
 msgid "Example: &lt;SAN:rfc822Name&gt;.*@email\\.domain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:253
+#: sss-certmap.5.xml:255
 msgid "&lt;SAN:dNSName&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:256
+#: sss-certmap.5.xml:258
 msgid "Match the value of the dNSName SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:259
+#: sss-certmap.5.xml:261
 msgid "Example: &lt;SAN:dNSName&gt;.*\\.my\\.dns\\.domain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:264
+#: sss-certmap.5.xml:266
 msgid "&lt;SAN:x400Address&gt;base64-string"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:267
+#: sss-certmap.5.xml:269
 msgid "Binary match the value of the x400Address SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:270
+#: sss-certmap.5.xml:272
 msgid "Example: &lt;SAN:x400Address&gt;MTIz"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:275
+#: sss-certmap.5.xml:277
 msgid "&lt;SAN:directoryName&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:278
+#: sss-certmap.5.xml:280
 msgid ""
 "Match the value of the directoryName SAN. The same comments as given for &lt;"
 "ISSUER&gt; and &lt;SUBJECT&gt; apply here as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:283
+#: sss-certmap.5.xml:285
 msgid "Example: &lt;SAN:directoryName&gt;.*,DC=com"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:288
+#: sss-certmap.5.xml:290
 msgid "&lt;SAN:ediPartyName&gt;base64-string"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:291
+#: sss-certmap.5.xml:293
 msgid "Binary match the value of the ediPartyName SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:294
+#: sss-certmap.5.xml:296
 msgid "Example: &lt;SAN:ediPartyName&gt;MTIz"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:299
+#: sss-certmap.5.xml:301
 msgid "&lt;SAN:uniformResourceIdentifier&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:302
+#: sss-certmap.5.xml:304
 msgid "Match the value of the uniformResourceIdentifier SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:305
+#: sss-certmap.5.xml:307
 msgid "Example: &lt;SAN:uniformResourceIdentifier&gt;URN:.*"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:310
+#: sss-certmap.5.xml:312
 msgid "&lt;SAN:iPAddress&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:313
+#: sss-certmap.5.xml:315
 msgid "Match the value of the iPAddress SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:316
+#: sss-certmap.5.xml:318
 msgid "Example: &lt;SAN:iPAddress&gt;192\\.168\\..*"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:321
+#: sss-certmap.5.xml:323
 msgid "&lt;SAN:registeredID&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:324
+#: sss-certmap.5.xml:326
 msgid "Match the value of the registeredID SAN as dotted-decimal string."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:328
+#: sss-certmap.5.xml:330
 msgid "Example: &lt;SAN:registeredID&gt;1\\.2\\.3\\..*"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:66
+#: sss-certmap.5.xml:68
 msgid ""
 "The available options are: <placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sss-certmap.5.xml:336
+#: sss-certmap.5.xml:338
 msgid "MAPPING RULE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:338
+#: sss-certmap.5.xml:340
 msgid ""
 "The mapping rule is used to associate a certificate with one or more "
 "accounts. A Smartcard with the certificate and the matching private key can "
@@ -7857,7 +7901,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:343
+#: sss-certmap.5.xml:345
 msgid ""
 "Currently SSSD basically only supports LDAP to lookup user information (the "
 "exception is the proxy provider which is not of relevance here). Because of "
@@ -7869,7 +7913,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:353
+#: sss-certmap.5.xml:355
 msgid ""
 "In general it is recommended to use attributes from the certificate and add "
 "them to special attributes to the LDAP user object. E.g. the "
@@ -7878,7 +7922,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:359
+#: sss-certmap.5.xml:361
 msgid ""
 "This should be preferred to read user specific data from the certificate "
 "like e.g. an email address and search for it in the LDAP server. The reason "
@@ -7888,12 +7932,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:374
+#: sss-certmap.5.xml:376
 msgid "{issuer_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:377
+#: sss-certmap.5.xml:379
 msgid ""
 "This template will add the full issuer DN converted to a string according to "
 "RFC 4514. If X.500 ordering (most specific RDN comes last) an option with "
@@ -7901,40 +7945,40 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:383 sss-certmap.5.xml:409
+#: sss-certmap.5.xml:385 sss-certmap.5.xml:411
 msgid ""
 "The conversion options starting with 'ad_' will use attribute names as used "
 "by AD, e.g. 'S' instead of 'ST'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:387 sss-certmap.5.xml:413
+#: sss-certmap.5.xml:389 sss-certmap.5.xml:415
 msgid ""
 "The conversion options starting with 'nss_' will use attribute names as used "
 "by NSS."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:391 sss-certmap.5.xml:417
+#: sss-certmap.5.xml:393 sss-certmap.5.xml:419
 msgid ""
 "The default conversion option is 'nss', i.e. attribute names according to "
 "NSS and LDAP/RFC 4514 ordering."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:395
+#: sss-certmap.5.xml:397
 msgid ""
 "Example: (ipacertmapdata=X509:&lt;I&gt;{issuer_dn!ad}&lt;S&gt;{subject_dn!"
 "ad})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:400
+#: sss-certmap.5.xml:402
 msgid "{subject_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:403
+#: sss-certmap.5.xml:405
 msgid ""
 "This template will add the full subject DN converted to string according to "
 "RFC 4514. If X.500 ordering (most specific RDN comes last) an option with "
@@ -7942,19 +7986,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:421
+#: sss-certmap.5.xml:423
 msgid ""
 "Example: (ipacertmapdata=X509:&lt;I&gt;{issuer_dn!nss_x500}&lt;S&gt;"
 "{subject_dn!nss_x500})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:426
+#: sss-certmap.5.xml:428
 msgid "{cert[!(bin|base64)]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:429
+#: sss-certmap.5.xml:431
 msgid ""
 "This template will add the whole DER encoded certificate as a string to the "
 "search filter. Depending on the conversion option the binary certificate is "
@@ -7964,17 +8008,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:437
+#: sss-certmap.5.xml:439
 msgid "Example: (userCertificate;binary={cert!bin})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:442
+#: sss-certmap.5.xml:444
 msgid "{subject_principal[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:445
+#: sss-certmap.5.xml:447
 msgid ""
 "This template will add the Kerberos principal which is taken either from the "
 "SAN used by pkinit or the one used by AD. The 'short_name' component "
@@ -7982,19 +8026,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:451 sss-certmap.5.xml:479
+#: sss-certmap.5.xml:453 sss-certmap.5.xml:481
 msgid ""
 "Example: (|(userPrincipal={subject_principal})"
 "(samAccountName={subject_principal.short_name}))"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:456
+#: sss-certmap.5.xml:458
 msgid "{subject_pkinit_principal[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:459
+#: sss-certmap.5.xml:461
 msgid ""
 "This template will add the Kerberos principal which is given by the SAN used "
 "by pkinit. The 'short_name' component represents the first part of the "
@@ -8002,19 +8046,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:465
+#: sss-certmap.5.xml:467
 msgid ""
 "Example: (|(userPrincipal={subject_pkinit_principal})"
 "(uid={subject_pkinit_principal.short_name}))"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:470
+#: sss-certmap.5.xml:472
 msgid "{subject_nt_principal[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:473
+#: sss-certmap.5.xml:475
 msgid ""
 "This template will add the Kerberos principal which is given by the SAN used "
 "by AD. The 'short_name' component represent the first part of the principal "
@@ -8022,12 +8066,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:484
+#: sss-certmap.5.xml:486
 msgid "{subject_rfc822_name[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:487
+#: sss-certmap.5.xml:489
 msgid ""
 "This template will add the string which is stored in the rfc822Name "
 "component of the SAN, typically an email address. The 'short_name' component "
@@ -8035,19 +8079,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:493
+#: sss-certmap.5.xml:495
 msgid ""
 "Example: (|(mail={subject_rfc822_name})(uid={subject_rfc822_name."
 "short_name}))"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:498
+#: sss-certmap.5.xml:500
 msgid "{subject_dns_name[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:501
+#: sss-certmap.5.xml:503
 msgid ""
 "This template will add the string which is stored in the dNSName component "
 "of the SAN, typically a fully-qualified host name.  The 'short_name' "
@@ -8055,116 +8099,116 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:507
+#: sss-certmap.5.xml:509
 msgid ""
 "Example: (|(fqdn={subject_dns_name})(host={subject_dns_name.short_name}))"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:512
+#: sss-certmap.5.xml:514
 msgid "{subject_uri}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:515
+#: sss-certmap.5.xml:517
 msgid ""
 "This template will add the string which is stored in the "
 "uniformResourceIdentifier component of the SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:519
+#: sss-certmap.5.xml:521
 msgid "Example: (uri={subject_uri})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:524
+#: sss-certmap.5.xml:526
 msgid "{subject_ip_address}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:527
+#: sss-certmap.5.xml:529
 msgid ""
 "This template will add the string which is stored in the iPAddress component "
 "of the SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:531
+#: sss-certmap.5.xml:533
 msgid "Example: (ip={subject_ip_address})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:536
+#: sss-certmap.5.xml:538
 msgid "{subject_x400_address}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:539
+#: sss-certmap.5.xml:541
 msgid ""
 "This template will add the value which is stored in the x400Address "
 "component of the SAN as escaped hex sequence."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:544
+#: sss-certmap.5.xml:546
 msgid "Example: (attr:binary={subject_x400_address})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:549
+#: sss-certmap.5.xml:551
 msgid ""
 "{subject_directory_name[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:552
+#: sss-certmap.5.xml:554
 msgid ""
 "This template will add the DN string of the value which is stored in the "
 "directoryName component of the SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:556
+#: sss-certmap.5.xml:558
 msgid "Example: (orig_dn={subject_directory_name})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:561
+#: sss-certmap.5.xml:563
 msgid "{subject_ediparty_name}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:564
+#: sss-certmap.5.xml:566
 msgid ""
 "This template will add the value which is stored in the ediPartyName "
 "component of the SAN as escaped hex sequence."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:569
+#: sss-certmap.5.xml:571
 msgid "Example: (attr:binary={subject_ediparty_name})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:574
+#: sss-certmap.5.xml:576
 msgid "{subject_registered_id}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:577
+#: sss-certmap.5.xml:579
 msgid ""
 "This template will add the OID which is stored in the registeredID component "
 "of the SAN as a dotted-decimal string."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:582
+#: sss-certmap.5.xml:584
 msgid "Example: (oid={subject_registered_id})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:367
+#: sss-certmap.5.xml:369
 msgid ""
 "The templates to add certificate data to the search filter are based on "
 "Python-style formatting strings. They consist of a keyword in curly braces "
@@ -8174,12 +8218,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sss-certmap.5.xml:590
+#: sss-certmap.5.xml:592
 msgid "DOMAIN LIST"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:592
+#: sss-certmap.5.xml:594
 msgid ""
 "If the domain list is not empty users mapped to a given certificate are not "
 "only searched in the local domain but in the listed domains as well as long "
@@ -8300,7 +8344,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:863
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:866
 msgid "dyndns_update (boolean)"
 msgstr ""
 
@@ -8315,7 +8359,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:140 sssd-ad.5.xml:877
+#: sssd-ipa.5.xml:140 sssd-ad.5.xml:880
 msgid ""
 "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
 "the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -8330,12 +8374,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:157 sssd-ad.5.xml:888
+#: sssd-ipa.5.xml:157 sssd-ad.5.xml:891
 msgid "dyndns_ttl (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:160 sssd-ad.5.xml:891
+#: sssd-ipa.5.xml:160 sssd-ad.5.xml:894
 msgid ""
 "The TTL to apply to the client DNS record when updating it.  If "
 "dyndns_update is false this has no effect. This will override the TTL "
@@ -8356,12 +8400,12 @@ msgid "Default: 1200 (seconds)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:177 sssd-ad.5.xml:902
+#: sssd-ipa.5.xml:177 sssd-ad.5.xml:905
 msgid "dyndns_iface (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:180 sssd-ad.5.xml:905
+#: sssd-ipa.5.xml:180 sssd-ad.5.xml:908
 msgid ""
 "Optional. Applicable only when dyndns_update is true. Choose the interface "
 "or a list of interfaces whose IP addresses should be used for dynamic DNS "
@@ -8385,17 +8429,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:197 sssd-ad.5.xml:916
+#: sssd-ipa.5.xml:197 sssd-ad.5.xml:919
 msgid "Example: dyndns_iface = em1, vnet1, vnet2"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:203 sssd-ad.5.xml:967
+#: sssd-ipa.5.xml:203 sssd-ad.5.xml:970
 msgid "dyndns_auth (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:206 sssd-ad.5.xml:970
+#: sssd-ipa.5.xml:206 sssd-ad.5.xml:973
 msgid ""
 "Whether the nsupdate utility should use GSS-TSIG authentication for secure "
 "updates with the DNS server, insecure updates can be sent by setting this "
@@ -8403,7 +8447,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:212 sssd-ad.5.xml:976
+#: sssd-ipa.5.xml:212 sssd-ad.5.xml:979
 msgid "Default: GSS-TSIG"
 msgstr ""
 
@@ -8413,7 +8457,7 @@ msgid "ipa_enable_dns_sites (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:221 sssd-ad.5.xml:210
+#: sssd-ipa.5.xml:221 sssd-ad.5.xml:213
 msgid "Enables DNS sites - location based service discovery."
 msgstr ""
 
@@ -8430,7 +8474,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:244 sssd-ad.5.xml:922
+#: sssd-ipa.5.xml:244 sssd-ad.5.xml:925
 msgid "dyndns_refresh_interval (integer)"
 msgstr ""
 
@@ -8443,12 +8487,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:940
+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:943
 msgid "dyndns_update_ptr (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:263 sssd-ad.5.xml:943
+#: sssd-ipa.5.xml:263 sssd-ad.5.xml:946
 msgid ""
 "Whether the PTR record should also be explicitly updated when updating the "
 "client's DNS records.  Applicable only when dyndns_update is true."
@@ -8467,50 +8511,50 @@ msgid "Default: False (disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:280 sssd-ad.5.xml:954
+#: sssd-ipa.5.xml:280 sssd-ad.5.xml:957
 msgid "dyndns_force_tcp (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:283 sssd-ad.5.xml:957
+#: sssd-ipa.5.xml:283 sssd-ad.5.xml:960
 msgid ""
 "Whether the nsupdate utility should default to using TCP for communicating "
 "with the DNS server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:287 sssd-ad.5.xml:961
+#: sssd-ipa.5.xml:287 sssd-ad.5.xml:964
 msgid "Default: False (let nsupdate choose the protocol)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:293 sssd-ad.5.xml:982
+#: sssd-ipa.5.xml:293 sssd-ad.5.xml:985
 msgid "dyndns_server (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:296 sssd-ad.5.xml:985
+#: sssd-ipa.5.xml:296 sssd-ad.5.xml:988
 msgid ""
 "The DNS server to use when performing a DNS update. In most setups, it's "
 "recommended to leave this option unset."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:301 sssd-ad.5.xml:990
+#: sssd-ipa.5.xml:301 sssd-ad.5.xml:993
 msgid ""
 "Setting this option makes sense for environments where the DNS server is "
 "different from the identity server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:306 sssd-ad.5.xml:995
+#: sssd-ipa.5.xml:306 sssd-ad.5.xml:998
 msgid ""
 "Please note that this option will be only used in fallback attempt when "
 "previous attempt using autodetected settings failed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1000
+#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1003
 msgid "Default: None (let nsupdate choose the server)"
 msgstr ""
 
@@ -8621,26 +8665,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:443 sssd-ad.5.xml:1009
+#: sssd-ipa.5.xml:443 sssd-ad.5.xml:1012
 msgid "krb5_confd_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:446 sssd-ad.5.xml:1012
+#: sssd-ipa.5.xml:446 sssd-ad.5.xml:1015
 msgid ""
 "Absolute path of a directory where SSSD should place Kerberos configuration "
 "snippets."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:450 sssd-ad.5.xml:1016
+#: sssd-ipa.5.xml:450 sssd-ad.5.xml:1019
 msgid ""
 "To disable the creation of the configuration snippets set the parameter to "
 "'none'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454 sssd-ad.5.xml:1020
+#: sssd-ipa.5.xml:454 sssd-ad.5.xml:1023
 msgid ""
 "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
 msgstr ""
@@ -8659,7 +8703,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471 sssd-ipa.5.xml:501 sssd-ipa.5.xml:517 sssd-ad.5.xml:428
+#: sssd-ipa.5.xml:471 sssd-ipa.5.xml:501 sssd-ipa.5.xml:517 sssd-ad.5.xml:431
 msgid "Default: 5 (seconds)"
 msgstr ""
 
@@ -8677,10 +8721,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:485
-#, fuzzy
-#| msgid "Default: not set"
 msgid "Default: 60 (minutes)"
-msgstr "Oletus: ei asetettu"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:491
@@ -9081,11 +9123,13 @@ msgid ""
 "POSIX attributes are not replicated to the Global Catalog, SSSD must search "
 "all the domains in the forest sequentially. Please note that the "
 "<quote>cache_first</quote> option might be also helpful in speeding up "
-"domainless searches."
+"domainless searches.  Note that if only a subset of POSIX attributes is "
+"present in the Global Catalog, the non-replicated attributes are currently "
+"not read from the LDAP port."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:105
+#: sssd-ad.5.xml:108
 msgid ""
 "Users, groups and other entities served by SSSD are always treated as case-"
 "insensitive in the AD provider for compatibility with Active Directory's "
@@ -9093,38 +9137,38 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:120
+#: sssd-ad.5.xml:123
 msgid "ad_domain (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:123
+#: sssd-ad.5.xml:126
 msgid ""
 "Specifies the name of the Active Directory domain.  This is optional. If not "
 "provided, the configuration domain name is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:128
+#: sssd-ad.5.xml:131
 msgid ""
 "For proper operation, this option should be specified as the lower-case "
 "version of the long version of the Active Directory domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:133
+#: sssd-ad.5.xml:136
 msgid ""
 "The short domain name (also known as the NetBIOS or the flat name) is "
 "autodetected by the SSSD."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:140
+#: sssd-ad.5.xml:143
 msgid "ad_enabled_domains (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:143
+#: sssd-ad.5.xml:146
 msgid ""
 "A comma-separated list of enabled Active Directory domains.  If provided, "
 "SSSD will ignore any domains not listed in this option. If left unset, all "
@@ -9132,7 +9176,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:153
+#: sssd-ad.5.xml:156
 #, no-wrap
 msgid ""
 "ad_enabled_domains = sales.example.com, eng.example.com\n"
@@ -9140,7 +9184,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:149
+#: sssd-ad.5.xml:152
 msgid ""
 "For proper operation, this option must be specified in all lower-case and as "
 "the fully qualified domain name of the Active Directory domain. For example: "
@@ -9148,19 +9192,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:157
+#: sssd-ad.5.xml:160
 msgid ""
 "The short domain name (also known as the NetBIOS or the flat name) will be "
 "autodetected by SSSD."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:167
+#: sssd-ad.5.xml:170
 msgid "ad_server, ad_backup_server (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:170
+#: sssd-ad.5.xml:173
 msgid ""
 "The comma-separated list of hostnames of the AD servers to which SSSD should "
 "connect in order of preference. For more information on failover and server "
@@ -9168,26 +9212,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:177
+#: sssd-ad.5.xml:180
 msgid ""
 "This is optional if autodiscovery is enabled.  For more information on "
 "service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:182
+#: sssd-ad.5.xml:185
 msgid ""
 "Note: Trusted domains will always auto-discover servers even if the primary "
 "server is explicitly defined in the ad_server option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:190
+#: sssd-ad.5.xml:193
 msgid "ad_hostname (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:193
+#: sssd-ad.5.xml:196
 msgid ""
 "Optional. May be set on machines where the hostname(5) does not reflect the "
 "fully qualified name used in the Active Directory domain to identify this "
@@ -9195,19 +9239,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:199
+#: sssd-ad.5.xml:202
 msgid ""
 "This field is used to determine the host principal in use in the keytab. It "
 "must match the hostname for which the keytab was issued."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:207
+#: sssd-ad.5.xml:210
 msgid "ad_enable_dns_sites (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:214
+#: sssd-ad.5.xml:217
 msgid ""
 "If true and service discovery (see Service Discovery paragraph at the bottom "
 "of the man page)  is enabled, the SSSD will first attempt to discover the "
@@ -9218,12 +9262,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:230
+#: sssd-ad.5.xml:233
 msgid "ad_access_filter (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:233
+#: sssd-ad.5.xml:236
 msgid ""
 "This option specifies LDAP access control filter that the user must match in "
 "order to be allowed access. Please note that the <quote>access_provider</"
@@ -9232,7 +9276,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:241
+#: sssd-ad.5.xml:244
 msgid ""
 "The option also supports specifying different filters per domain or forest. "
 "This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>.  "
@@ -9241,7 +9285,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:249
+#: sssd-ad.5.xml:252
 msgid ""
 "If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</"
 "quote> specifies the domain or subdomain the filter applies to.  If the "
@@ -9250,14 +9294,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:257
+#: sssd-ad.5.xml:260
 msgid ""
 "Multiple filters can be separated with the <quote>?</quote> character, "
 "similarly to how search bases work."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:262
+#: sssd-ad.5.xml:265
 msgid ""
 "Nested group membership must be searched for using a special OID "
 "<quote>:1.2.840.113556.1.4.1941:</quote> in addition to the full DOM:domain."
@@ -9270,7 +9314,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:275
+#: sssd-ad.5.xml:278
 msgid ""
 "The most specific match is always used. For example, if the option specified "
 "filter for a domain the user is a member of and a global filter, the per-"
@@ -9279,7 +9323,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ad.5.xml:286
+#: sssd-ad.5.xml:289
 #, no-wrap
 msgid ""
 "# apply filter on domain called dom1 only:\n"
@@ -9297,24 +9341,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:305
+#: sssd-ad.5.xml:308
 msgid "ad_site (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:308
+#: sssd-ad.5.xml:311
 msgid ""
 "Specify AD site to which client should try to connect.  If this option is "
 "not provided, the AD site will be auto-discovered."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:319
+#: sssd-ad.5.xml:322
 msgid "ad_enable_gc (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:322
+#: sssd-ad.5.xml:325
 msgid ""
 "By default, the SSSD connects to the Global Catalog first to retrieve users "
 "from trusted domains and uses the LDAP port to retrieve group memberships or "
@@ -9323,7 +9367,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:330
+#: sssd-ad.5.xml:333
 msgid ""
 "Please note that disabling Global Catalog support does not disable "
 "retrieving users from trusted domains. The SSSD would connect to the LDAP "
@@ -9332,12 +9376,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:344
+#: sssd-ad.5.xml:347
 msgid "ad_gpo_access_control (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:347
+#: sssd-ad.5.xml:350
 msgid ""
 "This option specifies the operation mode for GPO-based access control "
 "functionality: whether it operates in disabled mode, enforcing mode, or "
@@ -9347,14 +9391,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:356
+#: sssd-ad.5.xml:359
 msgid ""
 "GPO-based access control functionality uses GPO policy settings to determine "
 "whether or not a particular user is allowed to logon to a particular host."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:362
+#: sssd-ad.5.xml:365
 msgid ""
 "NOTE: The current version of SSSD does not support host (computer) entries "
 "in the GPO 'Security Filtering' list. Only user and group entries are "
@@ -9362,7 +9406,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:369
+#: sssd-ad.5.xml:372
 msgid ""
 "NOTE: If the operation mode is set to enforcing, it is possible that users "
 "that were previously allowed logon access will now be denied logon access "
@@ -9375,23 +9419,23 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:382
+#: sssd-ad.5.xml:385
 msgid "There are three supported values for this option:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:386
+#: sssd-ad.5.xml:389
 msgid ""
 "disabled: GPO-based access control rules are neither evaluated nor enforced."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:392
+#: sssd-ad.5.xml:395
 msgid "enforcing: GPO-based access control rules are evaluated and enforced."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:398
+#: sssd-ad.5.xml:401
 msgid ""
 "permissive: GPO-based access control rules are evaluated, but not enforced.  "
 "Instead, a syslog message will be emitted indicating that the user would "
@@ -9399,22 +9443,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:409
+#: sssd-ad.5.xml:412
 msgid "Default: permissive"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:412
+#: sssd-ad.5.xml:415
 msgid "Default: enforcing"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:418
+#: sssd-ad.5.xml:421
 msgid "ad_gpo_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:421
+#: sssd-ad.5.xml:424
 msgid ""
 "The amount of time between lookups of GPO policy files against the AD "
 "server. This will reduce the latency and load on the AD server if there are "
@@ -9422,12 +9466,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:434
+#: sssd-ad.5.xml:437
 msgid "ad_gpo_map_interactive (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:437
+#: sssd-ad.5.xml:440
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the InteractiveLogonRight and "
@@ -9435,14 +9479,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:443
+#: sssd-ad.5.xml:446
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Allow "
 "log on locally\" and \"Deny log on locally\"."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:457
+#: sssd-ad.5.xml:460
 #, no-wrap
 msgid ""
 "ad_gpo_map_interactive = +my_pam_service, -login\n"
@@ -9450,7 +9494,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:448
+#: sssd-ad.5.xml:451
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -9462,78 +9506,78 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:461 sssd-ad.5.xml:557 sssd-ad.5.xml:603 sssd-ad.5.xml:648
-#: sssd-ad.5.xml:714
+#: sssd-ad.5.xml:464 sssd-ad.5.xml:560 sssd-ad.5.xml:606 sssd-ad.5.xml:651
+#: sssd-ad.5.xml:717
 msgid "Default: the default set of PAM service names includes:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:465
+#: sssd-ad.5.xml:468
 msgid "login"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:470
+#: sssd-ad.5.xml:473
 msgid "su"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:475
+#: sssd-ad.5.xml:478
 msgid "su-l"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:480
+#: sssd-ad.5.xml:483
 msgid "gdm-fingerprint"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:485
+#: sssd-ad.5.xml:488
 msgid "gdm-password"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:490
+#: sssd-ad.5.xml:493
 msgid "gdm-smartcard"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:495
+#: sssd-ad.5.xml:498
 msgid "kdm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:500
+#: sssd-ad.5.xml:503
 msgid "lightdm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:505
+#: sssd-ad.5.xml:508
 msgid "lxdm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:510
+#: sssd-ad.5.xml:513
 msgid "sddm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:515
+#: sssd-ad.5.xml:518
 msgid "unity"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:520
+#: sssd-ad.5.xml:523
 msgid "xdm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:529
+#: sssd-ad.5.xml:532
 msgid "ad_gpo_map_remote_interactive (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:532
+#: sssd-ad.5.xml:535
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the RemoteInteractiveLogonRight and "
@@ -9541,7 +9585,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:538
+#: sssd-ad.5.xml:541
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Allow "
 "log on through Remote Desktop Services\" and \"Deny log on through Remote "
@@ -9549,7 +9593,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:553
+#: sssd-ad.5.xml:556
 #, no-wrap
 msgid ""
 "ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n"
@@ -9557,7 +9601,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:544
+#: sssd-ad.5.xml:547
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -9569,22 +9613,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:561
+#: sssd-ad.5.xml:564
 msgid "sshd"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:566
+#: sssd-ad.5.xml:569
 msgid "cockpit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:575
+#: sssd-ad.5.xml:578
 msgid "ad_gpo_map_network (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:578
+#: sssd-ad.5.xml:581
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the NetworkLogonRight and "
@@ -9592,7 +9636,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:584
+#: sssd-ad.5.xml:587
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Access "
 "this computer from the network\" and \"Deny access to this computer from the "
@@ -9600,7 +9644,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:599
+#: sssd-ad.5.xml:602
 #, no-wrap
 msgid ""
 "ad_gpo_map_network = +my_pam_service, -ftp\n"
@@ -9608,7 +9652,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:590
+#: sssd-ad.5.xml:593
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -9620,22 +9664,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:607
+#: sssd-ad.5.xml:610
 msgid "ftp"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:612
+#: sssd-ad.5.xml:615
 msgid "samba"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:621
+#: sssd-ad.5.xml:624
 msgid "ad_gpo_map_batch (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:624
+#: sssd-ad.5.xml:627
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the BatchLogonRight and DenyBatchLogonRight "
@@ -9643,14 +9687,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:630
+#: sssd-ad.5.xml:633
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Allow "
 "log on as a batch job\" and \"Deny log on as a batch job\"."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:644
+#: sssd-ad.5.xml:647
 #, no-wrap
 msgid ""
 "ad_gpo_map_batch = +my_pam_service, -crond\n"
@@ -9658,7 +9702,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:635
+#: sssd-ad.5.xml:638
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -9670,17 +9714,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:652
+#: sssd-ad.5.xml:655
 msgid "crond"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:661
+#: sssd-ad.5.xml:664
 msgid "ad_gpo_map_service (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:664
+#: sssd-ad.5.xml:667
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the ServiceLogonRight and "
@@ -9688,14 +9732,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:670
+#: sssd-ad.5.xml:673
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Allow "
 "log on as a service\" and \"Deny log on as a service\"."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:683
+#: sssd-ad.5.xml:686
 #, no-wrap
 msgid ""
 "ad_gpo_map_service = +my_pam_service\n"
@@ -9703,7 +9747,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:675 sssd-ad.5.xml:750
+#: sssd-ad.5.xml:678 sssd-ad.5.xml:753
 msgid ""
 "It is possible to add a PAM service name to the default set by using <quote>"
 "+service_name</quote>.  Since the default set is empty, it is not possible "
@@ -9714,19 +9758,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:693
+#: sssd-ad.5.xml:696
 msgid "ad_gpo_map_permit (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:696
+#: sssd-ad.5.xml:699
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access is "
 "always granted, regardless of any GPO Logon Rights."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:710
+#: sssd-ad.5.xml:713
 #, no-wrap
 msgid ""
 "ad_gpo_map_permit = +my_pam_service, -sudo\n"
@@ -9734,7 +9778,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:701
+#: sssd-ad.5.xml:704
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -9746,39 +9790,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:718
+#: sssd-ad.5.xml:721
 msgid "polkit-1"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:723
+#: sssd-ad.5.xml:726
 msgid "sudo"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:728
+#: sssd-ad.5.xml:731
 msgid "sudo-i"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:733
+#: sssd-ad.5.xml:736
 msgid "systemd-user"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:742
+#: sssd-ad.5.xml:745
 msgid "ad_gpo_map_deny (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:745
+#: sssd-ad.5.xml:748
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access is "
 "always denied, regardless of any GPO Logon Rights."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:758
+#: sssd-ad.5.xml:761
 #, no-wrap
 msgid ""
 "ad_gpo_map_deny = +my_pam_service\n"
@@ -9786,12 +9830,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:768
+#: sssd-ad.5.xml:771
 msgid "ad_gpo_default_right (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:771
+#: sssd-ad.5.xml:774
 msgid ""
 "This option defines how access control is evaluated for PAM service names "
 "that are not explicitly listed in one of the ad_gpo_map_* options. This "
@@ -9804,57 +9848,57 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:784
+#: sssd-ad.5.xml:787
 msgid "Supported values for this option include:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:788
+#: sssd-ad.5.xml:791
 msgid "interactive"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:793
+#: sssd-ad.5.xml:796
 msgid "remote_interactive"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:798
+#: sssd-ad.5.xml:801
 msgid "network"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:803
+#: sssd-ad.5.xml:806
 msgid "batch"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:808
+#: sssd-ad.5.xml:811
 msgid "service"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:813
+#: sssd-ad.5.xml:816
 msgid "permit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:818
+#: sssd-ad.5.xml:821
 msgid "deny"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:824
+#: sssd-ad.5.xml:827
 msgid "Default: deny"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:830
+#: sssd-ad.5.xml:833
 msgid "ad_maximum_machine_account_password_age (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:833
+#: sssd-ad.5.xml:836
 msgid ""
 "SSSD will check once a day if the machine account password is older than the "
 "given age in days and try to renew it. A value of 0 will disable the renewal "
@@ -9862,17 +9906,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:839
+#: sssd-ad.5.xml:842
 msgid "Default: 30 days"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:845
+#: sssd-ad.5.xml:848
 msgid "ad_machine_account_password_renewal_opts (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:848
+#: sssd-ad.5.xml:851
 msgid ""
 "This option should only be used to test the machine account renewal task. "
 "The option expects 2 integers separated by a colon (':'). The first integer "
@@ -9882,12 +9926,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:857
+#: sssd-ad.5.xml:860
 msgid "Default: 86400:750 (24h and 15m)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:866
+#: sssd-ad.5.xml:869
 msgid ""
 "Optional. This option tells SSSD to automatically update the Active "
 "Directory DNS server with the IP address of this client. The update is "
@@ -9898,19 +9942,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:896
+#: sssd-ad.5.xml:899
 msgid "Default: 3600 (seconds)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:912
+#: sssd-ad.5.xml:915
 msgid ""
 "Default: Use the IP addresses of the interface which is used for AD LDAP "
 "connection"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:925
+#: sssd-ad.5.xml:928
 msgid ""
 "How often should the back end perform periodic DNS update in addition to the "
 "automatic update performed when the back end goes online.  This option is "
@@ -9920,12 +9964,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:948 sss_rpcidmapd.5.xml:76
+#: sssd-ad.5.xml:951 sss_rpcidmapd.5.xml:76
 msgid "Default: True"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:1040
+#: sssd-ad.5.xml:1043
 msgid ""
 "The following example assumes that SSSD is correctly configured and example."
 "com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -9933,7 +9977,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:1047
+#: sssd-ad.5.xml:1050
 #, no-wrap
 msgid ""
 "[domain/EXAMPLE]\n"
@@ -9948,7 +9992,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:1067
+#: sssd-ad.5.xml:1070
 #, no-wrap
 msgid ""
 "access_provider = ldap\n"
@@ -9957,7 +10001,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:1063
+#: sssd-ad.5.xml:1066
 msgid ""
 "The AD access control provider checks if the account is expired.  It has the "
 "same effect as the following configuration of the LDAP provider: "
@@ -9965,7 +10009,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:1073
+#: sssd-ad.5.xml:1076
 msgid ""
 "However, unless the <quote>ad</quote> access control provider is explicitly "
 "configured, the default access provider is <quote>permit</quote>. Please "
@@ -9975,15 +10019,15 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:1081
+#: sssd-ad.5.xml:1084
 msgid ""
 "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
 "attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
 "are included in the default Active Directory schema."
 msgstr ""
 
-#. type: Content of: <reference><refentry><refmeta><refentrytitle>
-#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 sssd-session-recording.5.xml:10
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16
 msgid "sssd-sudo"
 msgstr ""
 
@@ -10492,7 +10536,7 @@ msgid "The password to obfuscate will be read from standard input."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:70
+#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:127
 #: sss_ssh_knownhostsproxy.1.xml:78
 msgid ""
 "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
@@ -12509,19 +12553,101 @@ msgid ""
 "\" id=\"0\"/>"
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sss_ssh_authorizedkeys.1.xml:65
+msgid "KEYS FROM CERTIFICATES"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:67
+msgid ""
+"In addition to the public SSH keys for user <replaceable>USER</replaceable> "
+"<command>sss_ssh_authorizedkeys</command> can return public SSH keys derived "
+"from the public key of a X.509 certificate as well."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:73
+msgid ""
+"To enable this the <quote>ssh_use_certificate_keys</quote> option must be "
+"set to true (default) in the [ssh] section of <filename>sssd.conf</"
+"filename>. If the user entry contains certificates (see "
+"<quote>ldap_user_certificate</quote> in <citerefentry><refentrytitle>sssd-"
+"ldap</refentrytitle> <manvolnum>5</manvolnum></citerefentry> for details) or "
+"there is a certificate in an override entry for the user (see "
+"<citerefentry><refentrytitle>sss_override</refentrytitle> <manvolnum>8</"
+"manvolnum></citerefentry> or <citerefentry><refentrytitle>sssd-ipa</"
+"refentrytitle> <manvolnum>5</manvolnum></citerefentry> for details) and the "
+"certificate is valid SSSD will extract the public key from the certificate "
+"and convert it into the format expected by sshd."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:90
+msgid "Besides <quote>ssh_use_certificate_keys</quote> the options"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+#: sss_ssh_authorizedkeys.1.xml:92
+msgid "ca_db"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+#: sss_ssh_authorizedkeys.1.xml:93
+#, fuzzy
+#| msgid "client_idle_timeout"
+msgid "p11_child_timeout"
+msgstr "client_idle_timeout"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+#: sss_ssh_authorizedkeys.1.xml:94
+msgid "certificate_verification"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:96
+msgid ""
+"can be used to control how the certificates are validated (see "
+"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry> for details)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:101
+msgid ""
+"The validation is the benefit of using X.509 certificates instead of SSH "
+"keys directly because e.g. it gives a better control of the lifetime of the "
+"keys. When the ssh client is configured to use the private keys from a "
+"Smartcard with the help of a PKCS#11 shared library (see "
+"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></"
+"citerefentry> for details) it might be irritating that authentication is "
+"still working even if the related X.509 certificate on the Smartcard is "
+"already expired because neither <command>ssh</command> nor <command>sshd</"
+"command> will look at the certificate at all."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:114
+msgid ""
+"It has to be noted that the derived public SSH key can still be added to the "
+"<filename>authorized_keys</filename> file of the user to bypass the "
+"certificate validation if the <command>sshd</command> configuration permits "
+"this."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_authorizedkeys.1.xml:75
+#: sss_ssh_authorizedkeys.1.xml:132
 msgid ""
 "Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_authorizedkeys.1.xml:84 sss_ssh_knownhostsproxy.1.xml:92
+#: sss_ssh_authorizedkeys.1.xml:141 sss_ssh_knownhostsproxy.1.xml:92
 msgid "EXIT STATUS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:86 sss_ssh_knownhostsproxy.1.xml:94
+#: sss_ssh_authorizedkeys.1.xml:143 sss_ssh_knownhostsproxy.1.xml:94
 msgid ""
 "In case of success, an exit value of 0 is returned. Otherwise, 1 is returned."
 msgstr ""
@@ -12722,25 +12848,65 @@ msgid ""
 "manvolnum> </citerefentry>."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-files.5.xml:69
+msgid "passwd_files (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:72
+msgid ""
+"Comma-separated list of one or multiple password filenames to be read and "
+"enumerated by the files provider, inotify monitor watches will be set on "
+"each file to detect changes dynamically."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:78
+#, fuzzy
+#| msgid "Default: false"
+msgid "Default: /etc/passwd"
+msgstr "Oletus:epätosi"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-files.5.xml:84
+msgid "group_files (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:87
+msgid ""
+"Comma-separated list of one or multiple group filenames to be read and "
+"enumerated by the files provider, inotify monitor watches will be set on "
+"each file to detect changes dynamically."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:93
+#, fuzzy
+#| msgid "Default: true"
+msgid "Default: /etc/group"
+msgstr "Oletus:tosi"
+
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-files.5.xml:59
 msgid ""
-"The files provider has no specific options of its own, however, generic SSSD "
-"domain options can be set where applicable.  Refer to the section "
-"<quote>DOMAIN SECTIONS</quote> of the <citerefentry> <refentrytitle>sssd."
-"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page "
-"for details on the configuration of an SSSD domain."
+"In addition to the options listed below, generic SSSD domain options can be "
+"set where applicable.  Refer to the section <quote>DOMAIN SECTIONS</quote> "
+"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> manual page for details on the configuration of "
+"an SSSD domain.  <placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-files.5.xml:73
+#: sssd-files.5.xml:105
 msgid ""
 "The following example assumes that SSSD is correctly configured and files is "
 "one of the domains in the <replaceable>[sssd]</replaceable> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-files.5.xml:79
+#: sssd-files.5.xml:111
 #, no-wrap
 msgid ""
 "[domain/files]\n"
@@ -12979,10 +13145,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sssd-secrets.5.xml:216
-#, fuzzy
-#| msgid "debug_level (integer)"
 msgid "max_uid_secrets (integer)"
-msgstr "debug_level (integer)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd-secrets.5.xml:219
@@ -13511,7 +13675,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-session-recording.5.xml:16
+#: sssd-session-recording.5.xml:10 sssd-session-recording.5.xml:16
 msgid "sssd-session-recording"
 msgstr ""
 
@@ -13830,10 +13994,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sssd-systemtap.5.xml:64
-#, fuzzy
-#| msgid "user name"
 msgid "probe $name"
-msgstr "käyttäjänimi"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd-systemtap.5.xml:67
@@ -14340,10 +14502,8 @@ msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
 #: include/failover.xml:86
-#, fuzzy
-#| msgid "client_idle_timeout"
 msgid "dns_resolver_timeout"
-msgstr "client_idle_timeout"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: include/failover.xml:90
@@ -14366,7 +14526,7 @@ msgstr ""
 #: include/failover.xml:100
 msgid ""
 "For LDAP-based providers, the resolve operation is performed as part of an "
-"LDAP connection operation. Thefore, also the <quote>ldap_opt_timeout></"
+"LDAP connection operation. Therefore, also the <quote>ldap_opt_timeout></"
 "quote> timeout should be set to a larger value than "
 "<quote>dns_resolver_timeout</quote> which in turn should be set to a larger "
 "value than <quote>dns_resolver_op_timeout</quote>."
@@ -15204,6 +15364,23 @@ msgstr ""
 msgid "ldap_use_tokengroups = true"
 msgstr ""
 
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ad_modified_defaults.xml:63
+msgid "ldap_sasl_authid = sAMAccountName@REALM (typically SHORTNAME$@REALM)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ad_modified_defaults.xml:66
+msgid ""
+"The AD provider looks for a different principal than the LDAP provider by "
+"default, because in an Active Directory environment the principals are "
+"divided into two groups - User Principals and Service Principals. Only User "
+"Principal can be used to obtain a TGT and by default, computer object's "
+"principal is constructed from its sAMAccountName and the AD realm. The well-"
+"known host/hostname@REALM principal is a Service Principal and thus cannot "
+"be used to get a TGT with."
+msgstr ""
+
 #. type: Content of: <refsect1><para>
 #: include/ipa_modified_defaults.xml:4
 msgid ""
diff --git a/src/man/po/fr.po b/src/man/po/fr.po
index 5e0a58d..884aa8e 100644
--- a/src/man/po/fr.po
+++ b/src/man/po/fr.po
@@ -14,10 +14,10 @@
 # Jérôme Fenal <jfenal@gmail.com>, 2016. #zanata
 msgid ""
 msgstr ""
-"Project-Id-Version: sssd-docs 1.15.3\n"
+"Project-Id-Version: sssd-docs 1.16.1\n"
 "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2018-03-09 12:30+0100\n"
-"PO-Revision-Date: 2016-03-19 03:04-0400\n"
+"POT-Creation-Date: 2018-06-08 21:00+0200\n"
+"PO-Revision-Date: 2016-03-19 03:04+0000\n"
 "Last-Translator: Jean-Baptiste Holcroft <jean-baptiste@holcroft.fr>\n"
 "Language-Team: French (http://www.transifex.com/projects/p/sssd/language/"
 "fr/)\n"
@@ -26,7 +26,7 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n > 1);\n"
-"X-Generator: Zanata 3.9.6\n"
+"X-Generator: Zanata 4.4.5\n"
 
 #. type: Content of: <reference><title>
 #: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
@@ -102,7 +102,7 @@ msgstr ""
 #: sss_groupmod.8.xml:39 pam_sss.8.xml:64 sssd.8.xml:42 sss_obfuscate.8.xml:58
 #: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
 #: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
-#: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:66
+#: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:123
 #: sss_ssh_knownhostsproxy.1.xml:62
 msgid "OPTIONS"
 msgstr "OPTIONS"
@@ -218,8 +218,12 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd.conf.5.xml:41
+#, fuzzy
+#| msgid ""
+#| "A line comment starts with a hash sign (<quote>#</quote>) or a semicolon "
+#| "(<quote>;</quote>).  Inline comments are not supported."
 msgid ""
-"A line comment starts with a hash sign (<quote>#</quote>) or a semicolon "
+"A comment line starts with a hash sign (<quote>#</quote>) or a semicolon "
 "(<quote>;</quote>).  Inline comments are not supported."
 msgstr ""
 "Un commentaire de ligne commence par un octothorpe (<quote>#</quote>) ou un "
@@ -339,11 +343,12 @@ msgstr ""
 "la journalisation de débogage de SSSD, cette option sera ignorée."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:133 sssd.conf.5.xml:543 sssd.conf.5.xml:837
-#: sssd.conf.5.xml:1474 sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1937
-#: sssd-ldap.5.xml:1999 sssd-ldap.5.xml:2565 sssd-ldap.5.xml:2630
-#: sssd-ldap.5.xml:2648 sssd-ad.5.xml:224 sssd-ad.5.xml:338 sssd-ad.5.xml:882
-#: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
+#: sssd.conf.5.xml:133 sssd.conf.5.xml:543 sssd.conf.5.xml:839
+#: sssd.conf.5.xml:1491 sssd.conf.5.xml:1521 sssd-ldap.5.xml:1840
+#: sssd-ldap.5.xml:1937 sssd-ldap.5.xml:1999 sssd-ldap.5.xml:2565
+#: sssd-ldap.5.xml:2630 sssd-ldap.5.xml:2648 sssd-ad.5.xml:227
+#: sssd-ad.5.xml:341 sssd-ad.5.xml:885 sssd-krb5.5.xml:499
+#: sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
 msgid "Default: true"
 msgstr "Par défaut : true"
 
@@ -363,8 +368,8 @@ msgstr ""
 "sera ignorée."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:146 sssd.conf.5.xml:540 sssd.conf.5.xml:721
-#: sssd.conf.5.xml:1407 sssd.conf.5.xml:2925 sssd-ldap.5.xml:708
+#: sssd.conf.5.xml:146 sssd.conf.5.xml:540 sssd.conf.5.xml:722
+#: sssd.conf.5.xml:1424 sssd.conf.5.xml:2983 sssd-ldap.5.xml:708
 #: sssd-ldap.5.xml:1714 sssd-ldap.5.xml:1733 sssd-ldap.5.xml:1909
 #: sssd-ldap.5.xml:2335 sssd-ipa.5.xml:151 sssd-ipa.5.xml:238
 #: sssd-ipa.5.xml:559 sssd-krb5.5.xml:266 sssd-krb5.5.xml:300
@@ -398,7 +403,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:169 sssd.conf.5.xml:1359 sssd.conf.5.xml:2941
+#: sssd.conf.5.xml:169 sssd.conf.5.xml:1376 sssd.conf.5.xml:2999
 #: sssd-ldap.5.xml:1585 include/ldap_id_mapping.xml:264
 msgid "Default: 10"
 msgstr "Par défaut : 10"
@@ -414,7 +419,7 @@ msgid "The [sssd] section"
 msgstr "La section [sssd]"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:191 sssd.conf.5.xml:3030
+#: sssd.conf.5.xml:191 sssd.conf.5.xml:3088
 msgid "Section parameters"
 msgstr "Paramètres de sections"
 
@@ -468,12 +473,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231 sssd.conf.5.xml:613
+#: sssd.conf.5.xml:231 sssd.conf.5.xml:614
 msgid "reconnection_retries (integer)"
 msgstr "reconnection_retries (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:234 sssd.conf.5.xml:616
+#: sssd.conf.5.xml:234 sssd.conf.5.xml:617
 msgid ""
 "Number of times services should attempt to reconnect in the event of a Data "
 "Provider crash or restart before they give up"
@@ -483,7 +488,7 @@ msgstr ""
 "d'abandonner"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:239 sssd.conf.5.xml:621
+#: sssd.conf.5.xml:239 sssd.conf.5.xml:622
 msgid "Default: 3"
 msgstr "Par défaut : 3"
 
@@ -503,7 +508,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:259 sssd.conf.5.xml:2539
+#: sssd.conf.5.xml:259 sssd.conf.5.xml:2597
 msgid "re_expression (string)"
 msgstr "re_expression (chaîne)"
 
@@ -525,12 +530,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:276 sssd.conf.5.xml:2590
+#: sssd.conf.5.xml:276 sssd.conf.5.xml:2648
 msgid "full_name_format (string)"
 msgstr "full_name_format (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:279 sssd.conf.5.xml:2593
+#: sssd.conf.5.xml:279 sssd.conf.5.xml:2651
 msgid ""
 "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
 "manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -542,33 +547,33 @@ msgstr ""
 "domaine."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:290 sssd.conf.5.xml:2604
+#: sssd.conf.5.xml:290 sssd.conf.5.xml:2662
 msgid "%1$s"
 msgstr "%1$s"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:291 sssd.conf.5.xml:2605
+#: sssd.conf.5.xml:291 sssd.conf.5.xml:2663
 msgid "user name"
 msgstr "nom d'utilisateur"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:294 sssd.conf.5.xml:2608
+#: sssd.conf.5.xml:294 sssd.conf.5.xml:2666
 msgid "%2$s"
 msgstr "%2$s"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:297 sssd.conf.5.xml:2611
+#: sssd.conf.5.xml:297 sssd.conf.5.xml:2669
 msgid "domain name as specified in the SSSD config file."
 msgstr ""
 "nom de domaine tel qu'indiqué dans le fichier de configuration de SSSD."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:303 sssd.conf.5.xml:2617
+#: sssd.conf.5.xml:303 sssd.conf.5.xml:2675
 msgid "%3$s"
 msgstr "%3$s"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:306 sssd.conf.5.xml:2620
+#: sssd.conf.5.xml:306 sssd.conf.5.xml:2678
 msgid ""
 "domain flat name. Mostly usable for Active Directory domains, both directly "
 "configured or discovered via IPA trusts."
@@ -578,7 +583,7 @@ msgstr ""
 "d'approbation IPA."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:287 sssd.conf.5.xml:2601
+#: sssd.conf.5.xml:287 sssd.conf.5.xml:2659
 msgid ""
 "The following expansions are supported: <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
@@ -736,9 +741,9 @@ msgstr ""
 "use_fully_qualified_names à False."
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:418 sssd.conf.5.xml:1163 sssd-ldap.5.xml:679
+#: sssd.conf.5.xml:418 sssd.conf.5.xml:1165 sssd-ldap.5.xml:679
 #: sssd-ldap.5.xml:1319 sssd-ldap.5.xml:1673 sssd-ldap.5.xml:1685
-#: sssd-ldap.5.xml:1767 sssd-ad.5.xml:687 sssd-ad.5.xml:762 sssd.8.xml:126
+#: sssd-ldap.5.xml:1767 sssd-ad.5.xml:690 sssd-ad.5.xml:765 sssd.8.xml:126
 #: sssd-krb5.5.xml:410 sssd-krb5.5.xml:556 sssd-secrets.5.xml:339
 #: sssd-secrets.5.xml:377 sssd-secrets.5.xml:390 sssd-secrets.5.xml:404
 #: sssd-secrets.5.xml:415 include/ldap_id_mapping.xml:205
@@ -922,21 +927,22 @@ msgstr ""
 #: sssd.conf.5.xml:563
 msgid ""
 "Please, note that when this option is set the output format of all commands "
-"is always fully-qualified even when using short names for input.  In case "
-"the administrator wants the output not fully-qualified, the full_name_format "
-"option can be used as shown below: <quote>full_name_format=%1$s</quote> "
-"However, keep in mind that during login, login applications often "
-"canonicalize the username by calling <citerefentry> <refentrytitle>getpwnam</"
-"refentrytitle> <manvolnum>3</manvolnum> </citerefentry> which, if a "
-"shortname is returned for a qualified input (while trying to reach a user "
-"which exists in multiple domains) might re-route the login attempt into the "
-"domain which users shortnames, making this workaround totally not "
-"recommended in cases where usernames may overlap between domains."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587 sssd.conf.5.xml:1371 sssd.conf.5.xml:2991
-#: sssd-ad.5.xml:161 sssd-ad.5.xml:299 sssd-ad.5.xml:313
+"is always fully-qualified even when using short names for input, for all "
+"users but the ones managed by the files provider.  In case the administrator "
+"wants the output not fully-qualified, the full_name_format option can be "
+"used as shown below: <quote>full_name_format=%1$s</quote> However, keep in "
+"mind that during login, login applications often canonicalize the username "
+"by calling <citerefentry> <refentrytitle>getpwnam</refentrytitle> "
+"<manvolnum>3</manvolnum> </citerefentry> which, if a shortname is returned "
+"for a qualified input (while trying to reach a user which exists in multiple "
+"domains) might re-route the login attempt into the domain which uses "
+"shortnames, making this workaround totally not recommended in cases where "
+"usernames may overlap between domains."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:588 sssd.conf.5.xml:1388 sssd.conf.5.xml:3049
+#: sssd-ad.5.xml:164 sssd-ad.5.xml:302 sssd-ad.5.xml:316
 msgid "Default: Not set"
 msgstr "Par défaut : non défini"
 
@@ -958,12 +964,12 @@ msgstr ""
 "l'identité des domaines. <placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:598
+#: sssd.conf.5.xml:599
 msgid "SERVICES SECTIONS"
 msgstr "SECTIONS DE SERVICES"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:600
+#: sssd.conf.5.xml:601
 msgid ""
 "Settings that can be used to configure different services are described in "
 "this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -976,22 +982,22 @@ msgstr ""
 "section doit être <quote>[nss]</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:607
+#: sssd.conf.5.xml:608
 msgid "General service configuration options"
 msgstr "Options générales de configuration de service"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:609
+#: sssd.conf.5.xml:610
 msgid "These options can be used to configure any service."
 msgstr "Ces options peuvent être utilisées pour configurer les services."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:626
+#: sssd.conf.5.xml:627
 msgid "fd_limit"
 msgstr "fd_limit"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:629
+#: sssd.conf.5.xml:630
 msgid ""
 "This option specifies the maximum number of file descriptors that may be "
 "opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -1006,17 +1012,17 @@ msgstr ""
 "valeur inférieure  ou la limite « hard » de limits.conf."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:638
+#: sssd.conf.5.xml:639
 msgid "Default: 8192 (or limits.conf \"hard\" limit)"
 msgstr "Par défault : 8192 (ou la limite « hard » de limits.conf)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:643
+#: sssd.conf.5.xml:644
 msgid "client_idle_timeout"
 msgstr "client_idle_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:646
+#: sssd.conf.5.xml:647
 msgid ""
 "This option specifies the number of seconds that a client of an SSSD process "
 "can hold onto a file descriptor without communicating on it. This value is "
@@ -1026,18 +1032,18 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:655 sssd.conf.5.xml:687 sssd.conf.5.xml:968
-#: sssd.conf.5.xml:1229 sssd-ldap.5.xml:1412
+#: sssd.conf.5.xml:656 sssd.conf.5.xml:688 sssd.conf.5.xml:970
+#: sssd.conf.5.xml:1231 sssd-ldap.5.xml:1412
 msgid "Default: 60"
 msgstr "Par défaut : 60"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:660
+#: sssd.conf.5.xml:661
 msgid "offline_timeout (integer)"
 msgstr "offline_timeout (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:663
+#: sssd.conf.5.xml:664
 msgid ""
 "When SSSD switches to offline mode the amount of time before it tries to go "
 "back online will increase based upon the time spent disconnected.  This "
@@ -1045,24 +1051,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:670
+#: sssd.conf.5.xml:671
 msgid "offline_timeout + random_offset"
 msgstr "offline_timeout + random_offset"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:673
+#: sssd.conf.5.xml:674
 msgid ""
 "The random offset can increment up to 30 seconds.  After each unsuccessful "
 "attempt to go online, the new interval is recalculated by the following:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:678
+#: sssd.conf.5.xml:679
 msgid "new_interval = old_interval*2 + random_offset"
 msgstr "new_interval = old_interval*2 + random_offset"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:681
+#: sssd.conf.5.xml:682
 msgid ""
 "Note that the maximum length of each interval is currently limited to one "
 "hour. If the calculated length of new_interval is greater than an hour, it "
@@ -1070,12 +1076,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:692
+#: sssd.conf.5.xml:693
 msgid "responder_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:695
+#: sssd.conf.5.xml:696
 msgid ""
 "This option specifies the number of seconds that an SSSD responder process "
 "can be up without being used. This value is limited in order to avoid "
@@ -1087,30 +1093,30 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:709 sssd.conf.5.xml:981 sssd.conf.5.xml:1566
+#: sssd.conf.5.xml:710 sssd.conf.5.xml:983 sssd.conf.5.xml:1616
 #: sssd-ldap.5.xml:722
 msgid "Default: 300"
 msgstr "Par défaut : 300"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:714
+#: sssd.conf.5.xml:715
 msgid "cache_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:717
+#: sssd.conf.5.xml:718
 msgid ""
 "This option specifies whether the responder should query all caches before "
 "querying the Data Providers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:729
+#: sssd.conf.5.xml:730
 msgid "NSS configuration options"
 msgstr "Options de configuration NSS"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:731
+#: sssd.conf.5.xml:732
 msgid ""
 "These options can be used to configure the Name Service Switch (NSS) service."
 msgstr ""
@@ -1118,12 +1124,12 @@ msgstr ""
 "Switch (NSS)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:736
+#: sssd.conf.5.xml:737
 msgid "enum_cache_timeout (integer)"
 msgstr "enum_cache_timeout (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:739
+#: sssd.conf.5.xml:740
 msgid ""
 "How many seconds should nss_sss cache enumerations (requests for info about "
 "all users)"
@@ -1132,17 +1138,17 @@ msgstr ""
 "énumérations (requêtes sur les informations de tous les utilisateurs)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:743
+#: sssd.conf.5.xml:744
 msgid "Default: 120"
 msgstr "Par défaut : 120"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:748
+#: sssd.conf.5.xml:749
 msgid "entry_cache_nowait_percentage (integer)"
 msgstr "entry_cache_nowait_percentage (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:751
+#: sssd.conf.5.xml:752
 msgid ""
 "The entry cache can be set to automatically update entries in the background "
 "if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -1153,7 +1159,7 @@ msgstr ""
 "valeur de entry_cache_timeout pour le domaine."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:757
+#: sssd.conf.5.xml:758
 msgid ""
 "For example, if the domain's entry_cache_timeout is set to 30s and "
 "entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -1169,7 +1175,7 @@ msgstr ""
 "cache."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:767
+#: sssd.conf.5.xml:768
 msgid ""
 "Valid values for this option are 0-99 and represent a percentage of the "
 "entry_cache_timeout for each domain. For performance reasons, this "
@@ -1182,17 +1188,17 @@ msgstr ""
 "de non réponse à moins de 10 secondes (0 pour désactiver l'option)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:775 sssd.conf.5.xml:1428
+#: sssd.conf.5.xml:776 sssd.conf.5.xml:1445
 msgid "Default: 50"
 msgstr "Par défaut : 50"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:780
+#: sssd.conf.5.xml:781
 msgid "entry_negative_timeout (integer)"
 msgstr "entry_negative_timeout (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:784
 msgid ""
 "Specifies for how many seconds nss_sss should cache negative cache hits "
 "(that is, queries for invalid database entries, like nonexistent ones)  "
@@ -1204,34 +1210,37 @@ msgstr ""
 "appel au moteur."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:789 sssd.conf.5.xml:1452
+#: sssd.conf.5.xml:790 sssd.conf.5.xml:1469
 msgid "Default: 15"
 msgstr "Par défaut : 15"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:794
+#: sssd.conf.5.xml:795
 msgid "local_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:797
+#: sssd.conf.5.xml:798
 msgid ""
 "Specifies for how many seconds nss_sss should keep local users and groups in "
-"negative cache before trying to look it up in the back end again."
+"negative cache before trying to look it up in the back end again. Setting "
+"the option to 0 disables this feature."
 msgstr ""
 
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:802 sssd.conf.5.xml:1217 sssd.conf.5.xml:2846 sssd.8.xml:79
-msgid "Default: 0"
-msgstr "Par défaut : 0"
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:804
+#, fuzzy
+#| msgid "Default: 86400 (24 hours)"
+msgid "Default: 14400 (4 hours)"
+msgstr "Par défaut : 86400 (24 heures)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:807
+#: sssd.conf.5.xml:809
 msgid "filter_users, filter_groups (string)"
 msgstr "filter_users, filter_groups (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:810
+#: sssd.conf.5.xml:812
 msgid ""
 "Exclude certain users or groups from being fetched from the sss NSS "
 "database. This is particularly useful for system accounts. This option can "
@@ -1240,7 +1249,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:817
+#: sssd.conf.5.xml:819
 msgid ""
 "NOTE: The filter_groups option doesn't affect inheritance of nested group "
 "members, since filtering happens after they are propagated for returning via "
@@ -1249,17 +1258,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:825
+#: sssd.conf.5.xml:827
 msgid "Default: root"
 msgstr "Par défaut : root"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:830
+#: sssd.conf.5.xml:832
 msgid "filter_users_in_groups (bool)"
 msgstr "filter_users_in_groups (booléen)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:833
+#: sssd.conf.5.xml:835
 msgid ""
 "If you want filtered user still be group members set this option to false."
 msgstr ""
@@ -1267,12 +1276,12 @@ msgstr ""
 "membres de groupes."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:844
+#: sssd.conf.5.xml:846
 msgid "fallback_homedir (string)"
 msgstr "fallback_homedir (string)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:849
 msgid ""
 "Set a default template for a user's home directory if one is not specified "
 "explicitly by the domain's data provider."
@@ -1281,7 +1290,7 @@ msgstr ""
 "explicitement spécifié par le fournisseur de données du domaine."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:852
+#: sssd.conf.5.xml:854
 msgid ""
 "The available values for this option are the same as for override_homedir."
 msgstr ""
@@ -1289,7 +1298,7 @@ msgstr ""
 "override_homedir."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:858
+#: sssd.conf.5.xml:860
 #, no-wrap
 msgid ""
 "fallback_homedir = /home/%u\n"
@@ -1299,25 +1308,25 @@ msgstr ""
 "                            "
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:856 sssd.conf.5.xml:1296 sssd.conf.5.xml:1315
+#: sssd.conf.5.xml:858 sssd.conf.5.xml:1298 sssd.conf.5.xml:1317
 #: sssd-krb5.5.xml:539 include/override_homedir.xml:59
 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr "exemple : <placeholder type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:862
+#: sssd.conf.5.xml:864
 msgid "Default: not set (no substitution for unset home directories)"
 msgstr ""
 "Par défaut : non défini (aucune substitution pour les répertoires d'accueil "
 "non définis)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:870
 msgid "override_shell (string)"
 msgstr "override_shell (string)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:873
 msgid ""
 "Override the login shell for all users. This option supersedes any other "
 "shell options if it takes effect and can be set either in the [nss] section "
@@ -1329,17 +1338,17 @@ msgstr ""
 "section [nss], soit par domaine."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:877
+#: sssd.conf.5.xml:879
 msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
 msgstr "Par défaut : indéfini (SSSD utilisera la valeur récupérée de LDAP)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:883
+#: sssd.conf.5.xml:885
 msgid "allowed_shells (string)"
 msgstr "allowed_shells (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:886
+#: sssd.conf.5.xml:888
 msgid ""
 "Restrict user shell to one of the listed values. The order of evaluation is:"
 msgstr ""
@@ -1347,14 +1356,14 @@ msgstr ""
 "indiquées. L'ordre d'évaluation est :"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:889
+#: sssd.conf.5.xml:891
 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
 msgstr ""
 "1. Si l'interpréteur de commandes est présent dans <quote>/etc/shells</"
 "quote>, il est utilisé."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:895
 msgid ""
 "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
 "quote>, use the value of the shell_fallback parameter."
@@ -1364,7 +1373,7 @@ msgstr ""
 "shell_fallback » sera utilisée."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:898
+#: sssd.conf.5.xml:900
 msgid ""
 "3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
 "shells</quote>, a nologin shell is used."
@@ -1373,12 +1382,12 @@ msgstr ""
 "ni dans <quote>/etc/shells</quote>, une connexion sans shell est utilisée."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:903
+#: sssd.conf.5.xml:905
 msgid "The wildcard (*) can be used to allow any shell."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:906
+#: sssd.conf.5.xml:908
 msgid ""
 "The (*) is useful if you want to use shell_fallback in case that user's "
 "shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -1386,14 +1395,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:913
+#: sssd.conf.5.xml:915
 msgid "An empty string for shell is passed as-is to libc."
 msgstr ""
 "Une chaîne vide pour l'interpréteur de commandes est passée telle quelle est "
 "à la libc."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:918
 msgid ""
 "The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
 "that a restart of the SSSD is required in case a new shell is installed."
@@ -1403,31 +1412,31 @@ msgstr ""
 "est installé."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:920
+#: sssd.conf.5.xml:922
 msgid "Default: Not set. The user shell is automatically used."
 msgstr ""
 "Par défaut : non défini. L'interpréteur de commandes de l'utilisateur est "
 "utilisé automatiquement."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:925
+#: sssd.conf.5.xml:927
 msgid "vetoed_shells (string)"
 msgstr "vetoed_shells (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:928
+#: sssd.conf.5.xml:930
 msgid "Replace any instance of these shells with the shell_fallback"
 msgstr ""
 "Remplace toutes les occurences de ces interpréteurs de commandes par "
 "l'interpréteur de commandes par défaut"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:933
+#: sssd.conf.5.xml:935
 msgid "shell_fallback (string)"
 msgstr "shell_fallback (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:936
+#: sssd.conf.5.xml:938
 msgid ""
 "The default shell to use if an allowed shell is not installed on the machine."
 msgstr ""
@@ -1435,17 +1444,17 @@ msgstr ""
 "commandes autorisé n'est pas installé sur la machine."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
+#: sssd.conf.5.xml:942
 msgid "Default: /bin/sh"
 msgstr "Par défaut : /bin/sh"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:945
+#: sssd.conf.5.xml:947
 msgid "default_shell"
 msgstr "default_shell"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:950
 msgid ""
 "The default shell to use if the provider does not return one during lookup. "
 "This option can be specified globally in the [nss] section or per-domain."
@@ -1455,7 +1464,7 @@ msgstr ""
 "choix soit dans la section [nss], soit par domaine."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:956
 msgid ""
 "Default: not set (Return NULL if no shell is specified and rely on libc to "
 "substitute something sensible when necessary, usually /bin/sh)"
@@ -1465,12 +1474,12 @@ msgstr ""
 "nécessaire, habituellement /bin/sh)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:961 sssd.conf.5.xml:1222
+#: sssd.conf.5.xml:963 sssd.conf.5.xml:1224
 msgid "get_domains_timeout (int)"
 msgstr "get_domains_timeout (int)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:964 sssd.conf.5.xml:1225
+#: sssd.conf.5.xml:966 sssd.conf.5.xml:1227
 msgid ""
 "Specifies time in seconds for which the list of subdomains will be "
 "considered valid."
@@ -1479,38 +1488,38 @@ msgstr ""
 "jugée valide."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:973
+#: sssd.conf.5.xml:975
 msgid "memcache_timeout (int)"
 msgstr "memcache_timeout (int)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:976
+#: sssd.conf.5.xml:978
 msgid ""
 "Specifies time in seconds for which records in the in-memory cache will be "
 "valid. Setting this option to zero will disable the in-memory cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:984
+#: sssd.conf.5.xml:986
 msgid ""
 "WARNING: Disabling the in-memory cache will have significant negative impact "
 "on SSSD's performance and should only be used for testing."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:990
+#: sssd.conf.5.xml:992
 msgid ""
 "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
 "client applications will not use the fast in-memory cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:998 sssd-ifp.5.xml:74
+#: sssd.conf.5.xml:1000 sssd-ifp.5.xml:74
 msgid "user_attributes (string)"
 msgstr "user_attributes (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1001
+#: sssd.conf.5.xml:1003
 msgid ""
 "Some of the additional NSS responder requests can return more attributes "
 "than just the POSIX ones defined by the NSS interface. The list of "
@@ -1521,48 +1530,48 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1014
+#: sssd.conf.5.xml:1016
 msgid ""
 "To make configuration more easy the NSS responder will check the InfoPipe "
 "option if it is not set for the NSS responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1019
+#: sssd.conf.5.xml:1021
 msgid "Default: not set, fallback to InfoPipe option"
 msgstr "Par défaut : non défini, repli sur l'option InfoPipe"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1026
 msgid "pwfield (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1029
 msgid ""
 "The value that NSS operations that return users or groups will return for "
 "the <quote>password</quote> field."
 msgstr ""
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:1032 include/override_homedir.xml:56
+#: sssd.conf.5.xml:1034 include/override_homedir.xml:56
 msgid "This option can also be set per-domain."
 msgstr "Cette option peut aussi être définie pour chaque domaine."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1035
+#: sssd.conf.5.xml:1037
 msgid ""
 "Default: <quote>*</quote> (remote domains)  or <quote>x</quote> (the files "
 "domain)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1043
+#: sssd.conf.5.xml:1045
 msgid "PAM configuration options"
 msgstr "Options de configuration de PAM"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1047
 msgid ""
 "These options can be used to configure the Pluggable Authentication Module "
 "(PAM) service."
@@ -1571,12 +1580,12 @@ msgstr ""
 "Module (PAM)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1050
+#: sssd.conf.5.xml:1052
 msgid "offline_credentials_expiration (integer)"
 msgstr "offline_credentials_expiration (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1053
+#: sssd.conf.5.xml:1055
 msgid ""
 "If the authentication provider is offline, how long should we allow cached "
 "logins (in days since the last successful online login)."
@@ -1586,17 +1595,17 @@ msgstr ""
 "connexion réussie)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1058 sssd.conf.5.xml:1071
+#: sssd.conf.5.xml:1060 sssd.conf.5.xml:1073
 msgid "Default: 0 (No limit)"
 msgstr "Par défaut : 0 (pas de limite)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1064
+#: sssd.conf.5.xml:1066
 msgid "offline_failed_login_attempts (integer)"
 msgstr "offline_failed_login_attempts (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1067
+#: sssd.conf.5.xml:1069
 msgid ""
 "If the authentication provider is offline, how many failed login attempts "
 "are allowed."
@@ -1605,12 +1614,12 @@ msgstr ""
 "échouées sont autorisées."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1077
+#: sssd.conf.5.xml:1079
 msgid "offline_failed_login_delay (integer)"
 msgstr "offline_failed_login_delay (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1080
+#: sssd.conf.5.xml:1082
 msgid ""
 "The time in minutes which has to pass after offline_failed_login_attempts "
 "has been reached before a new login attempt is possible."
@@ -1620,7 +1629,7 @@ msgstr ""
 "soit possible."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1085
+#: sssd.conf.5.xml:1087
 msgid ""
 "If set to 0 the user cannot authenticate offline if "
 "offline_failed_login_attempts has been reached. Only a successful online "
@@ -1631,17 +1640,17 @@ msgstr ""
 "connexion réussie en ligne peut réactiver l'authentification."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1091 sssd.conf.5.xml:1189
+#: sssd.conf.5.xml:1093 sssd.conf.5.xml:1191
 msgid "Default: 5"
 msgstr "Par défaut : 5"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1097
+#: sssd.conf.5.xml:1099
 msgid "pam_verbosity (integer)"
 msgstr "pam_verbosity (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1100
+#: sssd.conf.5.xml:1102
 msgid ""
 "Controls what kind of messages are shown to the user during authentication. "
 "The higher the number to more messages are displayed."
@@ -1651,44 +1660,44 @@ msgstr ""
 "affichés sera important."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1105
+#: sssd.conf.5.xml:1107
 msgid "Currently sssd supports the following values:"
 msgstr "Actuellement sssd supporte les valeurs suivantes :"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1108
+#: sssd.conf.5.xml:1110
 msgid "<emphasis>0</emphasis>: do not show any message"
 msgstr "<emphasis>0</emphasis> : ne pas afficher de message"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1111
+#: sssd.conf.5.xml:1113
 msgid "<emphasis>1</emphasis>: show only important messages"
 msgstr "<emphasis>1</emphasis> : afficher seulement les messages importants"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1115
+#: sssd.conf.5.xml:1117
 msgid "<emphasis>2</emphasis>: show informational messages"
 msgstr "<emphasis>2</emphasis> : afficher les messages d'information"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1118
+#: sssd.conf.5.xml:1120
 msgid "<emphasis>3</emphasis>: show all messages and debug information"
 msgstr ""
 "<emphasis>3</emphasis> : afficher tous les messages et informations de "
 "débogage"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1122 sssd.8.xml:63
+#: sssd.conf.5.xml:1124 sssd.8.xml:63
 msgid "Default: 1"
 msgstr "Par défaut : 1"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1128
+#: sssd.conf.5.xml:1130
 msgid "pam_response_filter (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1131
+#: sssd.conf.5.xml:1133
 msgid ""
 "A comma separated list of strings which allows to remove (filter) data sent "
 "by the PAM responder to pam_sss PAM module. There are different kind of "
@@ -1697,61 +1706,61 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1139
+#: sssd.conf.5.xml:1141
 msgid ""
 "While messages already can be controlled with the help of the pam_verbosity "
 "option this option allows to filter out other kind of responses as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1148
 msgid "ENV"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1147
+#: sssd.conf.5.xml:1149
 msgid "Do not send any environment variables to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1150
+#: sssd.conf.5.xml:1152
 msgid "ENV:var_name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1151
+#: sssd.conf.5.xml:1153
 msgid "Do not send environment variable var_name to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1155
+#: sssd.conf.5.xml:1157
 msgid "ENV:var_name:service"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1156
+#: sssd.conf.5.xml:1158
 msgid "Do not send environment variable var_name to service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1144
+#: sssd.conf.5.xml:1146
 msgid ""
 "Currently the following filters are supported: <placeholder type="
 "\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1166
+#: sssd.conf.5.xml:1168
 msgid "Example: ENV:KRB5CCNAME:sudo-i"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1174
 msgid "pam_id_timeout (integer)"
 msgstr "pam_id_timeout (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1175
+#: sssd.conf.5.xml:1177
 msgid ""
 "For any PAM request while SSSD is online, the SSSD will attempt to "
 "immediately update the cached identity information for the user in order to "
@@ -1763,7 +1772,7 @@ msgstr ""
 "les dernières informations."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1181
+#: sssd.conf.5.xml:1183
 msgid ""
 "A complete PAM conversation may perform multiple PAM requests, such as "
 "account management and session opening. This option controls (on a per-"
@@ -1777,17 +1786,17 @@ msgstr ""
 "fournisseur d'identité."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1195
+#: sssd.conf.5.xml:1197
 msgid "pam_pwd_expiration_warning (integer)"
 msgstr "pam_pwd_expiration_warning (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1198 sssd.conf.5.xml:2028
+#: sssd.conf.5.xml:1200 sssd.conf.5.xml:2078
 msgid "Display a warning N days before the password expires."
 msgstr "Afficher une alerte N jours avant l'expiration du mot de passe."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1201
+#: sssd.conf.5.xml:1203
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -1798,7 +1807,7 @@ msgstr ""
 "ne peut afficher de message d'alerte."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1207 sssd.conf.5.xml:2031
+#: sssd.conf.5.xml:1209 sssd.conf.5.xml:2081
 msgid ""
 "If zero is set, then this filter is not applied, i.e. if the expiration "
 "warning was received from backend server, it will automatically be displayed."
@@ -1808,7 +1817,7 @@ msgstr ""
 "sera automatiquement affiché."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1212
+#: sssd.conf.5.xml:1214
 msgid ""
 "This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
 "emphasis> for a particular domain."
@@ -1816,13 +1825,18 @@ msgstr ""
 "Ce paramètre peut être surchargé par le paramètre "
 "<emphasis>pwd_expiration_warning</emphasis> pour un domaine particulier."
 
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1219 sssd.conf.5.xml:2904 sssd.8.xml:79
+msgid "Default: 0"
+msgstr "Par défaut : 0"
+
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1234
+#: sssd.conf.5.xml:1236
 msgid "pam_trusted_users (string)"
 msgstr "pam_trusted_users (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1237
+#: sssd.conf.5.xml:1239
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to run PAM conversations against trusted domains.  Users not "
@@ -1832,37 +1846,37 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1247
+#: sssd.conf.5.xml:1249
 msgid "Default: All users are considered trusted by default"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1251
+#: sssd.conf.5.xml:1253
 msgid ""
 "Please note that UID 0 is always allowed to access the PAM responder even in "
 "case it is not in the pam_trusted_users list."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1258
+#: sssd.conf.5.xml:1260
 msgid "pam_public_domains (string)"
 msgstr "pam_public_domains (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1261
+#: sssd.conf.5.xml:1263
 msgid ""
 "Specifies the comma-separated list of domain names that are accessible even "
 "to untrusted users."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1265
+#: sssd.conf.5.xml:1267
 msgid "Two special values for pam_public_domains option are defined:"
 msgstr ""
 "Deux valeurs spéciales pour l'option pam_public_domains sont définies :"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1269
+#: sssd.conf.5.xml:1271
 msgid ""
 "all (Untrusted users are allowed to access all domains in PAM responder.)"
 msgstr ""
@@ -1870,7 +1884,7 @@ msgstr ""
 "à tous les domaines PAM dans le répondeur.)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1273
+#: sssd.conf.5.xml:1275
 msgid ""
 "none (Untrusted users are not allowed to access any domains PAM in "
 "responder.)"
@@ -1879,32 +1893,32 @@ msgstr ""
 "autorisés à accéder à un des domaines PAM dans le répondeur.)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1277 sssd.conf.5.xml:1302 sssd.conf.5.xml:1321
-#: sssd.conf.5.xml:1825 sssd.conf.5.xml:2782 sssd-ldap.5.xml:1968
+#: sssd.conf.5.xml:1279 sssd.conf.5.xml:1304 sssd.conf.5.xml:1323
+#: sssd.conf.5.xml:1875 sssd.conf.5.xml:2840 sssd-ldap.5.xml:1968
 msgid "Default: none"
 msgstr "Par défaut : aucun"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1282
+#: sssd.conf.5.xml:1284
 msgid "pam_account_expired_message (string)"
 msgstr "pam_account_expired_message (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1285
+#: sssd.conf.5.xml:1287
 msgid ""
 "Allows a custom expiration message to be set, replacing the default "
 "'Permission denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1290
+#: sssd.conf.5.xml:1292
 msgid ""
 "Note: Please be aware that message is only printed for the SSH service "
 "unless pam_verbosity is set to 3 (show all messages and debug information)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1298
+#: sssd.conf.5.xml:1300
 #, no-wrap
 msgid ""
 "pam_account_expired_message = Account expired, please contact help desk.\n"
@@ -1912,19 +1926,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1307
+#: sssd.conf.5.xml:1309
 msgid "pam_account_locked_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1310
+#: sssd.conf.5.xml:1312
 msgid ""
 "Allows a custom lockout message to be set, replacing the default 'Permission "
 "denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1317
+#: sssd.conf.5.xml:1319
 #, no-wrap
 msgid ""
 "pam_account_locked_message = Account locked, please contact help desk.\n"
@@ -1932,12 +1946,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1326
+#: sssd.conf.5.xml:1328
 msgid "pam_cert_auth (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1329
+#: sssd.conf.5.xml:1331
 msgid ""
 "Enable certificate based Smartcard authentication.  Since this requires "
 "additional communication with the Smartcard which will delay the "
@@ -1945,58 +1959,82 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1335 sssd.conf.5.xml:2875 sssd-ldap.5.xml:1087
+#: sssd.conf.5.xml:1337 sssd.conf.5.xml:2933 sssd-ldap.5.xml:1087
 #: sssd-ldap.5.xml:1114 sssd-ldap.5.xml:1514 sssd-ldap.5.xml:1535
 #: sssd-ldap.5.xml:2041 include/ldap_id_mapping.xml:244
 msgid "Default: False"
 msgstr "Par défaut : False"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1340
+#: sssd.conf.5.xml:1342
 msgid "pam_cert_db_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1343
+#: sssd.conf.5.xml:1345
 msgid ""
 "The path to the certificate database which contain the PKCS#11 modules to "
 "access the Smartcard."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1347
-msgid "Default: /etc/pki/nssdb (NSS version)"
+#: sssd.conf.5.xml:1349 sssd.conf.5.xml:1534
+#, fuzzy
+#| msgid "Default: 3"
+msgid "Default:"
+msgstr "Par défaut : 3"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:1351 sssd.conf.5.xml:1536
+msgid "/etc/pki/nssdb (NSS version, path to a NSS database)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:1354 sssd.conf.5.xml:1539
+msgid ""
+"/etc/sssd/pki/sssd_auth_ca_db.pem (OpenSSL version, path to a file with "
+"trusted CA certificates in PEM format)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1361 sssd.conf.5.xml:1546
+msgid "This man page was generated for the NSS version."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1364 sssd.conf.5.xml:1549
+msgid "This man page was generated for the OpenSSL version."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1352
+#: sssd.conf.5.xml:1369
 msgid "p11_child_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1355
+#: sssd.conf.5.xml:1372
 msgid "How many seconds will pam_sss wait for p11_child to finish."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1364
+#: sssd.conf.5.xml:1381
 msgid "pam_app_services (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1367
+#: sssd.conf.5.xml:1384
 msgid ""
 "Which PAM services are permitted to contact domains of type "
 "<quote>application</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1380
+#: sssd.conf.5.xml:1397
 msgid "SUDO configuration options"
 msgstr "Options de configuration de SUDO"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1382
+#: sssd.conf.5.xml:1399
 msgid ""
 "These options can be used to configure the sudo service.  The detailed "
 "instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -2013,12 +2051,12 @@ msgstr ""
 "sudo</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1399
+#: sssd.conf.5.xml:1416
 msgid "sudo_timed (bool)"
 msgstr "sudo_timed (booléen)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1402
+#: sssd.conf.5.xml:1419
 msgid ""
 "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
 "that implement time-dependent sudoers entries."
@@ -2027,14 +2065,12 @@ msgstr ""
 "les entrées sudoers sensibles au temps."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1414
-#, fuzzy
-#| msgid "ldap_deref_threshold (integer)"
+#: sssd.conf.5.xml:1431
 msgid "sudo_threshold (integer)"
-msgstr "ldap_deref_threshold (entier)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1417
+#: sssd.conf.5.xml:1434
 msgid ""
 "Maximum number of expired rules that can be refreshed at once. If number of "
 "expired rules is below threshold, those rules are refreshed with "
@@ -2044,22 +2080,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1436
+#: sssd.conf.5.xml:1453
 msgid "AUTOFS configuration options"
 msgstr "Options de configuration AUTOFS"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1438
+#: sssd.conf.5.xml:1455
 msgid "These options can be used to configure the autofs service."
 msgstr "Ces options peuvent être utilisées pour configurer le service autofs."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1442
+#: sssd.conf.5.xml:1459
 msgid "autofs_negative_timeout (integer)"
 msgstr "autofs_negative_timeout (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1445
+#: sssd.conf.5.xml:1462
 msgid ""
 "Specifies for how many seconds should the autofs responder negative cache "
 "hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -2071,23 +2107,23 @@ msgstr ""
 "moteur."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1461
+#: sssd.conf.5.xml:1478
 msgid "SSH configuration options"
 msgstr "Options de configuration SSH"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1463
+#: sssd.conf.5.xml:1480
 msgid "These options can be used to configure the SSH service."
 msgstr ""
 "Les options suivantes peuvent être utilisées pour configurer le service SSH."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1467
+#: sssd.conf.5.xml:1484
 msgid "ssh_hash_known_hosts (bool)"
 msgstr "ssh_hash_known_hosts (bool)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1470
+#: sssd.conf.5.xml:1487
 msgid ""
 "Whether or not to hash host names and addresses in the managed known_hosts "
 "file."
@@ -2095,12 +2131,12 @@ msgstr ""
 "Condenser ou non les noms de systèmes et adresses du fichier known_hosts"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1479
+#: sssd.conf.5.xml:1496
 msgid "ssh_known_hosts_timeout (integer)"
 msgstr "ssh_known_hosts_timeout (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1482
+#: sssd.conf.5.xml:1499
 msgid ""
 "How many seconds to keep a host in the managed known_hosts file after its "
 "host keys were requested."
@@ -2109,34 +2145,55 @@ msgstr ""
 "known_hosts géré après que ses clés de système ont été demandés."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1486
+#: sssd.conf.5.xml:1503
 msgid "Default: 180"
 msgstr "Par défaut : 180"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1491
+#: sssd.conf.5.xml:1508
+#, fuzzy
+#| msgid "ldap_user_certificate (string)"
+msgid "ssh_use_certificate_keys (bool)"
+msgstr "ldap_user_certificate (chaîne)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1511
+#, fuzzy
+#| msgid ""
+#| "The skeleton directory, which contains files and directories to be copied "
+#| "in the user's home directory, when the home directory is created by "
+#| "<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</"
+#| "manvolnum> </citerefentry>"
+msgid ""
+"If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh "
+"keys derived from the public key of X.509 certificates stored in the user "
+"entry as well. See <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</"
+"refentrytitle> <manvolnum>1</manvolnum> </citerefentry> for details."
+msgstr ""
+"Le répertoire squelette contenant les fichiers et répertoires à copier dans "
+"le répertoire personnel de l'utilisateur une fois ce répertoire créé par "
+"<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</"
+"manvolnum> </citerefentry>"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1526
 msgid "ca_db (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1494
+#: sssd.conf.5.xml:1529
 msgid ""
 "Path to a storage of trusted CA certificates. The option is used to validate "
 "user certificates before deriving public ssh keys from them."
 msgstr ""
 
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1499
-msgid "Default: /etc/pki/nssdb"
-msgstr ""
-
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1507
+#: sssd.conf.5.xml:1557
 msgid "PAC responder configuration options"
 msgstr "Options de configuration du répondeur PAC"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1509
+#: sssd.conf.5.xml:1559
 msgid ""
 "The PAC responder works together with the authorization data plugin for MIT "
 "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -2147,7 +2204,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1518
+#: sssd.conf.5.xml:1568
 msgid ""
 "If the remote user does not exist in the cache, it is created. The UID is "
 "determined with the help of the SID, trusted domains will have UPGs and the "
@@ -2158,7 +2215,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1526
+#: sssd.conf.5.xml:1576
 msgid ""
 "If there are SIDs of groups from domains sssd knows about, the user will be "
 "added to those groups."
@@ -2167,19 +2224,19 @@ msgstr ""
 "ajouté à ces groupes."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1532
+#: sssd.conf.5.xml:1582
 msgid "These options can be used to configure the PAC responder."
 msgstr ""
 "Les options suivantes peuvent être utilisées pour configurer le répondeur "
 "PAC."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1536 sssd-ifp.5.xml:50
+#: sssd.conf.5.xml:1586 sssd-ifp.5.xml:50
 msgid "allowed_uids (string)"
 msgstr "allowed_uids (string)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1539
+#: sssd.conf.5.xml:1589
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -2190,14 +2247,14 @@ msgstr ""
 "seront résolus en UID au démarrage."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1545
+#: sssd.conf.5.xml:1595
 msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
 msgstr ""
 "Par défaut : 0 (seul l'utilisateur root est autorisé à accéder au répondeur "
 "PAC)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1549
+#: sssd.conf.5.xml:1599
 msgid ""
 "Please note that although the UID 0 is used as the default it will be "
 "overwritten with this option. If you still want to allow the root user to "
@@ -2210,34 +2267,24 @@ msgstr ""
 "0 à la liste des UID d'utilisateurs autorisés."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1558
+#: sssd.conf.5.xml:1608
 msgid "pac_lifetime (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1561
+#: sssd.conf.5.xml:1611
 msgid ""
 "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
 "data can be used to determine the group memberships of a user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1574
-#, fuzzy
-#| msgid "PAC responder configuration options"
+#: sssd.conf.5.xml:1624
 msgid "Session recording configuration options"
-msgstr "Options de configuration du répondeur PAC"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1576
-#, fuzzy
-#| msgid ""
-#| "This manual page describes the configuration of the AD provider for "
-#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</"
-#| "manvolnum> </citerefentry>.  For a detailed syntax reference, refer to "
-#| "the <quote>FILE FORMAT</quote> section of the <citerefentry> "
-#| "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-#| "citerefentry> manual page."
+#: sssd.conf.5.xml:1626
 msgid ""
 "Session recording works in conjunction with <citerefentry> "
 "<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </"
@@ -2245,98 +2292,68 @@ msgid ""
 "they log in on a text terminal.  See also <citerefentry> <refentrytitle>sssd-"
 "session-recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
 msgstr ""
-"Cette page de manuel décrit la configuration du fournisseur AD pour "
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry>. Pour une référence détaillée sur la syntaxe, cf. la section "
-"<quote>FORMAT DE FICHIER</quote> de la page de manuel <citerefentry> "
-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1589
-#, fuzzy
-#| msgid "These options can be used to configure any service."
+#: sssd.conf.5.xml:1639
 msgid "These options can be used to configure session recording."
-msgstr "Ces options peuvent être utilisées pour configurer les services."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1593 sssd-session-recording.5.xml:64
-#, fuzzy
-#| msgid "user (string)"
+#: sssd.conf.5.xml:1643 sssd-session-recording.5.xml:64
 msgid "scope (string)"
-msgstr "user (chaîne)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1600 sssd-session-recording.5.xml:71
-#, fuzzy
-#| msgid "none"
+#: sssd.conf.5.xml:1650 sssd-session-recording.5.xml:71
 msgid "\"none\""
-msgstr "none"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1603 sssd-session-recording.5.xml:74
+#: sssd.conf.5.xml:1653 sssd-session-recording.5.xml:74
 msgid "No users are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1608 sssd-session-recording.5.xml:79
+#: sssd.conf.5.xml:1658 sssd-session-recording.5.xml:79
 msgid "\"some\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1611 sssd-session-recording.5.xml:82
-#, fuzzy
-#| msgid ""
-#| "Append this user to groups specified by the <replaceable>GROUPS</"
-#| "replaceable> parameter.  The <replaceable>GROUPS</replaceable> parameter "
-#| "is a comma separated list of group names."
+#: sssd.conf.5.xml:1661 sssd-session-recording.5.xml:82
 msgid ""
 "Users/groups specified by <replaceable>users</replaceable> and "
 "<replaceable>groups</replaceable> options are recorded."
 msgstr ""
-"Ajouter cet utilisateur aux groupes spécifiés par le paramètre "
-"<replaceable>GROUPS</replaceable>.  Le paramètre <replaceable>GROUPS</"
-"replaceable> est une liste séparée par des virgules de noms de groupes."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1620 sssd-session-recording.5.xml:91
+#: sssd.conf.5.xml:1670 sssd-session-recording.5.xml:91
 msgid "\"all\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1623 sssd-session-recording.5.xml:94
+#: sssd.conf.5.xml:1673 sssd-session-recording.5.xml:94
 msgid "All users are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1596 sssd-session-recording.5.xml:67
-#, fuzzy
-#| msgid ""
-#| "The following expansions are supported: <placeholder type=\"variablelist"
-#| "\" id=\"0\"/>"
+#: sssd.conf.5.xml:1646 sssd-session-recording.5.xml:67
 msgid ""
 "One of the following strings specifying the scope of session recording: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
-"Les expansions suivantes sont prises en charge : <placeholder type="
-"\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1630 sssd-session-recording.5.xml:101
-#, fuzzy
-#| msgid "Default: none"
+#: sssd.conf.5.xml:1680 sssd-session-recording.5.xml:101
 msgid "Default: \"none\""
-msgstr "Par défaut : aucun"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1635 sssd-session-recording.5.xml:106
-#, fuzzy
-#| msgid "user (string)"
+#: sssd.conf.5.xml:1685 sssd-session-recording.5.xml:106
 msgid "users (string)"
-msgstr "user (chaîne)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1638 sssd-session-recording.5.xml:109
+#: sssd.conf.5.xml:1688 sssd-session-recording.5.xml:109
 msgid ""
 "A comma-separated list of users which should have session recording enabled. "
 "Matches user names as returned by NSS. I.e. after the possible space "
@@ -2344,21 +2361,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1644 sssd-session-recording.5.xml:115
-#, fuzzy
-#| msgid "Default: empty, i.e. ldap_uri is used."
+#: sssd.conf.5.xml:1694 sssd-session-recording.5.xml:115
 msgid "Default: Empty. Matches no users."
-msgstr "Par défaut : vide, ldap_uri est donc utilisé."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1649 sssd-session-recording.5.xml:120
-#, fuzzy
-#| msgid "user (string)"
+#: sssd.conf.5.xml:1699 sssd-session-recording.5.xml:120
 msgid "groups (string)"
-msgstr "user (chaîne)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1652 sssd-session-recording.5.xml:123
+#: sssd.conf.5.xml:1702 sssd-session-recording.5.xml:123
 msgid ""
 "A comma-separated list of groups, members of which should have session "
 "recording enabled. Matches group names as returned by NSS. I.e. after the "
@@ -2366,7 +2379,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1658 sssd-session-recording.5.xml:129
+#: sssd.conf.5.xml:1708 sssd-session-recording.5.xml:129
 msgid ""
 "NOTE: using this option (having it set to anything) has a considerable "
 "performance cost, because each uncached request for a user requires "
@@ -2374,22 +2387,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1665 sssd-session-recording.5.xml:136
+#: sssd.conf.5.xml:1715 sssd-session-recording.5.xml:136
 msgid "Default: Empty. Matches no groups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1675
+#: sssd.conf.5.xml:1725
 msgid "DOMAIN SECTIONS"
 msgstr "SECTIONS DOMAINES"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1682
+#: sssd.conf.5.xml:1732
 msgid "domain_type (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1685
+#: sssd.conf.5.xml:1735
 msgid ""
 "Specifies whether the domain is meant to be used by POSIX-aware clients such "
 "as the Name Service Switch or by applications that do not need POSIX data to "
@@ -2398,14 +2411,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1693
+#: sssd.conf.5.xml:1743
 msgid ""
 "Allowed values for this option are <quote>posix</quote> and "
 "<quote>application</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1697
+#: sssd.conf.5.xml:1747
 msgid ""
 "POSIX domains are reachable by all services. Application domains are only "
 "reachable from the InfoPipe responder (see <citerefentry> "
@@ -2414,31 +2427,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1705
+#: sssd.conf.5.xml:1755
 msgid ""
 "NOTE: The application domains are currently well tested with "
 "<quote>id_provider=ldap</quote> only."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1709
+#: sssd.conf.5.xml:1759
 msgid ""
 "For an easy way to configure a non-POSIX domains, please see the "
 "<quote>Application domains</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1713
+#: sssd.conf.5.xml:1763
 msgid "Default: posix"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1719
+#: sssd.conf.5.xml:1769
 msgid "min_id,max_id (integer)"
 msgstr "min_id,max_id (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1722
+#: sssd.conf.5.xml:1772
 msgid ""
 "UID and GID limits for the domain. If a domain contains an entry that is "
 "outside these limits, it is ignored."
@@ -2447,7 +2460,7 @@ msgstr ""
 "dehors de ces limites, elle est ignorée."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1727
+#: sssd.conf.5.xml:1777
 msgid ""
 "For users, this affects the primary GID limit. The user will not be returned "
 "to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -2460,7 +2473,7 @@ msgstr ""
 "qui sont dans la plage seront rapportés comme prévu."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1734
+#: sssd.conf.5.xml:1784
 msgid ""
 "These ID limits affect even saving entries to cache, not only returning them "
 "by name or ID."
@@ -2469,17 +2482,17 @@ msgstr ""
 "pas seulement leur recherche par nom ou identifiant."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1738
+#: sssd.conf.5.xml:1788
 msgid "Default: 1 for min_id, 0 (no limit) for max_id"
 msgstr "Default: 1 for min_id, 0 (no limit) for max_id"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1744
+#: sssd.conf.5.xml:1794
 msgid "enumerate (bool)"
 msgstr "enumerate (booléen)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1747
+#: sssd.conf.5.xml:1797
 msgid ""
 "Determines if a domain can be enumerated, that is, whether the domain can "
 "list all the users and group it contains. Note that it is not required to "
@@ -2488,38 +2501,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1755
+#: sssd.conf.5.xml:1805
 msgid "TRUE = Users and groups are enumerated"
 msgstr "TRUE = utilisateurs et groupes sont énumérés"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1758
+#: sssd.conf.5.xml:1808
 msgid "FALSE = No enumerations for this domain"
 msgstr "FALSE = aucune énumération pour ce domaine"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1761 sssd.conf.5.xml:1983 sssd.conf.5.xml:2150
+#: sssd.conf.5.xml:1811 sssd.conf.5.xml:2033 sssd.conf.5.xml:2208
 msgid "Default: FALSE"
 msgstr "Par défaut : FALSE"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1764
+#: sssd.conf.5.xml:1814
 msgid ""
 "Enumerating a domain requires SSSD to download and store ALL user and group "
 "entries from the remote server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1769
-#, fuzzy
-#| msgid ""
-#| "Note: Enabling enumeration has a moderate performance impact on SSSD "
-#| "while enumeration is running. It may take up to several minutes after "
-#| "SSSD startup to fully complete enumerations.  During this time, "
-#| "individual requests for information will go directly to LDAP, though it "
-#| "may be slow, due to the heavy enumeration processing. Saving a large "
-#| "number of entries to cache after the enumeration completes might also be "
-#| "CPU intensive as the memberships have to be recomputed."
+#: sssd.conf.5.xml:1819
 msgid ""
 "Note: Enabling enumeration has a moderate performance impact on SSSD while "
 "enumeration is running. It may take up to several minutes after SSSD startup "
@@ -2531,18 +2535,9 @@ msgid ""
 "quote> process becoming unresponsive or even restarted by the internal "
 "watchdog."
 msgstr ""
-"Note : activer l'énumération a un impact modéré sur les performances de SSSD "
-"lorsque l'énumération est en cours. Plusieurs minutes peuvent être "
-"nécessaires après le démarrage de SSSD pour terminer l'énumération complète. "
-"Pendant ce temps, les requêtes individuelles pour des informations iront "
-"directement vers LDAP, bien que plus lent et ce à cause de la charge "
-"importante liée au processus d'énumération. Le fait de mettre un grand "
-"nombre d'entrées en cache lorsque l'énumération est terminée peut être "
-"également intensif pour le CPU, car les appartenances aux groupes doivent "
-"être recalculées."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1784
+#: sssd.conf.5.xml:1834
 msgid ""
 "While the first enumeration is running, requests for the complete user or "
 "group lists may return no results until it completes."
@@ -2552,7 +2547,7 @@ msgstr ""
 "l'énumération ne se termine."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1789
+#: sssd.conf.5.xml:1839
 msgid ""
 "Further, enabling enumeration may increase the time necessary to detect "
 "network disconnection, as longer timeouts are required to ensure that "
@@ -2566,7 +2561,7 @@ msgstr ""
 "fournisseur d'identité spécifique utilisé."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1797
+#: sssd.conf.5.xml:1847
 msgid ""
 "For the reasons cited above, enabling enumeration is not recommended, "
 "especially in large environments."
@@ -2575,32 +2570,32 @@ msgstr ""
 "déconseillée, surtout dans les environnements de grande taille."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1805
+#: sssd.conf.5.xml:1855
 msgid "subdomain_enumerate (string)"
 msgstr "subdomain_enumerate (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1812
+#: sssd.conf.5.xml:1862
 msgid "all"
 msgstr "all"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1813
+#: sssd.conf.5.xml:1863
 msgid "All discovered trusted domains will be enumerated"
 msgstr "Tous les domaines approuvés découverts seront énumérés"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1816
+#: sssd.conf.5.xml:1866
 msgid "none"
 msgstr "none"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1817
+#: sssd.conf.5.xml:1867
 msgid "No discovered trusted domains will be enumerated"
 msgstr "Aucun domaine approuvé découvert ne sera énuméré"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1808
+#: sssd.conf.5.xml:1858
 msgid ""
 "Whether any of autodetected trusted domains should be enumerated. The "
 "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -2614,12 +2609,12 @@ msgstr ""
 "activer l'énumération pour ces seuls domaines."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1831
+#: sssd.conf.5.xml:1881
 msgid "entry_cache_timeout (integer)"
 msgstr "entry_cache_timeout (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1834
+#: sssd.conf.5.xml:1884
 msgid ""
 "How many seconds should nss_sss consider entries valid before asking the "
 "backend again"
@@ -2628,7 +2623,7 @@ msgstr ""
 "comme valides avant de les redemander au moteur"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1838
+#: sssd.conf.5.xml:1888
 msgid ""
 "The cache expiration timestamps are stored as attributes of individual "
 "objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -2646,17 +2641,17 @@ msgstr ""
 "rafraîchissement des entrées qui sont déjà en cache."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1851
+#: sssd.conf.5.xml:1901
 msgid "Default: 5400"
 msgstr "Par défaut : 5400"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1857
+#: sssd.conf.5.xml:1907
 msgid "entry_cache_user_timeout (integer)"
 msgstr "entry_cache_user_timeout (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1860
+#: sssd.conf.5.xml:1910
 msgid ""
 "How many seconds should nss_sss consider user entries valid before asking "
 "the backend again"
@@ -2665,19 +2660,19 @@ msgstr ""
 "d'utilisateurs comme valides avant de les redemander au moteur."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1864 sssd.conf.5.xml:1877 sssd.conf.5.xml:1890
-#: sssd.conf.5.xml:1903 sssd.conf.5.xml:1916 sssd.conf.5.xml:1930
-#: sssd.conf.5.xml:1944
+#: sssd.conf.5.xml:1914 sssd.conf.5.xml:1927 sssd.conf.5.xml:1940
+#: sssd.conf.5.xml:1953 sssd.conf.5.xml:1966 sssd.conf.5.xml:1980
+#: sssd.conf.5.xml:1994
 msgid "Default: entry_cache_timeout"
 msgstr "Par défaut : entry_cache_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1870
+#: sssd.conf.5.xml:1920
 msgid "entry_cache_group_timeout (integer)"
 msgstr "entry_cache_group_timeout (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1873
+#: sssd.conf.5.xml:1923
 msgid ""
 "How many seconds should nss_sss consider group entries valid before asking "
 "the backend again"
@@ -2686,12 +2681,12 @@ msgstr ""
 "groupes comme valides avant de les redemander au moteur."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1883
+#: sssd.conf.5.xml:1933
 msgid "entry_cache_netgroup_timeout (integer)"
 msgstr "entry_cache_netgroup_timeout (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1886
+#: sssd.conf.5.xml:1936
 msgid ""
 "How many seconds should nss_sss consider netgroup entries valid before "
 "asking the backend again"
@@ -2700,12 +2695,12 @@ msgstr ""
 "netgroup comme valides avant de les redemander au moteur."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1896
+#: sssd.conf.5.xml:1946
 msgid "entry_cache_service_timeout (integer)"
 msgstr "entry_cache_service_timeout (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1899
+#: sssd.conf.5.xml:1949
 msgid ""
 "How many seconds should nss_sss consider service entries valid before asking "
 "the backend again"
@@ -2714,12 +2709,12 @@ msgstr ""
 "service valides avant de les redemander au moteur"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1909
+#: sssd.conf.5.xml:1959
 msgid "entry_cache_sudo_timeout (integer)"
 msgstr "entry_cache_sudo_timeout (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:1962
 msgid ""
 "How many seconds should sudo consider rules valid before asking the backend "
 "again"
@@ -2728,12 +2723,12 @@ msgstr ""
 "valides avant de les redemander au moteur"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1922
+#: sssd.conf.5.xml:1972
 msgid "entry_cache_autofs_timeout (integer)"
 msgstr "entry_cache_autofs_timeout (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1925
+#: sssd.conf.5.xml:1975
 msgid ""
 "How many seconds should the autofs service consider automounter maps valid "
 "before asking the backend again"
@@ -2742,12 +2737,12 @@ msgstr ""
 "cartes d'automontage comme valides avant de les redemander au moteur"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1936
+#: sssd.conf.5.xml:1986
 msgid "entry_cache_ssh_host_timeout (integer)"
 msgstr "entry_cache_ssh_host_timeout (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1939
+#: sssd.conf.5.xml:1989
 msgid ""
 "How many seconds to keep a host ssh key after refresh. IE how long to cache "
 "the host key for."
@@ -2756,12 +2751,12 @@ msgstr ""
 "rafraichissement. I.e. combien de temps mettre la clé en cache."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1950
+#: sssd.conf.5.xml:2000
 msgid "refresh_expired_interval (integer)"
 msgstr "refresh_expired_interval (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1953
+#: sssd.conf.5.xml:2003
 msgid ""
 "Specifies how many seconds SSSD has to wait before triggering a background "
 "refresh task which will refresh all expired or nearly expired records."
@@ -2771,48 +2766,48 @@ msgstr ""
 "enregistrements expirés ou sur le point de l'être."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1958
+#: sssd.conf.5.xml:2008
 msgid ""
 "The background refresh will process users, groups and netgroups in the cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1962
+#: sssd.conf.5.xml:2012
 msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
 msgstr ""
 "Il est envisageable de configurer cette valeur à 3/4 * entry_cache_timeout."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1966 sssd-ldap.5.xml:746 sssd-ipa.5.xml:254
+#: sssd.conf.5.xml:2016 sssd-ldap.5.xml:746 sssd-ipa.5.xml:254
 msgid "Default: 0 (disabled)"
 msgstr "Par défaut : 0 (désactivé)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1972
+#: sssd.conf.5.xml:2022
 msgid "cache_credentials (bool)"
 msgstr "cache_credentials (booléen)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1975
+#: sssd.conf.5.xml:2025
 msgid "Determines if user credentials are also cached in the local LDB cache"
 msgstr ""
 "Détermine si les données d'identification de l'utilisateur sont aussi mis en "
 "cache dans le cache LDB local"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1979
+#: sssd.conf.5.xml:2029
 msgid "User credentials are stored in a SHA512 hash, not in plaintext"
 msgstr ""
 "Les informations d'identification utilisateur sont stockées dans une table "
 "de hachage SHA512, et non en texte brut"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1989
+#: sssd.conf.5.xml:2039
 msgid "cache_credentials_minimal_first_factor_length (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1992
+#: sssd.conf.5.xml:2042
 msgid ""
 "If 2-Factor-Authentication (2FA) is used and credentials should be saved "
 "this value determines the minimal length the first authentication factor "
@@ -2820,24 +2815,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1999
+#: sssd.conf.5.xml:2049
 msgid ""
 "This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
 "the cache which would make them easy targets for brute-force attacks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2004
+#: sssd.conf.5.xml:2054
 msgid "Default: 8"
 msgstr "Par défaut : 8"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2010
+#: sssd.conf.5.xml:2060
 msgid "account_cache_expiration (integer)"
 msgstr "account_cache_expiration (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2013
+#: sssd.conf.5.xml:2063
 msgid ""
 "Number of days entries are left in cache after last successful login before "
 "being removed during a cleanup of the cache. 0 means keep forever.  The "
@@ -2850,17 +2845,17 @@ msgstr ""
 "paramètre doit être supérieur ou égal à offline_credentials_expiration."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2020
+#: sssd.conf.5.xml:2070
 msgid "Default: 0 (unlimited)"
 msgstr "Par défaut : 0 (illimité)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2025
+#: sssd.conf.5.xml:2075
 msgid "pwd_expiration_warning (integer)"
 msgstr "pwd_expiration_warning (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2036
+#: sssd.conf.5.xml:2086
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -2873,17 +2868,17 @@ msgstr ""
 "fournisseur oauth doit être configuré pour le moteur."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2043
+#: sssd.conf.5.xml:2093
 msgid "Default: 7 (Kerberos), 0 (LDAP)"
 msgstr "Par défaut : 7 (Kerberos), 0 (LDAP)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2049
+#: sssd.conf.5.xml:2099
 msgid "id_provider (string)"
 msgstr "id_provider (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2052
+#: sssd.conf.5.xml:2102
 msgid ""
 "The identification provider used for the domain.  Supported ID providers are:"
 msgstr ""
@@ -2891,18 +2886,40 @@ msgstr ""
 "d'identification pris en charge sont :"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2056
-msgid "<quote>proxy</quote>: Support a legacy NSS provider"
+#: sssd.conf.5.xml:2106
+#, fuzzy
+#| msgid "<quote>proxy</quote>: Support a legacy NSS provider"
+msgid "<quote>proxy</quote>: Support a legacy NSS provider."
 msgstr "<quote>proxy</quote> : prise en charge de l'ancien fournisseur NSS"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2059 sssd.conf.5.xml:2196
-msgid "<quote>local</quote>: SSSD internal provider for local users"
+#: sssd.conf.5.xml:2109
+#, fuzzy
+#| msgid "<quote>local</quote>: SSSD internal provider for local users"
+msgid ""
+"<quote>local</quote>: SSSD internal provider for local users (DEPRECATED)."
 msgstr ""
 "<quote>local</quote> : Fournisseur interne SSSD pour les utilisateurs locaux"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2063
+#: sssd.conf.5.xml:2113
+#, fuzzy
+#| msgid ""
+#| "<quote>ldap</quote>: LDAP provider. See <citerefentry> "
+#| "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
+#| "citerefentry> for more information on configuring LDAP."
+msgid ""
+"<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-"
+"files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
+"information on how to mirror local users and groups into SSSD."
+msgstr ""
+"<quote>ldap</quote> : fournisseur LDAP. Cf. "
+"<citerefentry><refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry> pour plus d'informations sur la configuration de "
+"LDAP."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2121
 msgid ""
 "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
 "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -2914,8 +2931,8 @@ msgstr ""
 "LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2071 sssd.conf.5.xml:2176 sssd.conf.5.xml:2231
-#: sssd.conf.5.xml:2294
+#: sssd.conf.5.xml:2129 sssd.conf.5.xml:2234 sssd.conf.5.xml:2289
+#: sssd.conf.5.xml:2352
 msgid ""
 "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
 "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -2928,8 +2945,8 @@ msgstr ""
 "configuration de FreeIPA."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2080 sssd.conf.5.xml:2185 sssd.conf.5.xml:2240
-#: sssd.conf.5.xml:2303
+#: sssd.conf.5.xml:2138 sssd.conf.5.xml:2243 sssd.conf.5.xml:2298
+#: sssd.conf.5.xml:2361
 msgid ""
 "<quote>ad</quote>: Active Directory provider. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2941,12 +2958,12 @@ msgstr ""
 "d'Active Directory."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2091
+#: sssd.conf.5.xml:2149
 msgid "use_fully_qualified_names (bool)"
 msgstr "use_fully_qualified_names (booléen)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2094
+#: sssd.conf.5.xml:2152
 msgid ""
 "Use the full name and domain (as formatted by the domain's full_name_format) "
 "as the user's login name reported to NSS."
@@ -2956,7 +2973,7 @@ msgstr ""
 "communiqué à NSS."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2099
+#: sssd.conf.5.xml:2157
 msgid ""
 "If set to TRUE, all requests to this domain must use fully qualified names. "
 "For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -2970,7 +2987,7 @@ msgstr ""
 "trouve."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2107
+#: sssd.conf.5.xml:2165
 msgid ""
 "NOTE: This option has no effect on netgroup lookups due to their tendency to "
 "include nested netgroups without qualified names. For netgroups, all domains "
@@ -2982,22 +2999,22 @@ msgstr ""
 "qualifié sera demandé."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2114
+#: sssd.conf.5.xml:2172
 msgid "Default: FALSE (TRUE if default_domain_suffix is used)"
 msgstr "Par défaut : false (true si default_domain_suffix est utilisée)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2120
+#: sssd.conf.5.xml:2178
 msgid "ignore_group_members (bool)"
 msgstr "ignore_group_members (booléen)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2123
+#: sssd.conf.5.xml:2181
 msgid "Do not return group members for group lookups."
 msgstr "Ne pas envoyer les membres des groupes sur les recherches de groupes."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2126
+#: sssd.conf.5.xml:2184
 msgid ""
 "If set to TRUE, the group membership attribute is not requested from the "
 "ldap server, and group members are not returned when processing group lookup "
@@ -3009,7 +3026,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2144
+#: sssd.conf.5.xml:2202
 msgid ""
 "Enabling this option can also make access provider checks for group "
 "membership significantly faster, especially for groups containing many "
@@ -3017,12 +3034,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2155
+#: sssd.conf.5.xml:2213
 msgid "auth_provider (string)"
 msgstr "auth_provider (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2158
+#: sssd.conf.5.xml:2216
 msgid ""
 "The authentication provider used for the domain.  Supported auth providers "
 "are:"
@@ -3031,7 +3048,7 @@ msgstr ""
 "pris en charge sont :"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2162 sssd.conf.5.xml:2224
+#: sssd.conf.5.xml:2220 sssd.conf.5.xml:2282
 msgid ""
 "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3043,7 +3060,7 @@ msgstr ""
 "LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2169
+#: sssd.conf.5.xml:2227
 msgid ""
 "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3054,7 +3071,7 @@ msgstr ""
 "citerefentry> pour plus d'informations sur la configuration de Kerberos."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2193
+#: sssd.conf.5.xml:2251
 msgid ""
 "<quote>proxy</quote> for relaying authentication to some other PAM target."
 msgstr ""
@@ -3062,12 +3079,18 @@ msgstr ""
 "PAM."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2200
+#: sssd.conf.5.xml:2254
+msgid "<quote>local</quote>: SSSD internal provider for local users"
+msgstr ""
+"<quote>local</quote> : Fournisseur interne SSSD pour les utilisateurs locaux"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2258
 msgid "<quote>none</quote> disables authentication explicitly."
 msgstr "<quote>none</quote> désactive l'authentification explicitement."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2203
+#: sssd.conf.5.xml:2261
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "authentication requests."
@@ -3076,12 +3099,12 @@ msgstr ""
 "gérer les requêtes d'authentification."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2209
+#: sssd.conf.5.xml:2267
 msgid "access_provider (string)"
 msgstr "access_provider (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2212
+#: sssd.conf.5.xml:2270
 msgid ""
 "The access control provider used for the domain.  There are two built-in "
 "access providers (in addition to any included in installed backends)  "
@@ -3092,7 +3115,7 @@ msgstr ""
 "installés). Les fournisseurs internes spécifiques sont :"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2218
+#: sssd.conf.5.xml:2276
 msgid ""
 "<quote>permit</quote> always allow access. It's the only permitted access "
 "provider for a local domain."
@@ -3101,12 +3124,12 @@ msgstr ""
 "d'accès autorisé pour un domaine local."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2221
+#: sssd.conf.5.xml:2279
 msgid "<quote>deny</quote> always deny access."
 msgstr "<quote>deny</quote> toujours refuser les accès."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2248
+#: sssd.conf.5.xml:2306
 msgid ""
 "<quote>simple</quote> access control based on access or deny lists. See "
 "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -3119,7 +3142,7 @@ msgstr ""
 "d'informations sur la configuration du module d'accès simple."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2255
+#: sssd.conf.5.xml:2313
 msgid ""
 "<quote>krb5</quote>: .k5login based access control.  See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
@@ -3127,22 +3150,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2262
+#: sssd.conf.5.xml:2320
 msgid "<quote>proxy</quote> for relaying access control to another PAM module."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2265
+#: sssd.conf.5.xml:2323
 msgid "Default: <quote>permit</quote>"
 msgstr "Par défaut : <quote>permit</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2270
+#: sssd.conf.5.xml:2328
 msgid "chpass_provider (string)"
 msgstr "chpass_provider (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2273
+#: sssd.conf.5.xml:2331
 msgid ""
 "The provider which should handle change password operations for the domain.  "
 "Supported change password providers are:"
@@ -3151,7 +3174,7 @@ msgstr ""
 "domaine. Les fournisseurs pris en charge sont :"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2278
+#: sssd.conf.5.xml:2336
 msgid ""
 "<quote>ldap</quote> to change a password stored in a LDAP server. See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -3159,7 +3182,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2286
+#: sssd.conf.5.xml:2344
 msgid ""
 "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3171,7 +3194,7 @@ msgstr ""
 "Kerberos."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2311
+#: sssd.conf.5.xml:2369
 msgid ""
 "<quote>proxy</quote> for relaying password changes to some other PAM target."
 msgstr ""
@@ -3179,14 +3202,14 @@ msgstr ""
 "autre cible PAM."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2315
+#: sssd.conf.5.xml:2373
 msgid "<quote>none</quote> disallows password changes explicitly."
 msgstr ""
 "<quote>none</quote> pour désactiver explicitement le changement de mot de "
 "passe."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2318
+#: sssd.conf.5.xml:2376
 msgid ""
 "Default: <quote>auth_provider</quote> is used if it is set and can handle "
 "change password requests."
@@ -3195,19 +3218,19 @@ msgstr ""
 "peut gérer les changements de mot de passe."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2325
+#: sssd.conf.5.xml:2383
 msgid "sudo_provider (string)"
 msgstr "sudo_provider (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2328
+#: sssd.conf.5.xml:2386
 msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
 msgstr ""
 "Le fournisseur SUDO, utilisé pour le domaine.  Les fournisseurs SUDO pris en "
 "charge sont :"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2332
+#: sssd.conf.5.xml:2390
 msgid ""
 "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3219,7 +3242,7 @@ msgstr ""
 "LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2340
+#: sssd.conf.5.xml:2398
 msgid ""
 "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
 "settings."
@@ -3228,7 +3251,7 @@ msgstr ""
 "par défaut pour IPA."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2344
+#: sssd.conf.5.xml:2402
 msgid ""
 "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
 "settings."
@@ -3237,20 +3260,20 @@ msgstr ""
 "par défaut pour AD."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2348
+#: sssd.conf.5.xml:2406
 msgid "<quote>none</quote> disables SUDO explicitly."
 msgstr "<quote>none</quote> désactive explicitement SUDO."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2351 sssd.conf.5.xml:2437 sssd.conf.5.xml:2507
-#: sssd.conf.5.xml:2532
+#: sssd.conf.5.xml:2409 sssd.conf.5.xml:2495 sssd.conf.5.xml:2565
+#: sssd.conf.5.xml:2590
 msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
 msgstr ""
 "Par défaut : La valeur de <quote>id_provider</quote> est utilisée si elle "
 "est définie."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2355
+#: sssd.conf.5.xml:2413
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -3261,7 +3284,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2370
+#: sssd.conf.5.xml:2428
 msgid ""
 "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the "
 "background unless the sudo provider is explicitly disabled. Set "
@@ -3270,12 +3293,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2380
+#: sssd.conf.5.xml:2438
 msgid "selinux_provider (string)"
 msgstr "selinux_provider (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2383
+#: sssd.conf.5.xml:2441
 msgid ""
 "The provider which should handle loading of selinux settings. Note that this "
 "provider will be called right after access provider ends.  Supported selinux "
@@ -3286,7 +3309,7 @@ msgstr ""
 "fournisseur d'accès.  Les fournisseurs selinux pris en charge sont :"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2389
+#: sssd.conf.5.xml:2447
 msgid ""
 "<quote>ipa</quote> to load selinux settings from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -3298,14 +3321,14 @@ msgstr ""
 "IPA."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2397
+#: sssd.conf.5.xml:2455
 msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
 msgstr ""
 "<quote>none</quote> n'autorise pas la récupération explicite des paramètres "
 "selinux."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2400
+#: sssd.conf.5.xml:2458
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "selinux loading requests."
@@ -3314,12 +3337,12 @@ msgstr ""
 "gérer le chargement selinux"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2406
+#: sssd.conf.5.xml:2464
 msgid "subdomains_provider (string)"
 msgstr "subdomains_provider (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2409
+#: sssd.conf.5.xml:2467
 msgid ""
 "The provider which should handle fetching of subdomains. This value should "
 "be always the same as id_provider.  Supported subdomain providers are:"
@@ -3329,7 +3352,7 @@ msgstr ""
 "fournisseurs de sous-domaine pris en charge sont :"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2415
+#: sssd.conf.5.xml:2473
 msgid ""
 "<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -3341,7 +3364,7 @@ msgstr ""
 "IPA."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2424
+#: sssd.conf.5.xml:2482
 msgid ""
 "<quote>ad</quote> to load a list of subdomains from an Active Directory "
 "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -3350,20 +3373,18 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2433
+#: sssd.conf.5.xml:2491
 msgid "<quote>none</quote> disallows fetching subdomains explicitly."
 msgstr ""
 "<quote>none</quote> désactive la récupération explicite des sous-domaines."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2443
-#, fuzzy
-#| msgid "selinux_provider (string)"
+#: sssd.conf.5.xml:2501
 msgid "session_provider (string)"
-msgstr "selinux_provider (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2446
+#: sssd.conf.5.xml:2504
 msgid ""
 "The provider which configures and manages user session related tasks. The "
 "only user session task currently provided is the integration with Fleet "
@@ -3371,43 +3392,37 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2453
+#: sssd.conf.5.xml:2511
 msgid "<quote>ipa</quote> to allow performing user session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2457
+#: sssd.conf.5.xml:2515
 msgid ""
 "<quote>none</quote> does not perform any kind of user session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2461
-#, fuzzy
-#| msgid ""
-#| "Default: <quote>id_provider</quote> is used if it is set and can handle "
-#| "selinux loading requests."
+#: sssd.conf.5.xml:2519
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can perform "
 "session related tasks."
 msgstr ""
-"Par défaut : <quote>id_provider</quote> est utilisé s'il est défini et peut "
-"gérer le chargement selinux"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2465
+#: sssd.conf.5.xml:2523
 msgid ""
 "<emphasis>NOTE:</emphasis> In order to have this feature working as expected "
 "SSSD must be running as \"root\" and not as the unprivileged user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2473
+#: sssd.conf.5.xml:2531
 msgid "autofs_provider (string)"
 msgstr "autofs_provider (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2476
+#: sssd.conf.5.xml:2534
 msgid ""
 "The autofs provider used for the domain.  Supported autofs providers are:"
 msgstr ""
@@ -3415,7 +3430,7 @@ msgstr ""
 "en charge sont :"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2480
+#: sssd.conf.5.xml:2538
 msgid ""
 "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3427,7 +3442,7 @@ msgstr ""
 "LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2487
+#: sssd.conf.5.xml:2545
 msgid ""
 "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
 "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3439,7 +3454,7 @@ msgstr ""
 "IPA."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2495
+#: sssd.conf.5.xml:2553
 msgid ""
 "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3447,17 +3462,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2504
+#: sssd.conf.5.xml:2562
 msgid "<quote>none</quote> disables autofs explicitly."
 msgstr "<quote>none</quote> désactive explicitement autofs."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2514
+#: sssd.conf.5.xml:2572
 msgid "hostid_provider (string)"
 msgstr "hostid_provider (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2517
+#: sssd.conf.5.xml:2575
 msgid ""
 "The provider used for retrieving host identity information.  Supported "
 "hostid providers are:"
@@ -3466,7 +3481,7 @@ msgstr ""
 "systèmes.  Les fournisseurs de hostid pris en charge sont :"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2521
+#: sssd.conf.5.xml:2579
 msgid ""
 "<quote>ipa</quote> to load host identity stored in an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -3478,12 +3493,12 @@ msgstr ""
 "configuration de IPA."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2529
+#: sssd.conf.5.xml:2587
 msgid "<quote>none</quote> disables hostid explicitly."
 msgstr "<quote>none</quote> désactive explicitement hostid."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2542
+#: sssd.conf.5.xml:2600
 msgid ""
 "Regular expression for this domain that describes how to parse the string "
 "containing user name and domain into these components.  The \"domain\" can "
@@ -3499,7 +3514,7 @@ msgstr ""
 "domaine."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2551
+#: sssd.conf.5.xml:2609
 msgid ""
 "Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
 "\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -3512,22 +3527,22 @@ msgstr ""
 "styles différents pour les noms d'utilisateurs :"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2556
+#: sssd.conf.5.xml:2614
 msgid "username"
 msgstr "username"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2559
+#: sssd.conf.5.xml:2617
 msgid "username@domain.name"
 msgstr "username@domain.name"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2562
+#: sssd.conf.5.xml:2620
 msgid "domain\\username"
 msgstr "domain\\username"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2565
+#: sssd.conf.5.xml:2623
 msgid ""
 "While the first two correspond to the general default the third one is "
 "introduced to allow easy integration of users from Windows domains."
@@ -3537,7 +3552,7 @@ msgstr ""
 "utilisateurs de domaines Windows."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2570
+#: sssd.conf.5.xml:2628
 msgid ""
 "Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
 "which translates to \"the name is everything up to the <quote>@</quote> "
@@ -3548,7 +3563,7 @@ msgstr ""
 "importe le domaine après »"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2576
+#: sssd.conf.5.xml:2634
 msgid ""
 "PLEASE NOTE: the support for non-unique named subpatterns is not available "
 "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -3560,7 +3575,7 @@ msgstr ""
 "prendre en charge les sous-motifs nommés multiples."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2583
+#: sssd.conf.5.xml:2641
 msgid ""
 "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
 "P&lt;name&gt;) to label subpatterns."
@@ -3569,17 +3584,17 @@ msgstr ""
 "la syntaxe Python (?P&lt;name&gt;) pour nommer les sous-motifs."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2630
+#: sssd.conf.5.xml:2688
 msgid "Default: <quote>%1$s@%2$s</quote>."
 msgstr "Par défaut : <quote>%1$s@%2$s</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2636
+#: sssd.conf.5.xml:2694
 msgid "lookup_family_order (string)"
 msgstr "lookup_family_order (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2639
+#: sssd.conf.5.xml:2697
 msgid ""
 "Provides the ability to select preferred address family to use when "
 "performing DNS lookups."
@@ -3588,83 +3603,75 @@ msgstr ""
 "utiliser pour effectuer les requêtes DNS."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2643
+#: sssd.conf.5.xml:2701
 msgid "Supported values:"
 msgstr "Valeurs prises en charge :"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2646
+#: sssd.conf.5.xml:2704
 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
 msgstr ""
 "ipv4_first : essayer de chercher une adresse IPv4, et en cas d'échec, "
 "essayer IPv6."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2649
+#: sssd.conf.5.xml:2707
 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
 msgstr ""
 "ipv4_only : ne tenter de résoudre les noms de systèmes qu'en adresses IPv4."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2652
+#: sssd.conf.5.xml:2710
 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
 msgstr ""
 "ipv6_first : essayer de chercher une adresse IPv6, et en cas d'échec, tenter "
 "IPv4."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2655
+#: sssd.conf.5.xml:2713
 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
 msgstr ""
 "ipv6_only : ne tenter de résoudre les noms de systèmes qu'en adresses IPv6."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2658
+#: sssd.conf.5.xml:2716
 msgid "Default: ipv4_first"
 msgstr "Par défaut : ipv4_first"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2664
+#: sssd.conf.5.xml:2722
 msgid "dns_resolver_timeout (integer)"
 msgstr "dns_resolver_timeout (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2667
-#, fuzzy
-#| msgid ""
-#| "Defines the amount of time (in seconds) to wait for a reply from the DNS "
-#| "resolver before assuming that it is unreachable. If this timeout is "
-#| "reached, the domain will continue to operate in offline mode."
+#: sssd.conf.5.xml:2725
 msgid ""
 "Defines the amount of time (in seconds) to wait for a reply from the "
 "internal fail over service before assuming that the service is unreachable. "
 "If this timeout is reached, the domain will continue to operate in offline "
 "mode."
 msgstr ""
-"Délai (en secondes) d'attente de la réponse du résolveur DNS avant de "
-"considérer qu'il est injoignable. Si ce délai maximum est atteint, le "
-"domaine continuera à opérer en mode déconnecté."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2674
+#: sssd.conf.5.xml:2732
 msgid ""
 "Please see the section <quote>FAILOVER</quote> for more information about "
 "the service resolution."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2679 sssd-ldap.5.xml:1396 sssd-ldap.5.xml:1438
+#: sssd.conf.5.xml:2737 sssd-ldap.5.xml:1396 sssd-ldap.5.xml:1438
 #: sssd-ldap.5.xml:1456 sssd-krb5.5.xml:248
 msgid "Default: 6"
 msgstr "Par défaut : 6"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2685
+#: sssd.conf.5.xml:2743
 msgid "dns_discovery_domain (string)"
 msgstr "dns_discovery_domain (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2688
+#: sssd.conf.5.xml:2746
 msgid ""
 "If service discovery is used in the back end, specifies the domain part of "
 "the service discovery DNS query."
@@ -3673,54 +3680,54 @@ msgstr ""
 "du domaine faisant partie de la requête DNS de découverte de services."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2692
+#: sssd.conf.5.xml:2750
 msgid "Default: Use the domain part of machine's hostname"
 msgstr ""
 "Par défaut : utiliser la partie du domaine qui est dans le nom de système de "
 "la machine."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2698
+#: sssd.conf.5.xml:2756
 msgid "override_gid (integer)"
 msgstr "override_gid (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2701
+#: sssd.conf.5.xml:2759
 msgid "Override the primary GID value with the one specified."
 msgstr "Redéfinit le GID primaire avec la valeur spécifiée."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2707
+#: sssd.conf.5.xml:2765
 msgid "case_sensitive (string)"
 msgstr "case_sensitive (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2715
+#: sssd.conf.5.xml:2773
 msgid "True"
 msgstr "True"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2718
+#: sssd.conf.5.xml:2776
 msgid "Case sensitive. This value is invalid for AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2724
+#: sssd.conf.5.xml:2782
 msgid "False"
 msgstr "False"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2726
+#: sssd.conf.5.xml:2784
 msgid "Case insensitive."
 msgstr "Insensible à la casse."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2730
+#: sssd.conf.5.xml:2788
 msgid "Preserving"
 msgstr "Preserving"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2733
+#: sssd.conf.5.xml:2791
 msgid ""
 "Same as False (case insensitive), but does not lowercase names in the result "
 "of NSS operations. Note that name aliases (and in case of services also "
@@ -3732,7 +3739,7 @@ msgstr ""
 "sortie."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2710
+#: sssd.conf.5.xml:2768
 msgid ""
 "Treat user and group names as case sensitive. At the moment, this option is "
 "not supported in the local provider. Possible option values are: "
@@ -3740,17 +3747,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2745
+#: sssd.conf.5.xml:2803
 msgid "Default: True (False for AD provider)"
 msgstr "Par défaut : true (false pour le fournisseur AD)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2751
+#: sssd.conf.5.xml:2809
 msgid "subdomain_inherit (string)"
 msgstr "subdomain_inherit (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2754
+#: sssd.conf.5.xml:2812
 msgid ""
 "Specifies a list of configuration parameters that should be inherited by a "
 "subdomain. Please note that only selected parameters can be inherited.  "
@@ -3758,34 +3765,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2760
+#: sssd.conf.5.xml:2818
 msgid "ignore_group_members"
 msgstr "ignore_group_members"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2763
+#: sssd.conf.5.xml:2821
 msgid "ldap_purge_cache_timeout"
 msgstr "ldap_purge_cache_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2766 sssd-ldap.5.xml:1120
+#: sssd.conf.5.xml:2824 sssd-ldap.5.xml:1120
 msgid "ldap_use_tokengroups"
 msgstr "ldap_use_tokengroups"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2769
+#: sssd.conf.5.xml:2827
 msgid "ldap_user_principal"
 msgstr "ldap_user_principal"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2772
+#: sssd.conf.5.xml:2830
 msgid ""
 "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
 "is not set explicitly)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:2778
+#: sssd.conf.5.xml:2836
 #, no-wrap
 msgid ""
 "subdomain_inherit = ldap_purge_cache_timeout\n"
@@ -3795,32 +3802,32 @@ msgstr ""
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2776 sssd-secrets.5.xml:448
+#: sssd.conf.5.xml:2834 sssd-secrets.5.xml:448
 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr "Exemple : <placeholder type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2785
+#: sssd.conf.5.xml:2843
 msgid "Note: This option only works with the IPA and AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2792
+#: sssd.conf.5.xml:2850
 msgid "subdomain_homedir (string)"
 msgstr "subdomain_homedir (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2803
+#: sssd.conf.5.xml:2861
 msgid "%F"
 msgstr "%F"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2804
+#: sssd.conf.5.xml:2862
 msgid "flat (NetBIOS) name of a subdomain."
 msgstr "nom plat (NetBIOS) d'un sous-domaine."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2795
+#: sssd.conf.5.xml:2853
 msgid ""
 "Use this homedir as default value for all subdomains within this domain in "
 "IPA AD trust.  See <emphasis>override_homedir</emphasis> for info about "
@@ -3836,7 +3843,7 @@ msgstr ""
 "\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2809
+#: sssd.conf.5.xml:2867
 msgid ""
 "The value can be overridden by <emphasis>override_homedir</emphasis> option."
 msgstr ""
@@ -3844,17 +3851,17 @@ msgstr ""
 "emphasis>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2813
+#: sssd.conf.5.xml:2871
 msgid "Default: <filename>/home/%d/%u</filename>"
 msgstr "Par défaut : <filename>/home/%d/%u</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2818
+#: sssd.conf.5.xml:2876
 msgid "realmd_tags (string)"
 msgstr "realmd_tags (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2821
+#: sssd.conf.5.xml:2879
 msgid ""
 "Various tags stored by the realmd configuration service for this domain."
 msgstr ""
@@ -3862,12 +3869,12 @@ msgstr ""
 "ce domaine."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2827
+#: sssd.conf.5.xml:2885
 msgid "cached_auth_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2830
+#: sssd.conf.5.xml:2888
 msgid ""
 "Specifies time in seconds since last successful online authentication for "
 "which user will be authenticated using cached credentials while SSSD is in "
@@ -3875,12 +3882,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2836
+#: sssd.conf.5.xml:2894
 msgid "Special value 0 implies that this feature is disabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2840
+#: sssd.conf.5.xml:2898
 msgid ""
 "Please note that if <quote>cached_auth_timeout</quote> is longer than "
 "<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -3888,28 +3895,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2851
-#, fuzzy
-#| msgid "autofs_provider (string)"
+#: sssd.conf.5.xml:2909
 msgid "auto_private_groups (string)"
-msgstr "autofs_provider (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2854
+#: sssd.conf.5.xml:2912
 msgid ""
 "If this option is enabled, SSSD will automatically create user private "
 "groups based on user's UID number. The GID number is ignored in this case."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2859
+#: sssd.conf.5.xml:2917
 msgid ""
 "For POSIX subdomains, setting the option in the main domain is inherited in "
 "the subdomain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2863
+#: sssd.conf.5.xml:2921
 msgid ""
 "For ID-mapping subdomains, auto_private_groups is already enabled for the "
 "subdomains and setting it to false will not have any effect for the "
@@ -3917,7 +3922,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2868
+#: sssd.conf.5.xml:2926
 msgid ""
 "NOTE: Because the GID number and the user private group are inferred from "
 "the UID number, it is not supported to have multiple entries with the same "
@@ -3926,7 +3931,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1677
+#: sssd.conf.5.xml:1727
 msgid ""
 "These configuration options can be present in a domain configuration "
 "section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -3938,17 +3943,17 @@ msgstr ""
 "id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2887
+#: sssd.conf.5.xml:2945
 msgid "proxy_pam_target (string)"
 msgstr "proxy_pam_target (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2890
+#: sssd.conf.5.xml:2948
 msgid "The proxy target PAM proxies to."
 msgstr "Le proxy cible duquel PAM devient mandataire."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2893
+#: sssd.conf.5.xml:2951
 msgid ""
 "Default: not set by default, you have to take an existing pam configuration "
 "or create a new one and add the service name here."
@@ -3957,12 +3962,12 @@ msgstr ""
 "ou en créer une nouvelle et ajouter le nom de service ici."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2901
+#: sssd.conf.5.xml:2959
 msgid "proxy_lib_name (string)"
 msgstr "proxy_lib_name (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2904
+#: sssd.conf.5.xml:2962
 msgid ""
 "The name of the NSS library to use in proxy domains. The NSS functions "
 "searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -3973,12 +3978,12 @@ msgstr ""
 "$(libName)_$(function), par exemple _nss_files_getpwent."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2914
+#: sssd.conf.5.xml:2972
 msgid "proxy_fast_alias (boolean)"
 msgstr "proxy_fast_alias (boolean)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2917
+#: sssd.conf.5.xml:2975
 msgid ""
 "When a user or group is looked up by name in the proxy provider, a second "
 "lookup by ID is performed to \"canonicalize\" the name in case the requested "
@@ -3992,12 +3997,12 @@ msgstr ""
 "afin d'améliorer les performances."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2931
+#: sssd.conf.5.xml:2989
 msgid "proxy_max_children (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2934
+#: sssd.conf.5.xml:2992
 msgid ""
 "This option specifies the number of pre-forked proxy children. It is useful "
 "for high-load SSSD environments where sssd may run out of available child "
@@ -4005,7 +4010,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2883
+#: sssd.conf.5.xml:2941
 msgid ""
 "Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
 "\"0\"/>"
@@ -4014,12 +4019,12 @@ msgstr ""
 "id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2950
+#: sssd.conf.5.xml:3008
 msgid "Application domains"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2952
+#: sssd.conf.5.xml:3010
 msgid ""
 "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</"
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to "
@@ -4036,7 +4041,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2972
+#: sssd.conf.5.xml:3030
 msgid ""
 "Please note that the application domain must still be explicitly enabled in "
 "the <quote>domains</quote> parameter so that the lookup order between the "
@@ -4044,17 +4049,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:2978
+#: sssd.conf.5.xml:3036
 msgid "Application domain parameters"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2980
+#: sssd.conf.5.xml:3038
 msgid "inherit_from (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2983
+#: sssd.conf.5.xml:3041
 msgid ""
 "The SSSD POSIX-type domain the application domain inherits all settings "
 "from. The application domain can moreover add its own settings to the "
@@ -4063,7 +4068,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2997
+#: sssd.conf.5.xml:3055
 msgid ""
 "The following example illustrates the use of an application domain. In this "
 "setup, the POSIX domain is connected to an LDAP server and is used by the OS "
@@ -4073,7 +4078,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting>
-#: sssd.conf.5.xml:3005
+#: sssd.conf.5.xml:3063
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -4093,12 +4098,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:3023
+#: sssd.conf.5.xml:3081
 msgid "The local domain section"
 msgstr "La section du domaine local"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:3025
+#: sssd.conf.5.xml:3083
 msgid ""
 "This section contains settings for domain that stores users and groups in "
 "SSSD native database, that is, a domain that uses "
@@ -4109,29 +4114,29 @@ msgstr ""
 "dire un domaine qui utilise <replaceable>id_provider=local</replaceable>."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3032
+#: sssd.conf.5.xml:3090
 msgid "default_shell (string)"
 msgstr "default_shell (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3035
+#: sssd.conf.5.xml:3093
 msgid "The default shell for users created with SSSD userspace tools."
 msgstr ""
 "L'interpréteur de commandes par défaut pour les utilisateurs créés avec les "
 "outils en espace utilisateur SSSD."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3039
+#: sssd.conf.5.xml:3097
 msgid "Default: <filename>/bin/bash</filename>"
 msgstr "Par défaut : <filename>/bin/bash</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3044
+#: sssd.conf.5.xml:3102
 msgid "base_directory (string)"
 msgstr "base_directory (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3047
+#: sssd.conf.5.xml:3105
 msgid ""
 "The tools append the login name to <replaceable>base_directory</replaceable> "
 "and use that as the home directory."
@@ -4140,17 +4145,17 @@ msgstr ""
 "replaceable> et l'utilisent comme dossier personnel."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3052
+#: sssd.conf.5.xml:3110
 msgid "Default: <filename>/home</filename>"
 msgstr "Par défaut : <filename>/home</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3057
+#: sssd.conf.5.xml:3115
 msgid "create_homedir (bool)"
 msgstr "create_homedir (booléen)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3060
+#: sssd.conf.5.xml:3118
 msgid ""
 "Indicate if a home directory should be created by default for new users.  "
 "Can be overridden on command line."
@@ -4159,17 +4164,17 @@ msgstr ""
 "utilisateurs. Peut être outrepassé par la ligne de commande."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3064 sssd.conf.5.xml:3076
+#: sssd.conf.5.xml:3122 sssd.conf.5.xml:3134
 msgid "Default: TRUE"
 msgstr "Par défaut : TRUE"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3069
+#: sssd.conf.5.xml:3127
 msgid "remove_homedir (bool)"
 msgstr "remove_homedir (booléen)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3072
+#: sssd.conf.5.xml:3130
 msgid ""
 "Indicate if a home directory should be removed by default for deleted "
 "users.  Can be overridden on command line."
@@ -4178,12 +4183,12 @@ msgstr ""
 "suppression des utilisateurs. Peut être outrepassé par la ligne de commande."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3081
+#: sssd.conf.5.xml:3139
 msgid "homedir_umask (integer)"
 msgstr "homedir_umask (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3084
+#: sssd.conf.5.xml:3142
 msgid ""
 "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
 "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -4194,17 +4199,17 @@ msgstr ""
 "défaut sur un répertoire personnel nouvellement créé."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3092
+#: sssd.conf.5.xml:3150
 msgid "Default: 077"
 msgstr "Par défaut : 077"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3097
+#: sssd.conf.5.xml:3155
 msgid "skel_dir (string)"
 msgstr "skel_dir (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3100
+#: sssd.conf.5.xml:3158
 msgid ""
 "The skeleton directory, which contains files and directories to be copied in "
 "the user's home directory, when the home directory is created by "
@@ -4217,17 +4222,17 @@ msgstr ""
 "manvolnum> </citerefentry>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3110
+#: sssd.conf.5.xml:3168
 msgid "Default: <filename>/etc/skel</filename>"
 msgstr "Par défaut : <filename>/etc/skel</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3115
+#: sssd.conf.5.xml:3173
 msgid "mail_dir (string)"
 msgstr "mail_dir (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3118
+#: sssd.conf.5.xml:3176
 msgid ""
 "The mail spool directory. This is needed to manipulate the mailbox when its "
 "corresponding user account is modified or deleted.  If not specified, a "
@@ -4238,17 +4243,17 @@ msgstr ""
 "précisé, la valeur par défaut est utilisée."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3125
+#: sssd.conf.5.xml:3183
 msgid "Default: <filename>/var/mail</filename>"
 msgstr "Par défaut : <filename>/var/mail</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3130
+#: sssd.conf.5.xml:3188
 msgid "userdel_cmd (string)"
 msgstr "userdel_cmd (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3133
+#: sssd.conf.5.xml:3191
 msgid ""
 "The command that is run after a user is removed.  The command us passed the "
 "username of the user being removed as the first and only parameter. The "
@@ -4259,17 +4264,17 @@ msgstr ""
 "code en retour de la commande n'est pas pris en compte."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3139
+#: sssd.conf.5.xml:3197
 msgid "Default: None, no command is run"
 msgstr "Par défaut : None, aucune commande lancée"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:3149
+#: sssd.conf.5.xml:3207
 msgid "TRUSTED DOMAIN SECTION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3151
+#: sssd.conf.5.xml:3209
 msgid ""
 "Some options used in the domain section can also be used in the trusted "
 "domain section, that is, in a section called <quote>[domain/"
@@ -4280,64 +4285,64 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3158
+#: sssd.conf.5.xml:3216
 msgid "ldap_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3159
+#: sssd.conf.5.xml:3217
 msgid "ldap_user_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3160
+#: sssd.conf.5.xml:3218
 msgid "ldap_group_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3161
+#: sssd.conf.5.xml:3219
 msgid "ldap_netgroup_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3162
+#: sssd.conf.5.xml:3220
 msgid "ldap_service_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3163
+#: sssd.conf.5.xml:3221
 msgid "ad_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3164
+#: sssd.conf.5.xml:3222
 msgid "ad_backup_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3165
+#: sssd.conf.5.xml:3223
 msgid "ad_site,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3166
+#: sssd.conf.5.xml:3224
 msgid "use_fully_qualified_names"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3168
+#: sssd.conf.5.xml:3226
 msgid ""
 "For more details about these options see their individual description in the "
 "manual page."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:3174 idmap_sss.8.xml:43
+#: sssd.conf.5.xml:3232 idmap_sss.8.xml:43
 msgid "EXAMPLES"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:3180
+#: sssd.conf.5.xml:3238
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -4391,26 +4396,16 @@ msgstr ""
 "enumerate = False\n"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3176
-#, fuzzy
-#| msgid ""
-#| "The following example shows a typical SSSD config. It does not describe "
-#| "configuration of the domains themselves - refer to documentation on "
-#| "configuring domains for more details.  <placeholder type=\"programlisting"
-#| "\" id=\"0\"/>"
+#: sssd.conf.5.xml:3234
 msgid ""
 "1. The following example shows a typical SSSD config. It does not describe "
 "configuration of the domains themselves - refer to documentation on "
 "configuring domains for more details.  <placeholder type=\"programlisting\" "
 "id=\"0\"/>"
 msgstr ""
-"L'exemple suivant montre une configuration SSSD classique. Il ne décrit pas "
-"la configuration des domaines. Se référer à la documentation sur la "
-"configuration des domaines pour plus de détails. <placeholder type="
-"\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:3213
+#: sssd.conf.5.xml:3271
 #, no-wrap
 msgid ""
 "[domain/ipa.com/child.ad.com]\n"
@@ -4418,7 +4413,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3207
+#: sssd.conf.5.xml:3265
 msgid ""
 "2. The following example shows configuration of IPA AD trust where the AD "
 "forest consists of two domains in a parent-child structure.  Suppose IPA "
@@ -4480,7 +4475,7 @@ msgstr ""
 "en tant que fournisseur d'accès."
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:81 sssd-ad.5.xml:112
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:81 sssd-ad.5.xml:115
 #: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44 sssd-files.5.xml:57
 #: sssd-secrets.5.xml:120 sssd-session-recording.5.xml:58 sssd-kcm.8.xml:139
 msgid "CONFIGURATION OPTIONS"
@@ -4602,7 +4597,7 @@ msgstr ""
 "http://www.ietf.org/rfc/rfc2254.txt"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:662 sssd-ad.5.xml:283
+#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:662 sssd-ad.5.xml:286
 #: sss_override.8.xml:137 sss_override.8.xml:234
 msgid "Examples:"
 msgstr "Exemples :"
@@ -5528,62 +5523,36 @@ msgstr "Par défaut : host"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:833
-#, fuzzy
-#| msgid "ldap_user_authorized_host (string)"
 msgid "ldap_user_authorized_rhost (string)"
-msgstr "ldap_user_authorized_host (chaîne)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:836
-#, fuzzy
-#| msgid ""
-#| "If access_provider=ldap and ldap_access_order=host, SSSD will use the "
-#| "presence of the host attribute in the user's LDAP entry to determine "
-#| "access privilege."
 msgid ""
 "If access_provider=ldap and ldap_access_order=rhost, SSSD will use the "
 "presence of the rhost attribute in the user's LDAP entry to determine access "
 "privilege. Similarly to host verification process."
 msgstr ""
-"Si access_provider=ldap et ldap_access_order=host, SSSD va utiliser la "
-"présence de l'attribut host dans l'entrée LDAP de l'utilisateur pour "
-"déterminer les autorisations d'accès."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:843
-#, fuzzy
-#| msgid ""
-#| "An explicit deny (!host) is resolved first. Second, SSSD searches for "
-#| "explicit allow (host) and finally for allow_all (*)."
 msgid ""
 "An explicit deny (!rhost) is resolved first. Second, SSSD searches for "
 "explicit allow (rhost) and finally for allow_all (*)."
 msgstr ""
-"Le refus explicite (!host) est résolu en premier. SSSD recherche ensuite les "
-"autorisations explicites (host) et enfin toutes les autorisations (*)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:848
-#, fuzzy
-#| msgid ""
-#| "Please note that the ldap_access_order configuration option "
-#| "<emphasis>must</emphasis> include <quote>host</quote> in order for the "
-#| "ldap_user_authorized_host option to work."
 msgid ""
 "Please note that the ldap_access_order configuration option <emphasis>must</"
 "emphasis> include <quote>rhost</quote> in order for the "
 "ldap_user_authorized_rhost option to work."
 msgstr ""
-"Noter que l'option de configuration ldap_access_order <emphasis>doit</"
-"emphasis> inclure <quote>host</quote> de façon à permettre à l'option "
-"ldap_user_authorized_host de fonctionner."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:855
-#, fuzzy
-#| msgid "Default: host"
 msgid "Default: rhost"
-msgstr "Par défaut : host"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:861
@@ -5597,10 +5566,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:868
-#, fuzzy
-#| msgid "Default: filter"
 msgid "Default: userCertificate;binary"
-msgstr "Par défaut : filter"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:874
@@ -5972,17 +5939,13 @@ msgstr "ldap_netgroup_modify_timestamp (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1216
-#, fuzzy
-#| msgid "ldap_user_object_class (string)"
 msgid "ldap_host_object_class (string)"
-msgstr "ldap_user_object_class (chaîne)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1219
-#, fuzzy
-#| msgid "The object class of a user entry in LDAP."
 msgid "The object class of a host entry in LDAP."
-msgstr "La classe d'objet d'une entrée utilisateur dans LDAP."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1222 sssd-ldap.5.xml:1331
@@ -5991,76 +5954,55 @@ msgstr "Par défaut : ipService"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1228
-#, fuzzy
-#| msgid "ad_hostname (string)"
 msgid "ldap_host_name (string)"
-msgstr "ad_hostname (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1257
-#, fuzzy
-#| msgid "The LDAP attribute that corresponds to the group name."
 msgid "The LDAP attribute that corresponds to the host's name."
-msgstr "L'attribut LDAP correspondant au nom du groupe."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1241
-#, fuzzy
-#| msgid "ldap_pwdlockout_dn (string)"
 msgid "ldap_host_fqdn (string)"
-msgstr "ldap_pwdlockout_dn (chaîne)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1244
-#, fuzzy
-#| msgid "The LDAP attribute that corresponds to the user's full name."
 msgid ""
 "The LDAP attribute that corresponds to the host's fully-qualified domain "
 "name."
-msgstr "L'attribut LDAP correspondant au nom complet de l'utilisateur."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1248
-#, fuzzy
-#| msgid "Default: cn"
 msgid "Default: fqdn"
-msgstr "Par défaut : cn"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1254
-#, fuzzy
-#| msgid "ldap_dns_service_name (string)"
 msgid "ldap_host_serverhostname (string)"
-msgstr "ldap_dns_service_name (chaîne)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1261
-#, fuzzy
-#| msgid "Default: sudoHost"
 msgid "Default: serverHostname"
-msgstr "Par défaut : sudoHost"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1267
-#, fuzzy
-#| msgid "ldap_user_member_of (string)"
 msgid "ldap_host_member_of (string)"
-msgstr "ldap_user_member_of (chaîne)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1270
-#, fuzzy
-#| msgid "The LDAP attribute that lists the user's group memberships."
 msgid "The LDAP attribute that lists the host's group memberships."
 msgstr ""
-"L'attribut LDAP énumérant les groupes auquel appartient un utilisateur."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1280
-#, fuzzy
-#| msgid "ipa_host_search_base (string)"
 msgid "ldap_host_search_base (string)"
-msgstr "ipa_host_search_base (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1283
@@ -6086,31 +6028,23 @@ msgstr "Par défaut : la valeur de <emphasis>ldap_search_base</emphasis>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1299
-#, fuzzy
-#| msgid "ldap_user_ssh_public_key (string)"
 msgid "ldap_host_ssh_public_key (string)"
-msgstr "ldap_user_ssh_public_key (chaîne)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1302
-#, fuzzy
-#| msgid "The LDAP attribute that contains the user's SSH public keys."
 msgid "The LDAP attribute that contains the host's SSH public keys."
-msgstr "L'attribut LDAP qui contient les clés publiques SSH de l'utilisateur."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1312
-#, fuzzy
-#| msgid "ldap_user_uuid (string)"
 msgid "ldap_host_uuid (string)"
-msgstr "ldap_user_uuid (chaîne)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1315
-#, fuzzy
-#| msgid "The LDAP attribute that contains the port managed by this service."
 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP host object."
-msgstr "L'attribut LDAP qui contient le port géré par ce service."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1325
@@ -6760,7 +6694,7 @@ msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
 msgstr "Définit la durée de vie, en secondes, des TGT si GSSAPI est utilisé."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1853 sssd-ad.5.xml:934
+#: sssd-ldap.5.xml:1853 sssd-ad.5.xml:937
 msgid "Default: 86400 (24 hours)"
 msgstr "Par défaut : 86400 (24 heures)"
 
@@ -7268,14 +7202,10 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:2237
-#, fuzzy
-#| msgid ""
-#| "<emphasis>host</emphasis>: use the host attribute to determine access"
 msgid ""
 "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
 "remote host can access"
 msgstr ""
-"<emphasis>host</emphasis> : utilise l'attribut host pour déterminer l'accès"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:2241
@@ -7423,10 +7353,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:2341 sssd-ifp.5.xml:136
-#, fuzzy
-#| msgid "ldap_opt_timeout (integer)"
 msgid "wildcard_limit (integer)"
-msgstr "ldap_opt_timeout (entier)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:2344
@@ -8009,8 +7937,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd-ldap.5.xml:2816 sssd-simple.5.xml:131 sssd-ipa.5.xml:736
-#: sssd-ad.5.xml:1038 sssd-krb5.5.xml:570 sss_rpcidmapd.5.xml:98
-#: sssd-files.5.xml:71 sssd-session-recording.5.xml:144
+#: sssd-ad.5.xml:1041 sssd-krb5.5.xml:570 sss_rpcidmapd.5.xml:98
+#: sssd-files.5.xml:103 sssd-session-recording.5.xml:144
 msgid "EXAMPLE"
 msgstr "EXEMPLE"
 
@@ -8047,8 +7975,8 @@ msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para>
 #: sssd-ldap.5.xml:2823 sssd-ldap.5.xml:2841 sssd-simple.5.xml:139
-#: sssd-ipa.5.xml:744 sssd-ad.5.xml:1046 sssd-sudo.5.xml:56 sssd-krb5.5.xml:579
-#: sssd-files.5.xml:78 sssd-session-recording.5.xml:150
+#: sssd-ipa.5.xml:744 sssd-ad.5.xml:1049 sssd-sudo.5.xml:56 sssd-krb5.5.xml:579
+#: sssd-files.5.xml:110 sssd-session-recording.5.xml:150
 #: include/ldap_id_mapping.xml:105
 msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
@@ -8093,7 +8021,7 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd-ldap.5.xml:2857 sssd_krb5_locator_plugin.8.xml:61 sssd-simple.5.xml:148
-#: sssd-ad.5.xml:1061 sssd.8.xml:230 sss_seed.8.xml:163
+#: sssd-ad.5.xml:1064 sssd.8.xml:230 sss_seed.8.xml:163
 msgid "NOTES"
 msgstr "NOTES"
 
@@ -8593,7 +8521,7 @@ msgstr ""
 "pas pris en compte."
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:82 sssd-ad.5.xml:113
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:82 sssd-ad.5.xml:116
 msgid ""
 "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
 "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -8703,23 +8631,24 @@ msgstr ""
 msgid ""
 "The rules are processed by priority while the number '0' (zero)  indicates "
 "the highest priority. The higher the number the lower is the priority. A "
-"missing value indicates the lowest priority."
+"missing value indicates the lowest priority. The rules processing is stopped "
+"when a matched rule is found and no further rules are checked."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:50
+#: sss-certmap.5.xml:52
 msgid ""
 "Internally the priority is treated as unsigned 32bit integer, using a "
 "priority value larger than 4294967295 will cause an error."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sss-certmap.5.xml:55
+#: sss-certmap.5.xml:57
 msgid "MATCHING RULE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:57
+#: sss-certmap.5.xml:59
 msgid ""
 "The matching rule is used to select a certificate to which the mapping rule "
 "should be applied. It uses a system similar to the one used by "
@@ -8731,12 +8660,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:69
+#: sss-certmap.5.xml:71
 msgid "&lt;SUBJECT&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:72
+#: sss-certmap.5.xml:74
 msgid ""
 "With this a part or the whole subject name of the certificate can be "
 "matched. For the matching POSIX Extended Regular Expression syntax is used, "
@@ -8744,7 +8673,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:78
+#: sss-certmap.5.xml:80
 msgid ""
 "For the matching the subject name stored in the certificate in DER encoded "
 "ASN.1 is converted into a string according to RFC 4514. This means the most "
@@ -8757,172 +8686,172 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:91
+#: sss-certmap.5.xml:93
 msgid "Example: &lt;SUBJECT&gt;.*,DC=MY,DC=DOMAIN"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:96
+#: sss-certmap.5.xml:98
 msgid "&lt;ISSUER&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:99
+#: sss-certmap.5.xml:101
 msgid ""
 "With this a part or the whole issuer name of the certificate can be matched. "
 "All comments for &lt;SUBJECT&gt; apply her as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:104
+#: sss-certmap.5.xml:106
 msgid "Example: &lt;ISSUER&gt;^CN=My-CA,DC=MY,DC=DOMAIN$"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:109
+#: sss-certmap.5.xml:111
 msgid "&lt;KU&gt;key-usage"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:112
+#: sss-certmap.5.xml:114
 msgid ""
 "This option can be used to specify which key usage values the certificate "
 "should have. The following values can be used in a comma separated list:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:116
+#: sss-certmap.5.xml:118
 msgid "digitalSignature"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:117
+#: sss-certmap.5.xml:119
 msgid "nonRepudiation"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:118
+#: sss-certmap.5.xml:120
 msgid "keyEncipherment"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:119
+#: sss-certmap.5.xml:121
 msgid "dataEncipherment"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:120
+#: sss-certmap.5.xml:122
 msgid "keyAgreement"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:121
+#: sss-certmap.5.xml:123
 msgid "keyCertSign"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:122
+#: sss-certmap.5.xml:124
 msgid "cRLSign"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:123
+#: sss-certmap.5.xml:125
 msgid "encipherOnly"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:124
+#: sss-certmap.5.xml:126
 msgid "decipherOnly"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:128
+#: sss-certmap.5.xml:130
 msgid ""
 "A numerical value in the range of a 32bit unsigned integer can be used as "
 "well to cover special use cases."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:132
+#: sss-certmap.5.xml:134
 msgid "Example: &lt;KU&gt;digitalSignature,keyEncipherment"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:137
+#: sss-certmap.5.xml:139
 msgid "&lt;EKU&gt;extended-key-usage"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:140
+#: sss-certmap.5.xml:142
 msgid ""
 "This option can be used to specify which extended key usage the certificate "
 "should have. The following value can be used in a comma separated list:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:144
+#: sss-certmap.5.xml:146
 msgid "serverAuth"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:145
+#: sss-certmap.5.xml:147
 msgid "clientAuth"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:146
+#: sss-certmap.5.xml:148
 msgid "codeSigning"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:147
+#: sss-certmap.5.xml:149
 msgid "emailProtection"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:148
+#: sss-certmap.5.xml:150
 msgid "timeStamping"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:149
+#: sss-certmap.5.xml:151
 msgid "OCSPSigning"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:150
+#: sss-certmap.5.xml:152
 msgid "KPClientAuth"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:151
+#: sss-certmap.5.xml:153
 msgid "pkinit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:152
+#: sss-certmap.5.xml:154
 msgid "msScLogin"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:156
+#: sss-certmap.5.xml:158
 msgid ""
 "Extended key usages which are not listed above can be specified with their "
 "OID in dotted-decimal notation."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:160
+#: sss-certmap.5.xml:162
 msgid "Example: &lt;EKU&gt;clientAuth,1.3.6.1.5.2.3.4"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:165
+#: sss-certmap.5.xml:167
 msgid "&lt;SAN&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:168
+#: sss-certmap.5.xml:170
 msgid ""
 "To be compatible with the usage of MIT Kerberos this option will match the "
 "Kerberos principals in the PKINIT or AD NT Principal SAN as &lt;SAN:"
@@ -8930,62 +8859,62 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:173
+#: sss-certmap.5.xml:175
 msgid "Example: &lt;SAN&gt;.*@MY\\.REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:178
+#: sss-certmap.5.xml:180
 msgid "&lt;SAN:Principal&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:181
+#: sss-certmap.5.xml:183
 msgid "Match the Kerberos principals in the PKINIT or AD NT Principal SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:185
+#: sss-certmap.5.xml:187
 msgid "Example: &lt;SAN:Principal&gt;.*@MY\\.REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:190
+#: sss-certmap.5.xml:192
 msgid "&lt;SAN:ntPrincipalName&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:193
+#: sss-certmap.5.xml:195
 msgid "Match the Kerberos principals from the AD NT Principal SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:197
+#: sss-certmap.5.xml:199
 msgid "Example: &lt;SAN:ntPrincipalName&gt;.*@MY.AD.REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:202
+#: sss-certmap.5.xml:204
 msgid "&lt;SAN:pkinit&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:205
+#: sss-certmap.5.xml:207
 msgid "Match the Kerberos principals from the PKINIT SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:208
+#: sss-certmap.5.xml:210
 msgid "Example: &lt;SAN:ntPrincipalName&gt;.*@MY\\.PKINIT\\.REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:213
+#: sss-certmap.5.xml:215
 msgid "&lt;SAN:dotted-decimal-oid&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:216
+#: sss-certmap.5.xml:218
 msgid ""
 "Take the value of the otherName SAN component given by the OID in dotted-"
 "decimal notation, interpret it as string and try to match it against the "
@@ -8993,17 +8922,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:222
+#: sss-certmap.5.xml:224
 msgid "Example: &lt;SAN:1.2.3.4&gt;test"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:227
+#: sss-certmap.5.xml:229
 msgid "&lt;SAN:otherName&gt;base64-string"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:230
+#: sss-certmap.5.xml:232
 msgid ""
 "Do a binary match with the base64 encoded blob against all otherName SAN "
 "components. With this option it is possible to match against custom "
@@ -9012,145 +8941,145 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:237
+#: sss-certmap.5.xml:239
 msgid "Example: &lt;SAN:otherName&gt;MTIz"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:242
+#: sss-certmap.5.xml:244
 msgid "&lt;SAN:rfc822Name&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:245
+#: sss-certmap.5.xml:247
 msgid "Match the value of the rfc822Name SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:248
+#: sss-certmap.5.xml:250
 msgid "Example: &lt;SAN:rfc822Name&gt;.*@email\\.domain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:253
+#: sss-certmap.5.xml:255
 msgid "&lt;SAN:dNSName&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:256
+#: sss-certmap.5.xml:258
 msgid "Match the value of the dNSName SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:259
+#: sss-certmap.5.xml:261
 msgid "Example: &lt;SAN:dNSName&gt;.*\\.my\\.dns\\.domain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:264
+#: sss-certmap.5.xml:266
 msgid "&lt;SAN:x400Address&gt;base64-string"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:267
+#: sss-certmap.5.xml:269
 msgid "Binary match the value of the x400Address SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:270
+#: sss-certmap.5.xml:272
 msgid "Example: &lt;SAN:x400Address&gt;MTIz"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:275
+#: sss-certmap.5.xml:277
 msgid "&lt;SAN:directoryName&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:278
+#: sss-certmap.5.xml:280
 msgid ""
 "Match the value of the directoryName SAN. The same comments as given for &lt;"
 "ISSUER&gt; and &lt;SUBJECT&gt; apply here as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:283
+#: sss-certmap.5.xml:285
 msgid "Example: &lt;SAN:directoryName&gt;.*,DC=com"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:288
+#: sss-certmap.5.xml:290
 msgid "&lt;SAN:ediPartyName&gt;base64-string"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:291
+#: sss-certmap.5.xml:293
 msgid "Binary match the value of the ediPartyName SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:294
+#: sss-certmap.5.xml:296
 msgid "Example: &lt;SAN:ediPartyName&gt;MTIz"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:299
+#: sss-certmap.5.xml:301
 msgid "&lt;SAN:uniformResourceIdentifier&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:302
+#: sss-certmap.5.xml:304
 msgid "Match the value of the uniformResourceIdentifier SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:305
+#: sss-certmap.5.xml:307
 msgid "Example: &lt;SAN:uniformResourceIdentifier&gt;URN:.*"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:310
+#: sss-certmap.5.xml:312
 msgid "&lt;SAN:iPAddress&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:313
+#: sss-certmap.5.xml:315
 msgid "Match the value of the iPAddress SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:316
+#: sss-certmap.5.xml:318
 msgid "Example: &lt;SAN:iPAddress&gt;192\\.168\\..*"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:321
+#: sss-certmap.5.xml:323
 msgid "&lt;SAN:registeredID&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:324
+#: sss-certmap.5.xml:326
 msgid "Match the value of the registeredID SAN as dotted-decimal string."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:328
+#: sss-certmap.5.xml:330
 msgid "Example: &lt;SAN:registeredID&gt;1\\.2\\.3\\..*"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:66
+#: sss-certmap.5.xml:68
 msgid ""
 "The available options are: <placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sss-certmap.5.xml:336
+#: sss-certmap.5.xml:338
 msgid "MAPPING RULE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:338
+#: sss-certmap.5.xml:340
 msgid ""
 "The mapping rule is used to associate a certificate with one or more "
 "accounts. A Smartcard with the certificate and the matching private key can "
@@ -9158,7 +9087,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:343
+#: sss-certmap.5.xml:345
 msgid ""
 "Currently SSSD basically only supports LDAP to lookup user information (the "
 "exception is the proxy provider which is not of relevance here). Because of "
@@ -9170,7 +9099,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:353
+#: sss-certmap.5.xml:355
 msgid ""
 "In general it is recommended to use attributes from the certificate and add "
 "them to special attributes to the LDAP user object. E.g. the "
@@ -9179,7 +9108,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:359
+#: sss-certmap.5.xml:361
 msgid ""
 "This should be preferred to read user specific data from the certificate "
 "like e.g. an email address and search for it in the LDAP server. The reason "
@@ -9189,12 +9118,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:374
+#: sss-certmap.5.xml:376
 msgid "{issuer_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:377
+#: sss-certmap.5.xml:379
 msgid ""
 "This template will add the full issuer DN converted to a string according to "
 "RFC 4514. If X.500 ordering (most specific RDN comes last) an option with "
@@ -9202,40 +9131,40 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:383 sss-certmap.5.xml:409
+#: sss-certmap.5.xml:385 sss-certmap.5.xml:411
 msgid ""
 "The conversion options starting with 'ad_' will use attribute names as used "
 "by AD, e.g. 'S' instead of 'ST'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:387 sss-certmap.5.xml:413
+#: sss-certmap.5.xml:389 sss-certmap.5.xml:415
 msgid ""
 "The conversion options starting with 'nss_' will use attribute names as used "
 "by NSS."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:391 sss-certmap.5.xml:417
+#: sss-certmap.5.xml:393 sss-certmap.5.xml:419
 msgid ""
 "The default conversion option is 'nss', i.e. attribute names according to "
 "NSS and LDAP/RFC 4514 ordering."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:395
+#: sss-certmap.5.xml:397
 msgid ""
 "Example: (ipacertmapdata=X509:&lt;I&gt;{issuer_dn!ad}&lt;S&gt;{subject_dn!"
 "ad})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:400
+#: sss-certmap.5.xml:402
 msgid "{subject_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:403
+#: sss-certmap.5.xml:405
 msgid ""
 "This template will add the full subject DN converted to string according to "
 "RFC 4514. If X.500 ordering (most specific RDN comes last) an option with "
@@ -9243,19 +9172,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:421
+#: sss-certmap.5.xml:423
 msgid ""
 "Example: (ipacertmapdata=X509:&lt;I&gt;{issuer_dn!nss_x500}&lt;S&gt;"
 "{subject_dn!nss_x500})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:426
+#: sss-certmap.5.xml:428
 msgid "{cert[!(bin|base64)]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:429
+#: sss-certmap.5.xml:431
 msgid ""
 "This template will add the whole DER encoded certificate as a string to the "
 "search filter. Depending on the conversion option the binary certificate is "
@@ -9265,17 +9194,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:437
+#: sss-certmap.5.xml:439
 msgid "Example: (userCertificate;binary={cert!bin})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:442
+#: sss-certmap.5.xml:444
 msgid "{subject_principal[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:445
+#: sss-certmap.5.xml:447
 msgid ""
 "This template will add the Kerberos principal which is taken either from the "
 "SAN used by pkinit or the one used by AD. The 'short_name' component "
@@ -9283,19 +9212,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:451 sss-certmap.5.xml:479
+#: sss-certmap.5.xml:453 sss-certmap.5.xml:481
 msgid ""
 "Example: (|(userPrincipal={subject_principal})"
 "(samAccountName={subject_principal.short_name}))"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:456
+#: sss-certmap.5.xml:458
 msgid "{subject_pkinit_principal[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:459
+#: sss-certmap.5.xml:461
 msgid ""
 "This template will add the Kerberos principal which is given by the SAN used "
 "by pkinit. The 'short_name' component represents the first part of the "
@@ -9303,19 +9232,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:465
+#: sss-certmap.5.xml:467
 msgid ""
 "Example: (|(userPrincipal={subject_pkinit_principal})"
 "(uid={subject_pkinit_principal.short_name}))"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:470
+#: sss-certmap.5.xml:472
 msgid "{subject_nt_principal[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:473
+#: sss-certmap.5.xml:475
 msgid ""
 "This template will add the Kerberos principal which is given by the SAN used "
 "by AD. The 'short_name' component represent the first part of the principal "
@@ -9323,12 +9252,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:484
+#: sss-certmap.5.xml:486
 msgid "{subject_rfc822_name[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:487
+#: sss-certmap.5.xml:489
 msgid ""
 "This template will add the string which is stored in the rfc822Name "
 "component of the SAN, typically an email address. The 'short_name' component "
@@ -9336,19 +9265,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:493
+#: sss-certmap.5.xml:495
 msgid ""
 "Example: (|(mail={subject_rfc822_name})(uid={subject_rfc822_name."
 "short_name}))"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:498
+#: sss-certmap.5.xml:500
 msgid "{subject_dns_name[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:501
+#: sss-certmap.5.xml:503
 msgid ""
 "This template will add the string which is stored in the dNSName component "
 "of the SAN, typically a fully-qualified host name.  The 'short_name' "
@@ -9356,116 +9285,116 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:507
+#: sss-certmap.5.xml:509
 msgid ""
 "Example: (|(fqdn={subject_dns_name})(host={subject_dns_name.short_name}))"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:512
+#: sss-certmap.5.xml:514
 msgid "{subject_uri}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:515
+#: sss-certmap.5.xml:517
 msgid ""
 "This template will add the string which is stored in the "
 "uniformResourceIdentifier component of the SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:519
+#: sss-certmap.5.xml:521
 msgid "Example: (uri={subject_uri})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:524
+#: sss-certmap.5.xml:526
 msgid "{subject_ip_address}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:527
+#: sss-certmap.5.xml:529
 msgid ""
 "This template will add the string which is stored in the iPAddress component "
 "of the SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:531
+#: sss-certmap.5.xml:533
 msgid "Example: (ip={subject_ip_address})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:536
+#: sss-certmap.5.xml:538
 msgid "{subject_x400_address}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:539
+#: sss-certmap.5.xml:541
 msgid ""
 "This template will add the value which is stored in the x400Address "
 "component of the SAN as escaped hex sequence."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:544
+#: sss-certmap.5.xml:546
 msgid "Example: (attr:binary={subject_x400_address})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:549
+#: sss-certmap.5.xml:551
 msgid ""
 "{subject_directory_name[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:552
+#: sss-certmap.5.xml:554
 msgid ""
 "This template will add the DN string of the value which is stored in the "
 "directoryName component of the SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:556
+#: sss-certmap.5.xml:558
 msgid "Example: (orig_dn={subject_directory_name})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:561
+#: sss-certmap.5.xml:563
 msgid "{subject_ediparty_name}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:564
+#: sss-certmap.5.xml:566
 msgid ""
 "This template will add the value which is stored in the ediPartyName "
 "component of the SAN as escaped hex sequence."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:569
+#: sss-certmap.5.xml:571
 msgid "Example: (attr:binary={subject_ediparty_name})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:574
+#: sss-certmap.5.xml:576
 msgid "{subject_registered_id}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:577
+#: sss-certmap.5.xml:579
 msgid ""
 "This template will add the OID which is stored in the registeredID component "
 "of the SAN as a dotted-decimal string."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:582
+#: sss-certmap.5.xml:584
 msgid "Example: (oid={subject_registered_id})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:367
+#: sss-certmap.5.xml:369
 msgid ""
 "The templates to add certificate data to the search filter are based on "
 "Python-style formatting strings. They consist of a keyword in curly braces "
@@ -9475,12 +9404,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sss-certmap.5.xml:590
+#: sss-certmap.5.xml:592
 msgid "DOMAIN LIST"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:592
+#: sss-certmap.5.xml:594
 msgid ""
 "If the domain list is not empty users mapped to a given certificate are not "
 "only searched in the local domain but in the listed domains as well as long "
@@ -9617,21 +9546,14 @@ msgstr "ipa_hostname (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:119
-#, fuzzy
-#| msgid ""
-#| "Optional. May be set on machines where the hostname(5) does not reflect "
-#| "the fully qualified name used in the IPA domain to identify this host."
 msgid ""
 "Optional. May be set on machines where the hostname(5) does not reflect the "
 "fully qualified name used in the IPA domain to identify this host.  The "
 "hostname must be fully qualified."
 msgstr ""
-"Facultatif. Peut être défini pour des machines dont le hostname(5) ne "
-"reflète pas le nom de domaine pleinement qualifié du domaine IPA pour "
-"identifier l'hôte."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:863
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:866
 msgid "dyndns_update (boolean)"
 msgstr "dyndns_update (booléen)"
 
@@ -9646,7 +9568,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:140 sssd-ad.5.xml:877
+#: sssd-ipa.5.xml:140 sssd-ad.5.xml:880
 msgid ""
 "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
 "the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -9668,12 +9590,12 @@ msgstr ""
 "configuration."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:157 sssd-ad.5.xml:888
+#: sssd-ipa.5.xml:157 sssd-ad.5.xml:891
 msgid "dyndns_ttl (integer)"
 msgstr "dyndns_ttl (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:160 sssd-ad.5.xml:891
+#: sssd-ipa.5.xml:160 sssd-ad.5.xml:894
 msgid ""
 "The TTL to apply to the client DNS record when updating it.  If "
 "dyndns_update is false this has no effect. This will override the TTL "
@@ -9700,12 +9622,12 @@ msgid "Default: 1200 (seconds)"
 msgstr "Par défaut : 1200 (secondes)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:177 sssd-ad.5.xml:902
+#: sssd-ipa.5.xml:177 sssd-ad.5.xml:905
 msgid "dyndns_iface (string)"
 msgstr "dyndns_iface (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:180 sssd-ad.5.xml:905
+#: sssd-ipa.5.xml:180 sssd-ad.5.xml:908
 msgid ""
 "Optional. Applicable only when dyndns_update is true. Choose the interface "
 "or a list of interfaces whose IP addresses should be used for dynamic DNS "
@@ -9733,17 +9655,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:197 sssd-ad.5.xml:916
+#: sssd-ipa.5.xml:197 sssd-ad.5.xml:919
 msgid "Example: dyndns_iface = em1, vnet1, vnet2"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:203 sssd-ad.5.xml:967
+#: sssd-ipa.5.xml:203 sssd-ad.5.xml:970
 msgid "dyndns_auth (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:206 sssd-ad.5.xml:970
+#: sssd-ipa.5.xml:206 sssd-ad.5.xml:973
 msgid ""
 "Whether the nsupdate utility should use GSS-TSIG authentication for secure "
 "updates with the DNS server, insecure updates can be sent by setting this "
@@ -9751,7 +9673,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:212 sssd-ad.5.xml:976
+#: sssd-ipa.5.xml:212 sssd-ad.5.xml:979
 msgid "Default: GSS-TSIG"
 msgstr ""
 
@@ -9761,7 +9683,7 @@ msgid "ipa_enable_dns_sites (boolean)"
 msgstr "ipa_enable_dns_sites (booléen)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:221 sssd-ad.5.xml:210
+#: sssd-ipa.5.xml:221 sssd-ad.5.xml:213
 msgid "Enables DNS sites - location based service discovery."
 msgstr "Active les sites DNS - découverte de service basée sur l'emplacement"
 
@@ -9786,7 +9708,7 @@ msgstr ""
 "seront utilisés comme serveurs de repli"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:244 sssd-ad.5.xml:922
+#: sssd-ipa.5.xml:244 sssd-ad.5.xml:925
 msgid "dyndns_refresh_interval (integer)"
 msgstr "dyndns_refresh_interval (entier)"
 
@@ -9803,12 +9725,12 @@ msgstr ""
 "configurée à true."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:940
+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:943
 msgid "dyndns_update_ptr (bool)"
 msgstr "dyndns_update_ptr (booléen)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:263 sssd-ad.5.xml:943
+#: sssd-ipa.5.xml:263 sssd-ad.5.xml:946
 msgid ""
 "Whether the PTR record should also be explicitly updated when updating the "
 "client's DNS records.  Applicable only when dyndns_update is true."
@@ -9833,12 +9755,12 @@ msgid "Default: False (disabled)"
 msgstr "Par défaut : False (désactivé)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:280 sssd-ad.5.xml:954
+#: sssd-ipa.5.xml:280 sssd-ad.5.xml:957
 msgid "dyndns_force_tcp (bool)"
 msgstr "dyndns_force_tcp (booléen)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:283 sssd-ad.5.xml:957
+#: sssd-ipa.5.xml:283 sssd-ad.5.xml:960
 msgid ""
 "Whether the nsupdate utility should default to using TCP for communicating "
 "with the DNS server."
@@ -9847,59 +9769,52 @@ msgstr ""
 "communication avec le serveur DNS."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:287 sssd-ad.5.xml:961
+#: sssd-ipa.5.xml:287 sssd-ad.5.xml:964
 msgid "Default: False (let nsupdate choose the protocol)"
 msgstr "Par défaut : False (laisser nsupdate choisir le protocole)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:293 sssd-ad.5.xml:982
+#: sssd-ipa.5.xml:293 sssd-ad.5.xml:985
 msgid "dyndns_server (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:296 sssd-ad.5.xml:985
+#: sssd-ipa.5.xml:296 sssd-ad.5.xml:988
 msgid ""
 "The DNS server to use when performing a DNS update. In most setups, it's "
 "recommended to leave this option unset."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:301 sssd-ad.5.xml:990
+#: sssd-ipa.5.xml:301 sssd-ad.5.xml:993
 msgid ""
 "Setting this option makes sense for environments where the DNS server is "
 "different from the identity server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:306 sssd-ad.5.xml:995
+#: sssd-ipa.5.xml:306 sssd-ad.5.xml:998
 msgid ""
 "Please note that this option will be only used in fallback attempt when "
 "previous attempt using autodetected settings failed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1000
+#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1003
 msgid "Default: None (let nsupdate choose the server)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:317
-#, fuzzy
-#| msgid "ipa_views_search_base (string)"
 msgid "ipa_deskprofile_search_base (string)"
-msgstr "ipa_views_search_base (chaîne)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:320
-#, fuzzy
-#| msgid ""
-#| "Optional. Use the given string as search base for HBAC related objects."
 msgid ""
 "Optional. Use the given string as search base for Desktop Profile related "
 "objects."
 msgstr ""
-"Facultatif. Utilise la chaîne donnée comme base de recherche pour les objets "
-"HBAC associés."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:324 sssd-ipa.5.xml:337
@@ -10008,86 +9923,64 @@ msgstr ""
 "convertit en DN de base pour effectuer les opérations LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:443 sssd-ad.5.xml:1009
+#: sssd-ipa.5.xml:443 sssd-ad.5.xml:1012
 msgid "krb5_confd_path (string)"
 msgstr "krb5_confd_path (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:446 sssd-ad.5.xml:1012
+#: sssd-ipa.5.xml:446 sssd-ad.5.xml:1015
 msgid ""
 "Absolute path of a directory where SSSD should place Kerberos configuration "
 "snippets."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:450 sssd-ad.5.xml:1016
+#: sssd-ipa.5.xml:450 sssd-ad.5.xml:1019
 msgid ""
 "To disable the creation of the configuration snippets set the parameter to "
 "'none'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454 sssd-ad.5.xml:1020
+#: sssd-ipa.5.xml:454 sssd-ad.5.xml:1023
 msgid ""
 "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:461
-#, fuzzy
-#| msgid "ipa_hbac_refresh (integer)"
 msgid "ipa_deskprofile_refresh (integer)"
-msgstr "ipa_hbac_refresh (entier)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:464
-#, fuzzy
-#| msgid ""
-#| "The amount of time between lookups of the HBAC rules against the IPA "
-#| "server. This will reduce the latency and load on the IPA server if there "
-#| "are many access-control requests made in a short period."
 msgid ""
 "The amount of time between lookups of the Desktop Profile rules against the "
 "IPA server. This will reduce the latency and load on the IPA server if there "
 "are many desktop profiles requests made in a short period."
 msgstr ""
-"Le temps entre deux recherches de règles HBAC sur un serveur IPA. Cela "
-"permet de réduire le temps de latence et la charge du serveur IPA si il y a "
-"beaucoup de requêtes de contrôle d'accès sur une courte période."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471 sssd-ipa.5.xml:501 sssd-ipa.5.xml:517 sssd-ad.5.xml:428
+#: sssd-ipa.5.xml:471 sssd-ipa.5.xml:501 sssd-ipa.5.xml:517 sssd-ad.5.xml:431
 msgid "Default: 5 (seconds)"
 msgstr "Par défaut : 5 (secondes)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:477
-#, fuzzy
-#| msgid "ldap_sudo_full_refresh_interval (integer)"
 msgid "ipa_deskprofile_request_interval (integer)"
-msgstr "ldap_sudo_full_refresh_interval (integer)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:480
-#, fuzzy
-#| msgid ""
-#| "The amount of time between lookups of the HBAC rules against the IPA "
-#| "server. This will reduce the latency and load on the IPA server if there "
-#| "are many access-control requests made in a short period."
 msgid ""
 "The amount of time between lookups of the Desktop Profile rules against the "
 "IPA server in case the last request did not return any rule."
 msgstr ""
-"Le temps entre deux recherches de règles HBAC sur un serveur IPA. Cela "
-"permet de réduire le temps de latence et la charge du serveur IPA si il y a "
-"beaucoup de requêtes de contrôle d'accès sur une courte période."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:485
-#, fuzzy
-#| msgid "Default: 900 (15 minutes)"
 msgid "Default: 60 (minutes)"
-msgstr "Par défaut : 900 (15 minutes)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:491
@@ -10522,11 +10415,13 @@ msgid ""
 "POSIX attributes are not replicated to the Global Catalog, SSSD must search "
 "all the domains in the forest sequentially. Please note that the "
 "<quote>cache_first</quote> option might be also helpful in speeding up "
-"domainless searches."
+"domainless searches.  Note that if only a subset of POSIX attributes is "
+"present in the Global Catalog, the non-replicated attributes are currently "
+"not read from the LDAP port."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:105
+#: sssd-ad.5.xml:108
 msgid ""
 "Users, groups and other entities served by SSSD are always treated as case-"
 "insensitive in the AD provider for compatibility with Active Directory's "
@@ -10534,12 +10429,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:120
+#: sssd-ad.5.xml:123
 msgid "ad_domain (string)"
 msgstr "ad_domain (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:123
+#: sssd-ad.5.xml:126
 msgid ""
 "Specifies the name of the Active Directory domain.  This is optional. If not "
 "provided, the configuration domain name is used."
@@ -10548,7 +10443,7 @@ msgstr ""
 "n'est pas fourni, le nom de domaine de la configuration est utilisé."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:128
+#: sssd-ad.5.xml:131
 msgid ""
 "For proper operation, this option should be specified as the lower-case "
 "version of the long version of the Active Directory domain."
@@ -10557,7 +10452,7 @@ msgstr ""
 "domaine Active Directory, spécifié en minuscules."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:133
+#: sssd-ad.5.xml:136
 msgid ""
 "The short domain name (also known as the NetBIOS or the flat name) is "
 "autodetected by the SSSD."
@@ -10566,12 +10461,12 @@ msgstr ""
 "autodétecté par SSSD."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:140
+#: sssd-ad.5.xml:143
 msgid "ad_enabled_domains (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:143
+#: sssd-ad.5.xml:146
 msgid ""
 "A comma-separated list of enabled Active Directory domains.  If provided, "
 "SSSD will ignore any domains not listed in this option. If left unset, all "
@@ -10579,7 +10474,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:153
+#: sssd-ad.5.xml:156
 #, no-wrap
 msgid ""
 "ad_enabled_domains = sales.example.com, eng.example.com\n"
@@ -10587,7 +10482,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:149
+#: sssd-ad.5.xml:152
 msgid ""
 "For proper operation, this option must be specified in all lower-case and as "
 "the fully qualified domain name of the Active Directory domain. For example: "
@@ -10595,19 +10490,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:157
+#: sssd-ad.5.xml:160
 msgid ""
 "The short domain name (also known as the NetBIOS or the flat name) will be "
 "autodetected by SSSD."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:167
+#: sssd-ad.5.xml:170
 msgid "ad_server, ad_backup_server (string)"
 msgstr "ad_server, ad_backup_server (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:170
+#: sssd-ad.5.xml:173
 msgid ""
 "The comma-separated list of hostnames of the AD servers to which SSSD should "
 "connect in order of preference. For more information on failover and server "
@@ -10615,26 +10510,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:177
+#: sssd-ad.5.xml:180
 msgid ""
 "This is optional if autodiscovery is enabled.  For more information on "
 "service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:182
+#: sssd-ad.5.xml:185
 msgid ""
 "Note: Trusted domains will always auto-discover servers even if the primary "
 "server is explicitly defined in the ad_server option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:190
+#: sssd-ad.5.xml:193
 msgid "ad_hostname (string)"
 msgstr "ad_hostname (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:193
+#: sssd-ad.5.xml:196
 msgid ""
 "Optional. May be set on machines where the hostname(5) does not reflect the "
 "fully qualified name used in the Active Directory domain to identify this "
@@ -10645,7 +10540,7 @@ msgstr ""
 "identifier ce système."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:199
+#: sssd-ad.5.xml:202
 msgid ""
 "This field is used to determine the host principal in use in the keytab. It "
 "must match the hostname for which the keytab was issued."
@@ -10655,12 +10550,12 @@ msgstr ""
 "publié un fichier keytab."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:207
+#: sssd-ad.5.xml:210
 msgid "ad_enable_dns_sites (boolean)"
 msgstr "ad_enable_dns_sites (booléen)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:214
+#: sssd-ad.5.xml:217
 msgid ""
 "If true and service discovery (see Service Discovery paragraph at the bottom "
 "of the man page)  is enabled, the SSSD will first attempt to discover the "
@@ -10678,12 +10573,12 @@ msgstr ""
 "utilisée pendant la découverte de site."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:230
+#: sssd-ad.5.xml:233
 msgid "ad_access_filter (string)"
 msgstr "ad_access_filter (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:233
+#: sssd-ad.5.xml:236
 msgid ""
 "This option specifies LDAP access control filter that the user must match in "
 "order to be allowed access. Please note that the <quote>access_provider</"
@@ -10692,7 +10587,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:241
+#: sssd-ad.5.xml:244
 msgid ""
 "The option also supports specifying different filters per domain or forest. "
 "This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>.  "
@@ -10701,7 +10596,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:249
+#: sssd-ad.5.xml:252
 msgid ""
 "If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</"
 "quote> specifies the domain or subdomain the filter applies to.  If the "
@@ -10710,14 +10605,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:257
+#: sssd-ad.5.xml:260
 msgid ""
 "Multiple filters can be separated with the <quote>?</quote> character, "
 "similarly to how search bases work."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:262
+#: sssd-ad.5.xml:265
 msgid ""
 "Nested group membership must be searched for using a special OID "
 "<quote>:1.2.840.113556.1.4.1941:</quote> in addition to the full DOM:domain."
@@ -10730,7 +10625,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:275
+#: sssd-ad.5.xml:278
 msgid ""
 "The most specific match is always used. For example, if the option specified "
 "filter for a domain the user is a member of and a global filter, the per-"
@@ -10739,7 +10634,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ad.5.xml:286
+#: sssd-ad.5.xml:289
 #, no-wrap
 msgid ""
 "# apply filter on domain called dom1 only:\n"
@@ -10757,24 +10652,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:305
+#: sssd-ad.5.xml:308
 msgid "ad_site (string)"
 msgstr "ad_site (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:308
+#: sssd-ad.5.xml:311
 msgid ""
 "Specify AD site to which client should try to connect.  If this option is "
 "not provided, the AD site will be auto-discovered."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:319
+#: sssd-ad.5.xml:322
 msgid "ad_enable_gc (boolean)"
 msgstr "ad_enable_gc (booléen)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:322
+#: sssd-ad.5.xml:325
 msgid ""
 "By default, the SSSD connects to the Global Catalog first to retrieve users "
 "from trusted domains and uses the LDAP port to retrieve group memberships or "
@@ -10783,7 +10678,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:330
+#: sssd-ad.5.xml:333
 msgid ""
 "Please note that disabling Global Catalog support does not disable "
 "retrieving users from trusted domains. The SSSD would connect to the LDAP "
@@ -10792,12 +10687,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:344
+#: sssd-ad.5.xml:347
 msgid "ad_gpo_access_control (string)"
 msgstr "ad_gpo_access_control (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:347
+#: sssd-ad.5.xml:350
 msgid ""
 "This option specifies the operation mode for GPO-based access control "
 "functionality: whether it operates in disabled mode, enforcing mode, or "
@@ -10807,14 +10702,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:356
+#: sssd-ad.5.xml:359
 msgid ""
 "GPO-based access control functionality uses GPO policy settings to determine "
 "whether or not a particular user is allowed to logon to a particular host."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:362
+#: sssd-ad.5.xml:365
 msgid ""
 "NOTE: The current version of SSSD does not support host (computer) entries "
 "in the GPO 'Security Filtering' list. Only user and group entries are "
@@ -10822,7 +10717,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:369
+#: sssd-ad.5.xml:372
 msgid ""
 "NOTE: If the operation mode is set to enforcing, it is possible that users "
 "that were previously allowed logon access will now be denied logon access "
@@ -10835,23 +10730,23 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:382
+#: sssd-ad.5.xml:385
 msgid "There are three supported values for this option:"
 msgstr "Il existe trois valeurs prises en charge pour cette option :"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:386
+#: sssd-ad.5.xml:389
 msgid ""
 "disabled: GPO-based access control rules are neither evaluated nor enforced."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:392
+#: sssd-ad.5.xml:395
 msgid "enforcing: GPO-based access control rules are evaluated and enforced."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:398
+#: sssd-ad.5.xml:401
 msgid ""
 "permissive: GPO-based access control rules are evaluated, but not enforced.  "
 "Instead, a syslog message will be emitted indicating that the user would "
@@ -10859,22 +10754,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:409
+#: sssd-ad.5.xml:412
 msgid "Default: permissive"
 msgstr "Par défaut : permissive"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:412
+#: sssd-ad.5.xml:415
 msgid "Default: enforcing"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:418
+#: sssd-ad.5.xml:421
 msgid "ad_gpo_cache_timeout (integer)"
 msgstr "ad_gpo_cache_timeout (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:421
+#: sssd-ad.5.xml:424
 msgid ""
 "The amount of time between lookups of GPO policy files against the AD "
 "server. This will reduce the latency and load on the AD server if there are "
@@ -10882,12 +10777,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:434
+#: sssd-ad.5.xml:437
 msgid "ad_gpo_map_interactive (string)"
 msgstr "ad_gpo_map_interactive (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:437
+#: sssd-ad.5.xml:440
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the InteractiveLogonRight and "
@@ -10895,14 +10790,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:443
+#: sssd-ad.5.xml:446
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Allow "
 "log on locally\" and \"Deny log on locally\"."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:457
+#: sssd-ad.5.xml:460
 #, no-wrap
 msgid ""
 "ad_gpo_map_interactive = +my_pam_service, -login\n"
@@ -10910,7 +10805,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:448
+#: sssd-ad.5.xml:451
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -10922,78 +10817,78 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:461 sssd-ad.5.xml:557 sssd-ad.5.xml:603 sssd-ad.5.xml:648
-#: sssd-ad.5.xml:714
+#: sssd-ad.5.xml:464 sssd-ad.5.xml:560 sssd-ad.5.xml:606 sssd-ad.5.xml:651
+#: sssd-ad.5.xml:717
 msgid "Default: the default set of PAM service names includes:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:465
+#: sssd-ad.5.xml:468
 msgid "login"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:470
+#: sssd-ad.5.xml:473
 msgid "su"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:475
+#: sssd-ad.5.xml:478
 msgid "su-l"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:480
+#: sssd-ad.5.xml:483
 msgid "gdm-fingerprint"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:485
+#: sssd-ad.5.xml:488
 msgid "gdm-password"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:490
+#: sssd-ad.5.xml:493
 msgid "gdm-smartcard"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:495
+#: sssd-ad.5.xml:498
 msgid "kdm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:500
+#: sssd-ad.5.xml:503
 msgid "lightdm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:505
+#: sssd-ad.5.xml:508
 msgid "lxdm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:510
+#: sssd-ad.5.xml:513
 msgid "sddm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:515
+#: sssd-ad.5.xml:518
 msgid "unity"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:520
+#: sssd-ad.5.xml:523
 msgid "xdm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:529
+#: sssd-ad.5.xml:532
 msgid "ad_gpo_map_remote_interactive (string)"
 msgstr "ad_gpo_map_remote_interactive (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:532
+#: sssd-ad.5.xml:535
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the RemoteInteractiveLogonRight and "
@@ -11001,7 +10896,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:538
+#: sssd-ad.5.xml:541
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Allow "
 "log on through Remote Desktop Services\" and \"Deny log on through Remote "
@@ -11009,7 +10904,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:553
+#: sssd-ad.5.xml:556
 #, no-wrap
 msgid ""
 "ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n"
@@ -11017,7 +10912,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:544
+#: sssd-ad.5.xml:547
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -11029,22 +10924,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:561
+#: sssd-ad.5.xml:564
 msgid "sshd"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:566
+#: sssd-ad.5.xml:569
 msgid "cockpit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:575
+#: sssd-ad.5.xml:578
 msgid "ad_gpo_map_network (string)"
 msgstr "ad_gpo_map_network (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:578
+#: sssd-ad.5.xml:581
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the NetworkLogonRight and "
@@ -11052,7 +10947,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:584
+#: sssd-ad.5.xml:587
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Access "
 "this computer from the network\" and \"Deny access to this computer from the "
@@ -11060,7 +10955,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:599
+#: sssd-ad.5.xml:602
 #, no-wrap
 msgid ""
 "ad_gpo_map_network = +my_pam_service, -ftp\n"
@@ -11068,7 +10963,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:590
+#: sssd-ad.5.xml:593
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -11080,22 +10975,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:607
+#: sssd-ad.5.xml:610
 msgid "ftp"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:612
+#: sssd-ad.5.xml:615
 msgid "samba"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:621
+#: sssd-ad.5.xml:624
 msgid "ad_gpo_map_batch (string)"
 msgstr "ad_gpo_map_batch (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:624
+#: sssd-ad.5.xml:627
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the BatchLogonRight and DenyBatchLogonRight "
@@ -11103,14 +10998,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:630
+#: sssd-ad.5.xml:633
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Allow "
 "log on as a batch job\" and \"Deny log on as a batch job\"."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:644
+#: sssd-ad.5.xml:647
 #, no-wrap
 msgid ""
 "ad_gpo_map_batch = +my_pam_service, -crond\n"
@@ -11118,7 +11013,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:635
+#: sssd-ad.5.xml:638
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -11130,17 +11025,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:652
+#: sssd-ad.5.xml:655
 msgid "crond"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:661
+#: sssd-ad.5.xml:664
 msgid "ad_gpo_map_service (string)"
 msgstr "ad_gpo_map_service (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:664
+#: sssd-ad.5.xml:667
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the ServiceLogonRight and "
@@ -11148,14 +11043,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:670
+#: sssd-ad.5.xml:673
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Allow "
 "log on as a service\" and \"Deny log on as a service\"."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:683
+#: sssd-ad.5.xml:686
 #, no-wrap
 msgid ""
 "ad_gpo_map_service = +my_pam_service\n"
@@ -11163,7 +11058,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:675 sssd-ad.5.xml:750
+#: sssd-ad.5.xml:678 sssd-ad.5.xml:753
 msgid ""
 "It is possible to add a PAM service name to the default set by using <quote>"
 "+service_name</quote>.  Since the default set is empty, it is not possible "
@@ -11174,19 +11069,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:693
+#: sssd-ad.5.xml:696
 msgid "ad_gpo_map_permit (string)"
 msgstr "ad_gpo_map_permit (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:696
+#: sssd-ad.5.xml:699
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access is "
 "always granted, regardless of any GPO Logon Rights."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:710
+#: sssd-ad.5.xml:713
 #, no-wrap
 msgid ""
 "ad_gpo_map_permit = +my_pam_service, -sudo\n"
@@ -11194,7 +11089,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:701
+#: sssd-ad.5.xml:704
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -11206,39 +11101,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:718
+#: sssd-ad.5.xml:721
 msgid "polkit-1"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:723
+#: sssd-ad.5.xml:726
 msgid "sudo"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:728
+#: sssd-ad.5.xml:731
 msgid "sudo-i"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:733
+#: sssd-ad.5.xml:736
 msgid "systemd-user"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:742
+#: sssd-ad.5.xml:745
 msgid "ad_gpo_map_deny (string)"
 msgstr "ad_gpo_map_deny (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:745
+#: sssd-ad.5.xml:748
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access is "
 "always denied, regardless of any GPO Logon Rights."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:758
+#: sssd-ad.5.xml:761
 #, no-wrap
 msgid ""
 "ad_gpo_map_deny = +my_pam_service\n"
@@ -11246,12 +11141,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:768
+#: sssd-ad.5.xml:771
 msgid "ad_gpo_default_right (string)"
 msgstr "ad_gpo_default_right (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:771
+#: sssd-ad.5.xml:774
 msgid ""
 "This option defines how access control is evaluated for PAM service names "
 "that are not explicitly listed in one of the ad_gpo_map_* options. This "
@@ -11264,57 +11159,57 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:784
+#: sssd-ad.5.xml:787
 msgid "Supported values for this option include:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:788
+#: sssd-ad.5.xml:791
 msgid "interactive"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:793
+#: sssd-ad.5.xml:796
 msgid "remote_interactive"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:798
+#: sssd-ad.5.xml:801
 msgid "network"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:803
+#: sssd-ad.5.xml:806
 msgid "batch"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:808
+#: sssd-ad.5.xml:811
 msgid "service"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:813
+#: sssd-ad.5.xml:816
 msgid "permit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:818
+#: sssd-ad.5.xml:821
 msgid "deny"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:824
+#: sssd-ad.5.xml:827
 msgid "Default: deny"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:830
+#: sssd-ad.5.xml:833
 msgid "ad_maximum_machine_account_password_age (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:833
+#: sssd-ad.5.xml:836
 msgid ""
 "SSSD will check once a day if the machine account password is older than the "
 "given age in days and try to renew it. A value of 0 will disable the renewal "
@@ -11322,17 +11217,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:839
+#: sssd-ad.5.xml:842
 msgid "Default: 30 days"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:845
+#: sssd-ad.5.xml:848
 msgid "ad_machine_account_password_renewal_opts (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:848
+#: sssd-ad.5.xml:851
 msgid ""
 "This option should only be used to test the machine account renewal task. "
 "The option expects 2 integers separated by a colon (':'). The first integer "
@@ -11342,12 +11237,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:857
+#: sssd-ad.5.xml:860
 msgid "Default: 86400:750 (24h and 15m)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:866
+#: sssd-ad.5.xml:869
 msgid ""
 "Optional. This option tells SSSD to automatically update the Active "
 "Directory DNS server with the IP address of this client. The update is "
@@ -11365,19 +11260,19 @@ msgstr ""
 "<quote>dyndns_iface</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:896
+#: sssd-ad.5.xml:899
 msgid "Default: 3600 (seconds)"
 msgstr "Par défaut : 3600 (secondes)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:912
+#: sssd-ad.5.xml:915
 msgid ""
 "Default: Use the IP addresses of the interface which is used for AD LDAP "
 "connection"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:925
+#: sssd-ad.5.xml:928
 msgid ""
 "How often should the back end perform periodic DNS update in addition to the "
 "automatic update performed when the back end goes online.  This option is "
@@ -11387,12 +11282,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:948 sss_rpcidmapd.5.xml:76
+#: sssd-ad.5.xml:951 sss_rpcidmapd.5.xml:76
 msgid "Default: True"
 msgstr "Par défaut : True"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:1040
+#: sssd-ad.5.xml:1043
 msgid ""
 "The following example assumes that SSSD is correctly configured and example."
 "com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -11403,7 +11298,7 @@ msgstr ""
 "exemples montrent seulement les options spécifiques au fournisseur AD."
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:1047
+#: sssd-ad.5.xml:1050
 #, no-wrap
 msgid ""
 "[domain/EXAMPLE]\n"
@@ -11427,7 +11322,7 @@ msgstr ""
 "ad_domain = example.com\n"
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:1067
+#: sssd-ad.5.xml:1070
 #, no-wrap
 msgid ""
 "access_provider = ldap\n"
@@ -11439,7 +11334,7 @@ msgstr ""
 "ldap_account_expire_policy = ad\n"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:1063
+#: sssd-ad.5.xml:1066
 msgid ""
 "The AD access control provider checks if the account is expired.  It has the "
 "same effect as the following configuration of the LDAP provider: "
@@ -11450,7 +11345,7 @@ msgstr ""
 "<placeholder type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:1073
+#: sssd-ad.5.xml:1076
 msgid ""
 "However, unless the <quote>ad</quote> access control provider is explicitly "
 "configured, the default access provider is <quote>permit</quote>. Please "
@@ -11460,15 +11355,15 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:1081
+#: sssd-ad.5.xml:1084
 msgid ""
 "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
 "attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
 "are included in the default Active Directory schema."
 msgstr ""
 
-#. type: Content of: <reference><refentry><refmeta><refentrytitle>
-#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 sssd-session-recording.5.xml:10
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16
 msgid "sssd-sudo"
 msgstr "sssd-sudo"
 
@@ -11868,10 +11763,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sssd.8.xml:101
-#, fuzzy
-#| msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>"
 msgid "<option>--logger=</option><replaceable>value</replaceable>"
-msgstr "<option>--debug-timestamps=</option><replaceable>mode</replaceable>"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd.8.xml:105
@@ -11883,39 +11776,24 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd.8.xml:112
-#, fuzzy
-#| msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages"
 msgid ""
 "<emphasis>stderr</emphasis>: Redirect debug messages to standard error "
 "output."
 msgstr ""
-"<emphasis>1</emphasis> : Ajouter un horodatage aux messages de débogage"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd.8.xml:116
-#, fuzzy
-#| msgid ""
-#| "Send the debug output to files instead of stderr. By default, the log "
-#| "files are stored in <filename>/var/log/sssd</filename> and there are "
-#| "separate log files for every SSSD service and domain."
 msgid ""
 "<emphasis>files</emphasis>: Redirect debug messages to the log files. By "
 "default, the log files are stored in <filename>/var/log/sssd</filename> and "
 "there are separate log files for every SSSD service and domain."
 msgstr ""
-"Envoie la sortie de débogage vers des fichiers plutôt que vers la sortie "
-"d'erreur standard. Par défaut, les fichiers de sortie sont stockés dans "
-"<filename>/var/log/sssd</filename> et des fichiers différents sont créés "
-"pour chaque service et domaine SSSD."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd.8.xml:122
-#, fuzzy
-#| msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages"
 msgid ""
 "<emphasis>journald</emphasis>: Redirect debug messages to systemd-journald"
 msgstr ""
-"<emphasis>1</emphasis> : Ajouter un horodatage aux messages de débogage"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sssd.8.xml:132
@@ -12112,7 +11990,7 @@ msgid "The password to obfuscate will be read from standard input."
 msgstr "Le mot de passe chiffré sera lu sur l'entrée standard."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:70
+#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:127
 #: sss_ssh_knownhostsproxy.1.xml:78
 msgid ""
 "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
@@ -13883,10 +13761,8 @@ msgstr "sss_debuglevel"
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sss_debuglevel.8.xml:16
-#, fuzzy
-#| msgid "change debug level while SSSD is running"
 msgid "[DEPRECATED] change debug level while SSSD is running"
-msgstr "modifie le niveau de débogage pendant l'exécution de SSSD"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
 #: sss_debuglevel.8.xml:21
@@ -14437,8 +14313,98 @@ msgid ""
 "\" id=\"0\"/>"
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sss_ssh_authorizedkeys.1.xml:65
+msgid "KEYS FROM CERTIFICATES"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:67
+msgid ""
+"In addition to the public SSH keys for user <replaceable>USER</replaceable> "
+"<command>sss_ssh_authorizedkeys</command> can return public SSH keys derived "
+"from the public key of a X.509 certificate as well."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:73
+msgid ""
+"To enable this the <quote>ssh_use_certificate_keys</quote> option must be "
+"set to true (default) in the [ssh] section of <filename>sssd.conf</"
+"filename>. If the user entry contains certificates (see "
+"<quote>ldap_user_certificate</quote> in <citerefentry><refentrytitle>sssd-"
+"ldap</refentrytitle> <manvolnum>5</manvolnum></citerefentry> for details) or "
+"there is a certificate in an override entry for the user (see "
+"<citerefentry><refentrytitle>sss_override</refentrytitle> <manvolnum>8</"
+"manvolnum></citerefentry> or <citerefentry><refentrytitle>sssd-ipa</"
+"refentrytitle> <manvolnum>5</manvolnum></citerefentry> for details) and the "
+"certificate is valid SSSD will extract the public key from the certificate "
+"and convert it into the format expected by sshd."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:90
+msgid "Besides <quote>ssh_use_certificate_keys</quote> the options"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+#: sss_ssh_authorizedkeys.1.xml:92
+msgid "ca_db"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+#: sss_ssh_authorizedkeys.1.xml:93
+#, fuzzy
+#| msgid "client_idle_timeout"
+msgid "p11_child_timeout"
+msgstr "client_idle_timeout"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+#: sss_ssh_authorizedkeys.1.xml:94
+msgid "certificate_verification"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:96
+#, fuzzy
+#| msgid ""
+#| "Please refer to the <quote>dns_discovery_domain</quote> parameter in the "
+#| "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+#| "manvolnum> </citerefentry> manual page for more details."
+msgid ""
+"can be used to control how the certificates are validated (see "
+"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry> for details)."
+msgstr ""
+"Se reporter au paramètre <quote>dns_discovery_domain</quote> dans la page de "
+"manuel <citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry> pour plus de détails."
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:101
+msgid ""
+"The validation is the benefit of using X.509 certificates instead of SSH "
+"keys directly because e.g. it gives a better control of the lifetime of the "
+"keys. When the ssh client is configured to use the private keys from a "
+"Smartcard with the help of a PKCS#11 shared library (see "
+"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></"
+"citerefentry> for details) it might be irritating that authentication is "
+"still working even if the related X.509 certificate on the Smartcard is "
+"already expired because neither <command>ssh</command> nor <command>sshd</"
+"command> will look at the certificate at all."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:114
+msgid ""
+"It has to be noted that the derived public SSH key can still be added to the "
+"<filename>authorized_keys</filename> file of the user to bypass the "
+"certificate validation if the <command>sshd</command> configuration permits "
+"this."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_authorizedkeys.1.xml:75
+#: sss_ssh_authorizedkeys.1.xml:132
 msgid ""
 "Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
 msgstr ""
@@ -14446,12 +14412,12 @@ msgstr ""
 "replaceable>."
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_authorizedkeys.1.xml:84 sss_ssh_knownhostsproxy.1.xml:92
+#: sss_ssh_authorizedkeys.1.xml:141 sss_ssh_knownhostsproxy.1.xml:92
 msgid "EXIT STATUS"
 msgstr "CODE RETOUR"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:86 sss_ssh_knownhostsproxy.1.xml:94
+#: sss_ssh_authorizedkeys.1.xml:143 sss_ssh_knownhostsproxy.1.xml:94
 msgid ""
 "In case of success, an exit value of 0 is returned. Otherwise, 1 is returned."
 msgstr ""
@@ -14674,25 +14640,79 @@ msgid ""
 "manvolnum> </citerefentry>."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-files.5.xml:69
+#, fuzzy
+#| msgid "ad_site (string)"
+msgid "passwd_files (string)"
+msgstr "ad_site (chaîne)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:72
+msgid ""
+"Comma-separated list of one or multiple password filenames to be read and "
+"enumerated by the files provider, inotify monitor watches will be set on "
+"each file to detect changes dynamically."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:78
+#, fuzzy
+#| msgid "Default: password"
+msgid "Default: /etc/passwd"
+msgstr "Par défaut : password"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-files.5.xml:84
+#, fuzzy
+#| msgid "ldap_netgroup_triple (string)"
+msgid "group_files (string)"
+msgstr "ldap_netgroup_triple (chaîne)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:87
+msgid ""
+"Comma-separated list of one or multiple group filenames to be read and "
+"enumerated by the files provider, inotify monitor watches will be set on "
+"each file to detect changes dynamically."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:93
+#, fuzzy
+#| msgid "Default: nisNetgroup"
+msgid "Default: /etc/group"
+msgstr "Par défaut : nisNetgroup"
+
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-files.5.xml:59
+#, fuzzy
+#| msgid ""
+#| "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
+#| "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
+#| "citerefentry> manual page for details on the configuration of an SSSD "
+#| "domain.  <placeholder type=\"variablelist\" id=\"0\"/>"
 msgid ""
-"The files provider has no specific options of its own, however, generic SSSD "
-"domain options can be set where applicable.  Refer to the section "
-"<quote>DOMAIN SECTIONS</quote> of the <citerefentry> <refentrytitle>sssd."
-"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page "
-"for details on the configuration of an SSSD domain."
+"In addition to the options listed below, generic SSSD domain options can be "
+"set where applicable.  Refer to the section <quote>DOMAIN SECTIONS</quote> "
+"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> manual page for details on the configuration of "
+"an SSSD domain.  <placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
+"Se référer à la section <quote>SECTIONS DE DOMAINE</quote> de la page de "
+"manuel <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> pour les détails sur la configuration d'un "
+"domaine SSSD. <placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-files.5.xml:73
+#: sssd-files.5.xml:105
 msgid ""
 "The following example assumes that SSSD is correctly configured and files is "
 "one of the domains in the <replaceable>[sssd]</replaceable> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-files.5.xml:79
+#: sssd-files.5.xml:111
 #, no-wrap
 msgid ""
 "[domain/files]\n"
@@ -14768,18 +14788,10 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-secrets.5.xml:75
-#, fuzzy
-#| msgid ""
-#| "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
-#| "<manvolnum>8</manvolnum> </citerefentry> to specify the default "
-#| "permissions on a newly created home directory."
 msgid ""
 "used by the <citerefentry> <refentrytitle>sssd-kcm</refentrytitle> "
 "<manvolnum>8</manvolnum> </citerefentry> service."
 msgstr ""
-"Utilisé par <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
-"<manvolnum>8</manvolnum> </citerefentry> pour spécifier les permissions par "
-"défaut sur un répertoire personnel nouvellement créé."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-secrets.5.xml:61
@@ -14939,10 +14951,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sssd-secrets.5.xml:216
-#, fuzzy
-#| msgid "pam_id_timeout (integer)"
 msgid "max_uid_secrets (integer)"
-msgstr "pam_id_timeout (entier)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd-secrets.5.xml:219
@@ -15471,27 +15481,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-session-recording.5.xml:16
+#: sssd-session-recording.5.xml:10 sssd-session-recording.5.xml:16
 msgid "sssd-session-recording"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sssd-session-recording.5.xml:17
-#, fuzzy
-#| msgid "Configuring sudo to cooperate with SSSD"
 msgid "Configuring session recording with SSSD"
-msgstr "Configuration de sudo pour coopérer avec SSSD"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-session-recording.5.xml:23
-#, fuzzy
-#| msgid ""
-#| "This manual page describes the configuration of the simple access-control "
-#| "provider for <citerefentry> <refentrytitle>sssd</refentrytitle> "
-#| "<manvolnum>8</manvolnum> </citerefentry>.  For a detailed syntax "
-#| "reference, refer to the <quote>FILE FORMAT</quote> section of the "
-#| "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-#| "manvolnum> </citerefentry> manual page."
 msgid ""
 "This manual page describes how to configure <citerefentry> "
 "<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> "
@@ -15502,12 +15502,6 @@ msgid ""
 "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
 "<manvolnum>5</manvolnum> </citerefentry> manual page."
 msgstr ""
-"Cette page de manuel décrit la configuration du fournisseur de contrôle "
-"d'accès simple de <citerefentry> <refentrytitle>sssd</refentrytitle> "
-"<manvolnum>8</manvolnum> </citerefentry>. Pour plus de détails sur la "
-"syntaxe, cf. la section <quote>FORMAT DE FICHIER</quote> de la page de "
-"manuel <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-session-recording.5.xml:41
@@ -15531,12 +15525,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-session-recording.5.xml:60
-#, fuzzy
-#| msgid "These options can be used to configure the PAC responder."
 msgid "These options can be used to configure the session recording."
 msgstr ""
-"Les options suivantes peuvent être utilisées pour configurer le répondeur "
-"PAC."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-session-recording.5.xml:146
@@ -15760,10 +15750,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sssd-systemtap.5.xml:10 sssd-systemtap.5.xml:16
-#, fuzzy
-#| msgid "sssd-simple"
 msgid "sssd-systemtap"
-msgstr "sssd-simple"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sssd-systemtap.5.xml:17
@@ -15772,21 +15760,11 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-systemtap.5.xml:23
-#, fuzzy
-#| msgid ""
-#| "This manual page only describes attribute name mapping.  For detailed "
-#| "explanation of sudo related attribute semantics, see <citerefentry> "
-#| "<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </"
-#| "citerefentry>"
 msgid ""
 "This manual page provides information about the systemtap functionality in "
 "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
 "</citerefentry>."
 msgstr ""
-"Cette page de manuel décrit uniquement le mappage de noms d'attribut.  Pour "
-"une explication détaillée des sémantiques d'attributs relatives à sudo, cf. "
-"<citerefentry><refentrytitle>sudoers.ldap</refentrytitle> <manvolnum>5</"
-"manvolnum></citerefentry>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-systemtap.5.xml:32
@@ -15822,10 +15800,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sssd-systemtap.5.xml:64
-#, fuzzy
-#| msgid "realm name"
 msgid "probe $name"
-msgstr "nom de domaine"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd-systemtap.5.xml:67
@@ -16021,16 +15997,11 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
 #: sssd-systemtap.5.xml:257 sssd-systemtap.5.xml:269 sssd-systemtap.5.xml:281
 #: sssd-systemtap.5.xml:293
-#, fuzzy, no-wrap
-#| msgid ""
-#| "fallback_homedir = /home/%u\n"
-#| "                            "
+#, no-wrap
 msgid ""
 "filter:string\n"
 "                       "
 msgstr ""
-"fallback_homedir = /home/%u\n"
-"                            "
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sssd-systemtap.5.xml:262
@@ -16377,10 +16348,8 @@ msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
 #: include/failover.xml:76
-#, fuzzy
-#| msgid "dns_resolver_timeout (integer)"
 msgid "dns_resolver_op_timeout"
-msgstr "dns_resolver_timeout (entier)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: include/failover.xml:80
@@ -16389,10 +16358,8 @@ msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
 #: include/failover.xml:86
-#, fuzzy
-#| msgid "dns_resolver_timeout (integer)"
 msgid "dns_resolver_timeout"
-msgstr "dns_resolver_timeout (entier)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: include/failover.xml:90
@@ -16404,30 +16371,18 @@ msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para>
 #: include/failover.xml:67
-#, fuzzy
-#| msgid ""
-#| "All of the common configuration options that apply to SSSD domains also "
-#| "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> "
-#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
-#| "<manvolnum>5</manvolnum> </citerefentry> manual page for full details.  "
-#| "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgid ""
 "This section lists the available tunables. Please refer to their description "
 "in the <citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
 "manvolnum> </citerefentry>, manual page.  <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
 msgstr ""
-"Toutes les options de configuration communes appliquées aux domaines SSSD "
-"s'appliquent aussi aux domaines LDAP. Voir la section des <quote>SECTIONS DE "
-"DOMAINE</quote> dans la page de manuel <citerefentry> <refentrytitle>sssd."
-"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> pour plus de "
-"détails. <placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <refsect1><refsect2><para>
 #: include/failover.xml:100
 msgid ""
 "For LDAP-based providers, the resolve operation is performed as part of an "
-"LDAP connection operation. Thefore, also the <quote>ldap_opt_timeout></"
+"LDAP connection operation. Therefore, also the <quote>ldap_opt_timeout></"
 "quote> timeout should be set to a larger value than "
 "<quote>dns_resolver_timeout</quote> which in turn should be set to a larger "
 "value than <quote>dns_resolver_op_timeout</quote>."
@@ -17398,6 +17353,23 @@ msgstr ""
 msgid "ldap_use_tokengroups = true"
 msgstr ""
 
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ad_modified_defaults.xml:63
+msgid "ldap_sasl_authid = sAMAccountName@REALM (typically SHORTNAME$@REALM)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ad_modified_defaults.xml:66
+msgid ""
+"The AD provider looks for a different principal than the LDAP provider by "
+"default, because in an Active Directory environment the principals are "
+"divided into two groups - User Principals and Service Principals. Only User "
+"Principal can be used to obtain a TGT and by default, computer object's "
+"principal is constructed from its sAMAccountName and the AD realm. The well-"
+"known host/hostname@REALM principal is a Service Principal and thus cannot "
+"be used to get a TGT with."
+msgstr ""
+
 #. type: Content of: <refsect1><para>
 #: include/ipa_modified_defaults.xml:4
 msgid ""
@@ -17500,22 +17472,3 @@ msgstr ""
 #: include/ipa_modified_defaults.xml:118
 msgid "ldap_group_external_member = ipaExternalMember"
 msgstr ""
-
-#~ msgid ""
-#~ "Determines if a domain can be enumerated. This parameter can have one of "
-#~ "the following values:"
-#~ msgstr ""
-#~ "Détermine si un domaine peut être énuméré. Ce paramètre peut avoir une "
-#~ "des valeurs suivantes :"
-
-#~ msgid ""
-#~ "<command>sss_debuglevel</command> changes debug level of SSSD monitor and "
-#~ "providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is "
-#~ "running."
-#~ msgstr ""
-#~ "<command>sss_debuglevel</command> positionne le niveau de débogage du "
-#~ "moniteur et des fournisseurs SSSD à <replaceable>NEW_DEBUG_LEVEL</"
-#~ "replaceable> pendant l'exécution de SSSD."
-
-#~ msgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>"
-#~ msgstr "<replaceable>NEW_DEBUG_LEVEL</replaceable>"
diff --git a/src/man/po/ja.po b/src/man/po/ja.po
index caca566..bfe5ece 100644
--- a/src/man/po/ja.po
+++ b/src/man/po/ja.po
@@ -8,10 +8,10 @@
 # carrotsoft <www.carrotsoft@gmail.com>, 2012
 msgid ""
 msgstr ""
-"Project-Id-Version: sssd-docs 1.15.3\n"
+"Project-Id-Version: sssd-docs 1.16.1\n"
 "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2018-03-09 12:30+0100\n"
-"PO-Revision-Date: 2014-12-14 11:59-0500\n"
+"POT-Creation-Date: 2018-06-08 21:00+0200\n"
+"PO-Revision-Date: 2014-12-14 11:59+0000\n"
 "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
 "Language-Team: Japanese (http://www.transifex.com/projects/p/sssd/language/"
 "ja/)\n"
@@ -20,7 +20,7 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=1; plural=0;\n"
-"X-Generator: Zanata 3.9.6\n"
+"X-Generator: Zanata 4.4.5\n"
 
 #. type: Content of: <reference><title>
 #: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
@@ -96,7 +96,7 @@ msgstr ""
 #: sss_groupmod.8.xml:39 pam_sss.8.xml:64 sssd.8.xml:42 sss_obfuscate.8.xml:58
 #: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
 #: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
-#: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:66
+#: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:123
 #: sss_ssh_knownhostsproxy.1.xml:62
 msgid "OPTIONS"
 msgstr "オプション"
@@ -207,7 +207,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd.conf.5.xml:41
 msgid ""
-"A line comment starts with a hash sign (<quote>#</quote>) or a semicolon "
+"A comment line starts with a hash sign (<quote>#</quote>) or a semicolon "
 "(<quote>;</quote>).  Inline comments are not supported."
 msgstr ""
 
@@ -319,11 +319,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:133 sssd.conf.5.xml:543 sssd.conf.5.xml:837
-#: sssd.conf.5.xml:1474 sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1937
-#: sssd-ldap.5.xml:1999 sssd-ldap.5.xml:2565 sssd-ldap.5.xml:2630
-#: sssd-ldap.5.xml:2648 sssd-ad.5.xml:224 sssd-ad.5.xml:338 sssd-ad.5.xml:882
-#: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
+#: sssd.conf.5.xml:133 sssd.conf.5.xml:543 sssd.conf.5.xml:839
+#: sssd.conf.5.xml:1491 sssd.conf.5.xml:1521 sssd-ldap.5.xml:1840
+#: sssd-ldap.5.xml:1937 sssd-ldap.5.xml:1999 sssd-ldap.5.xml:2565
+#: sssd-ldap.5.xml:2630 sssd-ldap.5.xml:2648 sssd-ad.5.xml:227
+#: sssd-ad.5.xml:341 sssd-ad.5.xml:885 sssd-krb5.5.xml:499
+#: sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
 msgid "Default: true"
 msgstr "初期値: true"
 
@@ -340,8 +341,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:146 sssd.conf.5.xml:540 sssd.conf.5.xml:721
-#: sssd.conf.5.xml:1407 sssd.conf.5.xml:2925 sssd-ldap.5.xml:708
+#: sssd.conf.5.xml:146 sssd.conf.5.xml:540 sssd.conf.5.xml:722
+#: sssd.conf.5.xml:1424 sssd.conf.5.xml:2983 sssd-ldap.5.xml:708
 #: sssd-ldap.5.xml:1714 sssd-ldap.5.xml:1733 sssd-ldap.5.xml:1909
 #: sssd-ldap.5.xml:2335 sssd-ipa.5.xml:151 sssd-ipa.5.xml:238
 #: sssd-ipa.5.xml:559 sssd-krb5.5.xml:266 sssd-krb5.5.xml:300
@@ -375,7 +376,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:169 sssd.conf.5.xml:1359 sssd.conf.5.xml:2941
+#: sssd.conf.5.xml:169 sssd.conf.5.xml:1376 sssd.conf.5.xml:2999
 #: sssd-ldap.5.xml:1585 include/ldap_id_mapping.xml:264
 msgid "Default: 10"
 msgstr "初期値: 10"
@@ -391,7 +392,7 @@ msgid "The [sssd] section"
 msgstr "[sssd] セクション"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:191 sssd.conf.5.xml:3030
+#: sssd.conf.5.xml:191 sssd.conf.5.xml:3088
 msgid "Section parameters"
 msgstr "セクションのパラメーター"
 
@@ -441,12 +442,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231 sssd.conf.5.xml:613
+#: sssd.conf.5.xml:231 sssd.conf.5.xml:614
 msgid "reconnection_retries (integer)"
 msgstr "reconnection_retries (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:234 sssd.conf.5.xml:616
+#: sssd.conf.5.xml:234 sssd.conf.5.xml:617
 msgid ""
 "Number of times services should attempt to reconnect in the event of a Data "
 "Provider crash or restart before they give up"
@@ -455,7 +456,7 @@ msgstr ""
 "める前に試行する回数です。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:239 sssd.conf.5.xml:621
+#: sssd.conf.5.xml:239 sssd.conf.5.xml:622
 msgid "Default: 3"
 msgstr "初期値: 3"
 
@@ -475,7 +476,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:259 sssd.conf.5.xml:2539
+#: sssd.conf.5.xml:259 sssd.conf.5.xml:2597
 msgid "re_expression (string)"
 msgstr "re_expression (文字列)"
 
@@ -495,12 +496,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:276 sssd.conf.5.xml:2590
+#: sssd.conf.5.xml:276 sssd.conf.5.xml:2648
 msgid "full_name_format (string)"
 msgstr "full_name_format (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:279 sssd.conf.5.xml:2593
+#: sssd.conf.5.xml:279 sssd.conf.5.xml:2651
 msgid ""
 "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
 "manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -511,39 +512,39 @@ msgstr ""
 "manvolnum> </citerefentry> 互換形式。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:290 sssd.conf.5.xml:2604
+#: sssd.conf.5.xml:290 sssd.conf.5.xml:2662
 msgid "%1$s"
 msgstr "%1$s"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:291 sssd.conf.5.xml:2605
+#: sssd.conf.5.xml:291 sssd.conf.5.xml:2663
 msgid "user name"
 msgstr "ユーザー名"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:294 sssd.conf.5.xml:2608
+#: sssd.conf.5.xml:294 sssd.conf.5.xml:2666
 msgid "%2$s"
 msgstr "%2$s"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:297 sssd.conf.5.xml:2611
+#: sssd.conf.5.xml:297 sssd.conf.5.xml:2669
 msgid "domain name as specified in the SSSD config file."
 msgstr "SSSD 設定ファイルにおいて指定されるドメイン名。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:303 sssd.conf.5.xml:2617
+#: sssd.conf.5.xml:303 sssd.conf.5.xml:2675
 msgid "%3$s"
 msgstr "%3$s"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:306 sssd.conf.5.xml:2620
+#: sssd.conf.5.xml:306 sssd.conf.5.xml:2678
 msgid ""
 "domain flat name. Mostly usable for Active Directory domains, both directly "
 "configured or discovered via IPA trusts."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:287 sssd.conf.5.xml:2601
+#: sssd.conf.5.xml:287 sssd.conf.5.xml:2659
 msgid ""
 "The following expansions are supported: <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
@@ -686,9 +687,9 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:418 sssd.conf.5.xml:1163 sssd-ldap.5.xml:679
+#: sssd.conf.5.xml:418 sssd.conf.5.xml:1165 sssd-ldap.5.xml:679
 #: sssd-ldap.5.xml:1319 sssd-ldap.5.xml:1673 sssd-ldap.5.xml:1685
-#: sssd-ldap.5.xml:1767 sssd-ad.5.xml:687 sssd-ad.5.xml:762 sssd.8.xml:126
+#: sssd-ldap.5.xml:1767 sssd-ad.5.xml:690 sssd-ad.5.xml:765 sssd.8.xml:126
 #: sssd-krb5.5.xml:410 sssd-krb5.5.xml:556 sssd-secrets.5.xml:339
 #: sssd-secrets.5.xml:377 sssd-secrets.5.xml:390 sssd-secrets.5.xml:404
 #: sssd-secrets.5.xml:415 include/ldap_id_mapping.xml:205
@@ -866,21 +867,22 @@ msgstr ""
 #: sssd.conf.5.xml:563
 msgid ""
 "Please, note that when this option is set the output format of all commands "
-"is always fully-qualified even when using short names for input.  In case "
-"the administrator wants the output not fully-qualified, the full_name_format "
-"option can be used as shown below: <quote>full_name_format=%1$s</quote> "
-"However, keep in mind that during login, login applications often "
-"canonicalize the username by calling <citerefentry> <refentrytitle>getpwnam</"
-"refentrytitle> <manvolnum>3</manvolnum> </citerefentry> which, if a "
-"shortname is returned for a qualified input (while trying to reach a user "
-"which exists in multiple domains) might re-route the login attempt into the "
-"domain which users shortnames, making this workaround totally not "
-"recommended in cases where usernames may overlap between domains."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587 sssd.conf.5.xml:1371 sssd.conf.5.xml:2991
-#: sssd-ad.5.xml:161 sssd-ad.5.xml:299 sssd-ad.5.xml:313
+"is always fully-qualified even when using short names for input, for all "
+"users but the ones managed by the files provider.  In case the administrator "
+"wants the output not fully-qualified, the full_name_format option can be "
+"used as shown below: <quote>full_name_format=%1$s</quote> However, keep in "
+"mind that during login, login applications often canonicalize the username "
+"by calling <citerefentry> <refentrytitle>getpwnam</refentrytitle> "
+"<manvolnum>3</manvolnum> </citerefentry> which, if a shortname is returned "
+"for a qualified input (while trying to reach a user which exists in multiple "
+"domains) might re-route the login attempt into the domain which uses "
+"shortnames, making this workaround totally not recommended in cases where "
+"usernames may overlap between domains."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:588 sssd.conf.5.xml:1388 sssd.conf.5.xml:3049
+#: sssd-ad.5.xml:164 sssd-ad.5.xml:302 sssd-ad.5.xml:316
 msgid "Default: Not set"
 msgstr ""
 
@@ -901,12 +903,12 @@ msgstr ""
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:598
+#: sssd.conf.5.xml:599
 msgid "SERVICES SECTIONS"
 msgstr "サービスセクション"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:600
+#: sssd.conf.5.xml:601
 msgid ""
 "Settings that can be used to configure different services are described in "
 "this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -918,22 +920,22 @@ msgstr ""
 "ば、NSS サービスは <quote>[nss]</quote> セクションです"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:607
+#: sssd.conf.5.xml:608
 msgid "General service configuration options"
 msgstr "サービス設定の全体オプション"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:609
+#: sssd.conf.5.xml:610
 msgid "These options can be used to configure any service."
 msgstr "これらのオプションはすべてのサービスを設定するために使用できます。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:626
+#: sssd.conf.5.xml:627
 msgid "fd_limit"
 msgstr "fd_limit"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:629
+#: sssd.conf.5.xml:630
 msgid ""
 "This option specifies the maximum number of file descriptors that may be "
 "opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -943,17 +945,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:638
+#: sssd.conf.5.xml:639
 msgid "Default: 8192 (or limits.conf \"hard\" limit)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:643
+#: sssd.conf.5.xml:644
 msgid "client_idle_timeout"
 msgstr "client_idle_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:646
+#: sssd.conf.5.xml:647
 msgid ""
 "This option specifies the number of seconds that a client of an SSSD process "
 "can hold onto a file descriptor without communicating on it. This value is "
@@ -963,18 +965,18 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:655 sssd.conf.5.xml:687 sssd.conf.5.xml:968
-#: sssd.conf.5.xml:1229 sssd-ldap.5.xml:1412
+#: sssd.conf.5.xml:656 sssd.conf.5.xml:688 sssd.conf.5.xml:970
+#: sssd.conf.5.xml:1231 sssd-ldap.5.xml:1412
 msgid "Default: 60"
 msgstr "初期値: 60"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:660
+#: sssd.conf.5.xml:661
 msgid "offline_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:663
+#: sssd.conf.5.xml:664
 msgid ""
 "When SSSD switches to offline mode the amount of time before it tries to go "
 "back online will increase based upon the time spent disconnected.  This "
@@ -982,24 +984,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:670
+#: sssd.conf.5.xml:671
 msgid "offline_timeout + random_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:673
+#: sssd.conf.5.xml:674
 msgid ""
 "The random offset can increment up to 30 seconds.  After each unsuccessful "
 "attempt to go online, the new interval is recalculated by the following:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:678
+#: sssd.conf.5.xml:679
 msgid "new_interval = old_interval*2 + random_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:681
+#: sssd.conf.5.xml:682
 msgid ""
 "Note that the maximum length of each interval is currently limited to one "
 "hour. If the calculated length of new_interval is greater than an hour, it "
@@ -1007,12 +1009,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:692
+#: sssd.conf.5.xml:693
 msgid "responder_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:695
+#: sssd.conf.5.xml:696
 msgid ""
 "This option specifies the number of seconds that an SSSD responder process "
 "can be up without being used. This value is limited in order to avoid "
@@ -1024,30 +1026,30 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:709 sssd.conf.5.xml:981 sssd.conf.5.xml:1566
+#: sssd.conf.5.xml:710 sssd.conf.5.xml:983 sssd.conf.5.xml:1616
 #: sssd-ldap.5.xml:722
 msgid "Default: 300"
 msgstr "初期値: 300"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:714
+#: sssd.conf.5.xml:715
 msgid "cache_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:717
+#: sssd.conf.5.xml:718
 msgid ""
 "This option specifies whether the responder should query all caches before "
 "querying the Data Providers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:729
+#: sssd.conf.5.xml:730
 msgid "NSS configuration options"
 msgstr "NSS 設定オプション"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:731
+#: sssd.conf.5.xml:732
 msgid ""
 "These options can be used to configure the Name Service Switch (NSS) service."
 msgstr ""
@@ -1055,12 +1057,12 @@ msgstr ""
 "きます。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:736
+#: sssd.conf.5.xml:737
 msgid "enum_cache_timeout (integer)"
 msgstr "enum_cache_timeout (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:739
+#: sssd.conf.5.xml:740
 msgid ""
 "How many seconds should nss_sss cache enumerations (requests for info about "
 "all users)"
@@ -1069,17 +1071,17 @@ msgstr ""
 "要求）。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:743
+#: sssd.conf.5.xml:744
 msgid "Default: 120"
 msgstr "初期値: 120"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:748
+#: sssd.conf.5.xml:749
 msgid "entry_cache_nowait_percentage (integer)"
 msgstr "entry_cache_nowait_percentage (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:751
+#: sssd.conf.5.xml:752
 msgid ""
 "The entry cache can be set to automatically update entries in the background "
 "if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -1090,7 +1092,7 @@ msgstr ""
 "す。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:757
+#: sssd.conf.5.xml:758
 msgid ""
 "For example, if the domain's entry_cache_timeout is set to 30s and "
 "entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -1105,7 +1107,7 @@ msgstr ""
 "とをブロックする必要がありません。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:767
+#: sssd.conf.5.xml:768
 msgid ""
 "Valid values for this option are 0-99 and represent a percentage of the "
 "entry_cache_timeout for each domain. For performance reasons, this "
@@ -1118,17 +1120,17 @@ msgstr ""
 "（0 はこの機能を無効にします）"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:775 sssd.conf.5.xml:1428
+#: sssd.conf.5.xml:776 sssd.conf.5.xml:1445
 msgid "Default: 50"
 msgstr "初期値: 50"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:780
+#: sssd.conf.5.xml:781
 msgid "entry_negative_timeout (integer)"
 msgstr "entry_negative_timeout (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:784
 msgid ""
 "Specifies for how many seconds nss_sss should cache negative cache hits "
 "(that is, queries for invalid database entries, like nonexistent ones)  "
@@ -1139,34 +1141,37 @@ msgstr ""
 "せ）をキャッシュする秒数を指定します。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:789 sssd.conf.5.xml:1452
+#: sssd.conf.5.xml:790 sssd.conf.5.xml:1469
 msgid "Default: 15"
 msgstr "初期値: 15"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:794
+#: sssd.conf.5.xml:795
 msgid "local_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:797
+#: sssd.conf.5.xml:798
 msgid ""
 "Specifies for how many seconds nss_sss should keep local users and groups in "
-"negative cache before trying to look it up in the back end again."
+"negative cache before trying to look it up in the back end again. Setting "
+"the option to 0 disables this feature."
 msgstr ""
 
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:802 sssd.conf.5.xml:1217 sssd.conf.5.xml:2846 sssd.8.xml:79
-msgid "Default: 0"
-msgstr "初期値: 0"
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:804
+#, fuzzy
+#| msgid "Default: 86400 (24 hours)"
+msgid "Default: 14400 (4 hours)"
+msgstr "初期値: 86400 (24 時間)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:807
+#: sssd.conf.5.xml:809
 msgid "filter_users, filter_groups (string)"
 msgstr "filter_users, filter_groups (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:810
+#: sssd.conf.5.xml:812
 msgid ""
 "Exclude certain users or groups from being fetched from the sss NSS "
 "database. This is particularly useful for system accounts. This option can "
@@ -1175,7 +1180,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:817
+#: sssd.conf.5.xml:819
 msgid ""
 "NOTE: The filter_groups option doesn't affect inheritance of nested group "
 "members, since filtering happens after they are propagated for returning via "
@@ -1184,17 +1189,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:825
+#: sssd.conf.5.xml:827
 msgid "Default: root"
 msgstr "初期値: root"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:830
+#: sssd.conf.5.xml:832
 msgid "filter_users_in_groups (bool)"
 msgstr "filter_users_in_groups (論理値)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:833
+#: sssd.conf.5.xml:835
 msgid ""
 "If you want filtered user still be group members set this option to false."
 msgstr ""
@@ -1202,12 +1207,12 @@ msgstr ""
 "ションを偽に設定します。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:844
+#: sssd.conf.5.xml:846
 msgid "fallback_homedir (string)"
 msgstr "fallback_homedir (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:849
 msgid ""
 "Set a default template for a user's home directory if one is not specified "
 "explicitly by the domain's data provider."
@@ -1216,7 +1221,7 @@ msgstr ""
 "ホームディレクトリーの標準テンプレートを設定します。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:852
+#: sssd.conf.5.xml:854
 msgid ""
 "The available values for this option are the same as for override_homedir."
 msgstr ""
@@ -1224,7 +1229,7 @@ msgstr ""
 "同じです。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:858
+#: sssd.conf.5.xml:860
 #, no-wrap
 msgid ""
 "fallback_homedir = /home/%u\n"
@@ -1234,23 +1239,23 @@ msgstr ""
 "                            "
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:856 sssd.conf.5.xml:1296 sssd.conf.5.xml:1315
+#: sssd.conf.5.xml:858 sssd.conf.5.xml:1298 sssd.conf.5.xml:1317
 #: sssd-krb5.5.xml:539 include/override_homedir.xml:59
 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr "例: <placeholder type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:862
+#: sssd.conf.5.xml:864
 msgid "Default: not set (no substitution for unset home directories)"
 msgstr "初期値: 設定なし (ホームディレクトリーの設定がない場合は代替なし)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:870
 msgid "override_shell (string)"
 msgstr "override_shell (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:873
 msgid ""
 "Override the login shell for all users. This option supersedes any other "
 "shell options if it takes effect and can be set either in the [nss] section "
@@ -1258,17 +1263,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:877
+#: sssd.conf.5.xml:879
 msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
 msgstr "初期値: 設定なし (SSSD は LDAP から取得された値を使用します)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:883
+#: sssd.conf.5.xml:885
 msgid "allowed_shells (string)"
 msgstr "allowed_shells (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:886
+#: sssd.conf.5.xml:888
 msgid ""
 "Restrict user shell to one of the listed values. The order of evaluation is:"
 msgstr ""
@@ -1276,13 +1281,13 @@ msgstr ""
 "す:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:889
+#: sssd.conf.5.xml:891
 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
 msgstr ""
 "1. シェルが <quote>/etc/shells</quote> に存在すると、それが使用されます。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:895
 msgid ""
 "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
 "quote>, use the value of the shell_fallback parameter."
@@ -1291,7 +1296,7 @@ msgstr ""
 "ば、shell_fallback パラメーターの値を使用します。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:898
+#: sssd.conf.5.xml:900
 msgid ""
 "3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
 "shells</quote>, a nologin shell is used."
@@ -1300,12 +1305,12 @@ msgstr ""
 "ば、nologin シェルが使用されます。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:903
+#: sssd.conf.5.xml:905
 msgid "The wildcard (*) can be used to allow any shell."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:906
+#: sssd.conf.5.xml:908
 msgid ""
 "The (*) is useful if you want to use shell_fallback in case that user's "
 "shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -1313,12 +1318,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:913
+#: sssd.conf.5.xml:915
 msgid "An empty string for shell is passed as-is to libc."
 msgstr "シェルの空文字列は libc にそのまま渡されます。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:918
 msgid ""
 "The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
 "that a restart of the SSSD is required in case a new shell is installed."
@@ -1328,27 +1333,27 @@ msgstr ""
 "ます。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:920
+#: sssd.conf.5.xml:922
 msgid "Default: Not set. The user shell is automatically used."
 msgstr "初期値: 設定されません。ユーザーシェルが自動的に使用されます。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:925
+#: sssd.conf.5.xml:927
 msgid "vetoed_shells (string)"
 msgstr "vetoed_shells (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:928
+#: sssd.conf.5.xml:930
 msgid "Replace any instance of these shells with the shell_fallback"
 msgstr "これらのシェルのインスタンスをすべて shell_fallback に置き換えます"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:933
+#: sssd.conf.5.xml:935
 msgid "shell_fallback (string)"
 msgstr "shell_fallback (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:936
+#: sssd.conf.5.xml:938
 msgid ""
 "The default shell to use if an allowed shell is not installed on the machine."
 msgstr ""
@@ -1356,74 +1361,74 @@ msgstr ""
 "す。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
+#: sssd.conf.5.xml:942
 msgid "Default: /bin/sh"
 msgstr "初期値: /bin/sh"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:945
+#: sssd.conf.5.xml:947
 msgid "default_shell"
 msgstr "default_shell"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:950
 msgid ""
 "The default shell to use if the provider does not return one during lookup. "
 "This option can be specified globally in the [nss] section or per-domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:956
 msgid ""
 "Default: not set (Return NULL if no shell is specified and rely on libc to "
 "substitute something sensible when necessary, usually /bin/sh)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:961 sssd.conf.5.xml:1222
+#: sssd.conf.5.xml:963 sssd.conf.5.xml:1224
 msgid "get_domains_timeout (int)"
 msgstr "get_domains_timeout (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:964 sssd.conf.5.xml:1225
+#: sssd.conf.5.xml:966 sssd.conf.5.xml:1227
 msgid ""
 "Specifies time in seconds for which the list of subdomains will be "
 "considered valid."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:973
+#: sssd.conf.5.xml:975
 msgid "memcache_timeout (int)"
 msgstr "memcache_timeout (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:976
+#: sssd.conf.5.xml:978
 msgid ""
 "Specifies time in seconds for which records in the in-memory cache will be "
 "valid. Setting this option to zero will disable the in-memory cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:984
+#: sssd.conf.5.xml:986
 msgid ""
 "WARNING: Disabling the in-memory cache will have significant negative impact "
 "on SSSD's performance and should only be used for testing."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:990
+#: sssd.conf.5.xml:992
 msgid ""
 "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
 "client applications will not use the fast in-memory cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:998 sssd-ifp.5.xml:74
+#: sssd.conf.5.xml:1000 sssd-ifp.5.xml:74
 msgid "user_attributes (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1001
+#: sssd.conf.5.xml:1003
 msgid ""
 "Some of the additional NSS responder requests can return more attributes "
 "than just the POSIX ones defined by the NSS interface. The list of "
@@ -1434,48 +1439,48 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1014
+#: sssd.conf.5.xml:1016
 msgid ""
 "To make configuration more easy the NSS responder will check the InfoPipe "
 "option if it is not set for the NSS responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1019
+#: sssd.conf.5.xml:1021
 msgid "Default: not set, fallback to InfoPipe option"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1026
 msgid "pwfield (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1029
 msgid ""
 "The value that NSS operations that return users or groups will return for "
 "the <quote>password</quote> field."
 msgstr ""
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:1032 include/override_homedir.xml:56
+#: sssd.conf.5.xml:1034 include/override_homedir.xml:56
 msgid "This option can also be set per-domain."
 msgstr "このオプションはドメインごとに設定できます。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1035
+#: sssd.conf.5.xml:1037
 msgid ""
 "Default: <quote>*</quote> (remote domains)  or <quote>x</quote> (the files "
 "domain)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1043
+#: sssd.conf.5.xml:1045
 msgid "PAM configuration options"
 msgstr "PAM 設定オプション"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1047
 msgid ""
 "These options can be used to configure the Pluggable Authentication Module "
 "(PAM) service."
@@ -1484,12 +1489,12 @@ msgstr ""
 "ために使用できます。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1050
+#: sssd.conf.5.xml:1052
 msgid "offline_credentials_expiration (integer)"
 msgstr "offline_credentials_expiration (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1053
+#: sssd.conf.5.xml:1055
 msgid ""
 "If the authentication provider is offline, how long should we allow cached "
 "logins (in days since the last successful online login)."
@@ -1498,17 +1503,17 @@ msgstr ""
 "ラインログインの最終成功からの日数）です。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1058 sssd.conf.5.xml:1071
+#: sssd.conf.5.xml:1060 sssd.conf.5.xml:1073
 msgid "Default: 0 (No limit)"
 msgstr "初期値: 0 (無制限)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1064
+#: sssd.conf.5.xml:1066
 msgid "offline_failed_login_attempts (integer)"
 msgstr "offline_failed_login_attempts (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1067
+#: sssd.conf.5.xml:1069
 msgid ""
 "If the authentication provider is offline, how many failed login attempts "
 "are allowed."
@@ -1516,12 +1521,12 @@ msgstr ""
 "認証プロバイダーがオフラインの場合、ログイン試行の失敗が許容される回数です。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1077
+#: sssd.conf.5.xml:1079
 msgid "offline_failed_login_delay (integer)"
 msgstr "offline_failed_login_delay (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1080
+#: sssd.conf.5.xml:1082
 msgid ""
 "The time in minutes which has to pass after offline_failed_login_attempts "
 "has been reached before a new login attempt is possible."
@@ -1530,7 +1535,7 @@ msgstr ""
 "渡される分単位の時間です。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1085
+#: sssd.conf.5.xml:1087
 msgid ""
 "If set to 0 the user cannot authenticate offline if "
 "offline_failed_login_attempts has been reached. Only a successful online "
@@ -1541,17 +1546,17 @@ msgstr ""
 "効にできます。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1091 sssd.conf.5.xml:1189
+#: sssd.conf.5.xml:1093 sssd.conf.5.xml:1191
 msgid "Default: 5"
 msgstr "初期値: 5"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1097
+#: sssd.conf.5.xml:1099
 msgid "pam_verbosity (integer)"
 msgstr "pam_verbosity (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1100
+#: sssd.conf.5.xml:1102
 msgid ""
 "Controls what kind of messages are shown to the user during authentication. "
 "The higher the number to more messages are displayed."
@@ -1560,42 +1565,42 @@ msgstr ""
 "きいほどメッセージが表示されます。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1105
+#: sssd.conf.5.xml:1107
 msgid "Currently sssd supports the following values:"
 msgstr "現在 sssd は以下の値をサポートします:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1108
+#: sssd.conf.5.xml:1110
 msgid "<emphasis>0</emphasis>: do not show any message"
 msgstr "<emphasis>0</emphasis>: 何もメッセージを表示しない"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1111
+#: sssd.conf.5.xml:1113
 msgid "<emphasis>1</emphasis>: show only important messages"
 msgstr "<emphasis>1</emphasis>: 重要なメッセージのみを表示する"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1115
+#: sssd.conf.5.xml:1117
 msgid "<emphasis>2</emphasis>: show informational messages"
 msgstr "<emphasis>2</emphasis>: 情報レベルのメッセージを表示する"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1118
+#: sssd.conf.5.xml:1120
 msgid "<emphasis>3</emphasis>: show all messages and debug information"
 msgstr "<emphasis>3</emphasis>: すべてのメッセージとデバッグ情報を表示する"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1122 sssd.8.xml:63
+#: sssd.conf.5.xml:1124 sssd.8.xml:63
 msgid "Default: 1"
 msgstr "初期値: 1"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1128
+#: sssd.conf.5.xml:1130
 msgid "pam_response_filter (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1131
+#: sssd.conf.5.xml:1133
 msgid ""
 "A comma separated list of strings which allows to remove (filter) data sent "
 "by the PAM responder to pam_sss PAM module. There are different kind of "
@@ -1604,61 +1609,61 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1139
+#: sssd.conf.5.xml:1141
 msgid ""
 "While messages already can be controlled with the help of the pam_verbosity "
 "option this option allows to filter out other kind of responses as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1148
 msgid "ENV"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1147
+#: sssd.conf.5.xml:1149
 msgid "Do not send any environment variables to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1150
+#: sssd.conf.5.xml:1152
 msgid "ENV:var_name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1151
+#: sssd.conf.5.xml:1153
 msgid "Do not send environment variable var_name to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1155
+#: sssd.conf.5.xml:1157
 msgid "ENV:var_name:service"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1156
+#: sssd.conf.5.xml:1158
 msgid "Do not send environment variable var_name to service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1144
+#: sssd.conf.5.xml:1146
 msgid ""
 "Currently the following filters are supported: <placeholder type="
 "\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1166
+#: sssd.conf.5.xml:1168
 msgid "Example: ENV:KRB5CCNAME:sudo-i"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1174
 msgid "pam_id_timeout (integer)"
 msgstr "pam_id_timeout (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1175
+#: sssd.conf.5.xml:1177
 msgid ""
 "For any PAM request while SSSD is online, the SSSD will attempt to "
 "immediately update the cached identity information for the user in order to "
@@ -1668,7 +1673,7 @@ msgstr ""
 "されるよう、SSSD は直ちにキャッシュされた識別情報を更新しようとします。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1181
+#: sssd.conf.5.xml:1183
 msgid ""
 "A complete PAM conversation may perform multiple PAM requests, such as "
 "account management and session opening. This option controls (on a per-"
@@ -1681,17 +1686,17 @@ msgstr ""
 "アプリケーションごとに）制御します。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1195
+#: sssd.conf.5.xml:1197
 msgid "pam_pwd_expiration_warning (integer)"
 msgstr "pam_pwd_expiration_warning (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1198 sssd.conf.5.xml:2028
+#: sssd.conf.5.xml:1200 sssd.conf.5.xml:2078
 msgid "Display a warning N days before the password expires."
 msgstr "パスワードの期限が切れる前に N 日間警告を表示します。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1201
+#: sssd.conf.5.xml:1203
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -1701,26 +1706,31 @@ msgstr ""
 "ことに注意してください。この情報がなければ、sssd は警告を表示します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1207 sssd.conf.5.xml:2031
+#: sssd.conf.5.xml:1209 sssd.conf.5.xml:2081
 msgid ""
 "If zero is set, then this filter is not applied, i.e. if the expiration "
 "warning was received from backend server, it will automatically be displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1212
+#: sssd.conf.5.xml:1214
 msgid ""
 "This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
 "emphasis> for a particular domain."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1219 sssd.conf.5.xml:2904 sssd.8.xml:79
+msgid "Default: 0"
+msgstr "初期値: 0"
+
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1234
+#: sssd.conf.5.xml:1236
 msgid "pam_trusted_users (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1237
+#: sssd.conf.5.xml:1239
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to run PAM conversations against trusted domains.  Users not "
@@ -1730,74 +1740,74 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1247
+#: sssd.conf.5.xml:1249
 msgid "Default: All users are considered trusted by default"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1251
+#: sssd.conf.5.xml:1253
 msgid ""
 "Please note that UID 0 is always allowed to access the PAM responder even in "
 "case it is not in the pam_trusted_users list."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1258
+#: sssd.conf.5.xml:1260
 msgid "pam_public_domains (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1261
+#: sssd.conf.5.xml:1263
 msgid ""
 "Specifies the comma-separated list of domain names that are accessible even "
 "to untrusted users."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1265
+#: sssd.conf.5.xml:1267
 msgid "Two special values for pam_public_domains option are defined:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1269
+#: sssd.conf.5.xml:1271
 msgid ""
 "all (Untrusted users are allowed to access all domains in PAM responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1273
+#: sssd.conf.5.xml:1275
 msgid ""
 "none (Untrusted users are not allowed to access any domains PAM in "
 "responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1277 sssd.conf.5.xml:1302 sssd.conf.5.xml:1321
-#: sssd.conf.5.xml:1825 sssd.conf.5.xml:2782 sssd-ldap.5.xml:1968
+#: sssd.conf.5.xml:1279 sssd.conf.5.xml:1304 sssd.conf.5.xml:1323
+#: sssd.conf.5.xml:1875 sssd.conf.5.xml:2840 sssd-ldap.5.xml:1968
 msgid "Default: none"
 msgstr "初期値: none"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1282
+#: sssd.conf.5.xml:1284
 msgid "pam_account_expired_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1285
+#: sssd.conf.5.xml:1287
 msgid ""
 "Allows a custom expiration message to be set, replacing the default "
 "'Permission denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1290
+#: sssd.conf.5.xml:1292
 msgid ""
 "Note: Please be aware that message is only printed for the SSH service "
 "unless pam_verbosity is set to 3 (show all messages and debug information)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1298
+#: sssd.conf.5.xml:1300
 #, no-wrap
 msgid ""
 "pam_account_expired_message = Account expired, please contact help desk.\n"
@@ -1805,19 +1815,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1307
+#: sssd.conf.5.xml:1309
 msgid "pam_account_locked_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1310
+#: sssd.conf.5.xml:1312
 msgid ""
 "Allows a custom lockout message to be set, replacing the default 'Permission "
 "denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1317
+#: sssd.conf.5.xml:1319
 #, no-wrap
 msgid ""
 "pam_account_locked_message = Account locked, please contact help desk.\n"
@@ -1825,12 +1835,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1326
+#: sssd.conf.5.xml:1328
 msgid "pam_cert_auth (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1329
+#: sssd.conf.5.xml:1331
 msgid ""
 "Enable certificate based Smartcard authentication.  Since this requires "
 "additional communication with the Smartcard which will delay the "
@@ -1838,58 +1848,82 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1335 sssd.conf.5.xml:2875 sssd-ldap.5.xml:1087
+#: sssd.conf.5.xml:1337 sssd.conf.5.xml:2933 sssd-ldap.5.xml:1087
 #: sssd-ldap.5.xml:1114 sssd-ldap.5.xml:1514 sssd-ldap.5.xml:1535
 #: sssd-ldap.5.xml:2041 include/ldap_id_mapping.xml:244
 msgid "Default: False"
 msgstr "初期値: 偽"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1340
+#: sssd.conf.5.xml:1342
 msgid "pam_cert_db_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1343
+#: sssd.conf.5.xml:1345
 msgid ""
 "The path to the certificate database which contain the PKCS#11 modules to "
 "access the Smartcard."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1347
-msgid "Default: /etc/pki/nssdb (NSS version)"
+#: sssd.conf.5.xml:1349 sssd.conf.5.xml:1534
+#, fuzzy
+#| msgid "Default: 3"
+msgid "Default:"
+msgstr "初期値: 3"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:1351 sssd.conf.5.xml:1536
+msgid "/etc/pki/nssdb (NSS version, path to a NSS database)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:1354 sssd.conf.5.xml:1539
+msgid ""
+"/etc/sssd/pki/sssd_auth_ca_db.pem (OpenSSL version, path to a file with "
+"trusted CA certificates in PEM format)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1361 sssd.conf.5.xml:1546
+msgid "This man page was generated for the NSS version."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1364 sssd.conf.5.xml:1549
+msgid "This man page was generated for the OpenSSL version."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1352
+#: sssd.conf.5.xml:1369
 msgid "p11_child_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1355
+#: sssd.conf.5.xml:1372
 msgid "How many seconds will pam_sss wait for p11_child to finish."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1364
+#: sssd.conf.5.xml:1381
 msgid "pam_app_services (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1367
+#: sssd.conf.5.xml:1384
 msgid ""
 "Which PAM services are permitted to contact domains of type "
 "<quote>application</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1380
+#: sssd.conf.5.xml:1397
 msgid "SUDO configuration options"
 msgstr "SUDO 設定オプション"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1382
+#: sssd.conf.5.xml:1399
 msgid ""
 "These options can be used to configure the sudo service.  The detailed "
 "instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -1900,12 +1934,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1399
+#: sssd.conf.5.xml:1416
 msgid "sudo_timed (bool)"
 msgstr "sudo_timed (論理値)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1402
+#: sssd.conf.5.xml:1419
 msgid ""
 "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
 "that implement time-dependent sudoers entries."
@@ -1914,14 +1948,12 @@ msgstr ""
 "を評価するかしないかです。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1414
-#, fuzzy
-#| msgid "ldap_deref_threshold (integer)"
+#: sssd.conf.5.xml:1431
 msgid "sudo_threshold (integer)"
-msgstr "ldap_deref_threshold (整数)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1417
+#: sssd.conf.5.xml:1434
 msgid ""
 "Maximum number of expired rules that can be refreshed at once. If number of "
 "expired rules is below threshold, those rules are refreshed with "
@@ -1931,22 +1963,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1436
+#: sssd.conf.5.xml:1453
 msgid "AUTOFS configuration options"
 msgstr "Autofs 設定オプション"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1438
+#: sssd.conf.5.xml:1455
 msgid "These options can be used to configure the autofs service."
 msgstr "これらのオプションが autofs サービスを設定するために使用されます。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1442
+#: sssd.conf.5.xml:1459
 msgid "autofs_negative_timeout (integer)"
 msgstr "autofs_negative_timeout (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1445
+#: sssd.conf.5.xml:1462
 msgid ""
 "Specifies for how many seconds should the autofs responder negative cache "
 "hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1957,68 +1989,87 @@ msgstr ""
 "ヒットする秒数を指定します。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1461
+#: sssd.conf.5.xml:1478
 msgid "SSH configuration options"
 msgstr "SSH 設定オプション"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1463
+#: sssd.conf.5.xml:1480
 msgid "These options can be used to configure the SSH service."
 msgstr "これらのオプションは SSH サービスを設定するために使用されます。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1467
+#: sssd.conf.5.xml:1484
 msgid "ssh_hash_known_hosts (bool)"
 msgstr "ssh_hash_known_hosts (論理値)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1470
+#: sssd.conf.5.xml:1487
 msgid ""
 "Whether or not to hash host names and addresses in the managed known_hosts "
 "file."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1479
+#: sssd.conf.5.xml:1496
 msgid "ssh_known_hosts_timeout (integer)"
 msgstr "ssh_known_hosts_timeout (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1482
+#: sssd.conf.5.xml:1499
 msgid ""
 "How many seconds to keep a host in the managed known_hosts file after its "
 "host keys were requested."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1486
+#: sssd.conf.5.xml:1503
 msgid "Default: 180"
 msgstr "初期値: 180"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1491
-msgid "ca_db (string)"
+#: sssd.conf.5.xml:1508
+msgid "ssh_use_certificate_keys (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1494
+#: sssd.conf.5.xml:1511
+#, fuzzy
+#| msgid ""
+#| "The skeleton directory, which contains files and directories to be copied "
+#| "in the user's home directory, when the home directory is created by "
+#| "<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</"
+#| "manvolnum> </citerefentry>"
 msgid ""
-"Path to a storage of trusted CA certificates. The option is used to validate "
-"user certificates before deriving public ssh keys from them."
+"If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh "
+"keys derived from the public key of X.509 certificates stored in the user "
+"entry as well. See <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</"
+"refentrytitle> <manvolnum>1</manvolnum> </citerefentry> for details."
+msgstr ""
+"ホームディレクトリーが <citerefentry> <refentrytitle>sss_useradd</"
+"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> により作成されると"
+"き、ユーザーのホームディレクトリーにコピーされるファイルおよびディレクトリー"
+"を含む、スケルトンディレクトリーです。"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1526
+msgid "ca_db (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1499
-msgid "Default: /etc/pki/nssdb"
+#: sssd.conf.5.xml:1529
+msgid ""
+"Path to a storage of trusted CA certificates. The option is used to validate "
+"user certificates before deriving public ssh keys from them."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1507
+#: sssd.conf.5.xml:1557
 msgid "PAC responder configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1509
+#: sssd.conf.5.xml:1559
 msgid ""
 "The PAC responder works together with the authorization data plugin for MIT "
 "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -2029,7 +2080,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1518
+#: sssd.conf.5.xml:1568
 msgid ""
 "If the remote user does not exist in the cache, it is created. The UID is "
 "determined with the help of the SID, trusted domains will have UPGs and the "
@@ -2040,24 +2091,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1526
+#: sssd.conf.5.xml:1576
 msgid ""
 "If there are SIDs of groups from domains sssd knows about, the user will be "
 "added to those groups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1532
+#: sssd.conf.5.xml:1582
 msgid "These options can be used to configure the PAC responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1536 sssd-ifp.5.xml:50
+#: sssd.conf.5.xml:1586 sssd-ifp.5.xml:50
 msgid "allowed_uids (string)"
 msgstr "allowed_uids (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1539
+#: sssd.conf.5.xml:1589
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -2065,12 +2116,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1545
+#: sssd.conf.5.xml:1595
 msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1549
+#: sssd.conf.5.xml:1599
 msgid ""
 "Please note that although the UID 0 is used as the default it will be "
 "overwritten with this option. If you still want to allow the root user to "
@@ -2079,34 +2130,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1558
+#: sssd.conf.5.xml:1608
 msgid "pac_lifetime (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1561
+#: sssd.conf.5.xml:1611
 msgid ""
 "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
 "data can be used to determine the group memberships of a user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1574
-#, fuzzy
-#| msgid "General service configuration options"
+#: sssd.conf.5.xml:1624
 msgid "Session recording configuration options"
-msgstr "サービス設定の全体オプション"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1576
-#, fuzzy
-#| msgid ""
-#| "This manual page describes the configuration of the IPA provider for "
-#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</"
-#| "manvolnum> </citerefentry>.  For a detailed syntax reference, refer to "
-#| "the <quote>FILE FORMAT</quote> section of the <citerefentry> "
-#| "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-#| "citerefentry> manual page."
+#: sssd.conf.5.xml:1626
 msgid ""
 "Session recording works in conjunction with <citerefentry> "
 "<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </"
@@ -2114,95 +2155,68 @@ msgid ""
 "they log in on a text terminal.  See also <citerefentry> <refentrytitle>sssd-"
 "session-recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
 msgstr ""
-"このマニュアルページは <citerefentry> <refentrytitle>sssd</refentrytitle> "
-"<manvolnum>8</manvolnum> </citerefentry> に対する IPA プロバイダーの設定を説"
-"明しています。詳細な構文の参考資料は <citerefentry> <refentrytitle>sssd."
-"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> マニュアルペー"
-"ジの <quote>ファイル形式</quote> を参照してください。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1589
-#, fuzzy
-#| msgid "These options can be used to configure any service."
+#: sssd.conf.5.xml:1639
 msgid "These options can be used to configure session recording."
-msgstr "これらのオプションはすべてのサービスを設定するために使用できます。"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1593 sssd-session-recording.5.xml:64
-#, fuzzy
-#| msgid "sudo_provider (string)"
+#: sssd.conf.5.xml:1643 sssd-session-recording.5.xml:64
 msgid "scope (string)"
-msgstr "sudo_provider (文字列)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1600 sssd-session-recording.5.xml:71
+#: sssd.conf.5.xml:1650 sssd-session-recording.5.xml:71
 msgid "\"none\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1603 sssd-session-recording.5.xml:74
+#: sssd.conf.5.xml:1653 sssd-session-recording.5.xml:74
 msgid "No users are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1608 sssd-session-recording.5.xml:79
+#: sssd.conf.5.xml:1658 sssd-session-recording.5.xml:79
 msgid "\"some\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1611 sssd-session-recording.5.xml:82
-#, fuzzy
-#| msgid ""
-#| "Append this user to groups specified by the <replaceable>GROUPS</"
-#| "replaceable> parameter.  The <replaceable>GROUPS</replaceable> parameter "
-#| "is a comma separated list of group names."
+#: sssd.conf.5.xml:1661 sssd-session-recording.5.xml:82
 msgid ""
 "Users/groups specified by <replaceable>users</replaceable> and "
 "<replaceable>groups</replaceable> options are recorded."
 msgstr ""
-"このユーザーを <replaceable>GROUPS</replaceable> パラメーターにより指定された"
-"グループに追加します。 <replaceable>GROUPS</replaceable> パラメーターはグルー"
-"プ名のカンマ区切り一覧です。"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1620 sssd-session-recording.5.xml:91
+#: sssd.conf.5.xml:1670 sssd-session-recording.5.xml:91
 msgid "\"all\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1623 sssd-session-recording.5.xml:94
+#: sssd.conf.5.xml:1673 sssd-session-recording.5.xml:94
 msgid "All users are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1596 sssd-session-recording.5.xml:67
-#, fuzzy
-#| msgid ""
-#| "The following expansions are supported: <placeholder type=\"variablelist"
-#| "\" id=\"0\"/>"
+#: sssd.conf.5.xml:1646 sssd-session-recording.5.xml:67
 msgid ""
 "One of the following strings specifying the scope of session recording: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
-"以下の拡張モジュールがサポートされます: <placeholder type=\"variablelist\" "
-"id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1630 sssd-session-recording.5.xml:101
-#, fuzzy
-#| msgid "Default: none"
+#: sssd.conf.5.xml:1680 sssd-session-recording.5.xml:101
 msgid "Default: \"none\""
-msgstr "初期値: none"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1635 sssd-session-recording.5.xml:106
-#, fuzzy
-#| msgid "skel_dir (string)"
+#: sssd.conf.5.xml:1685 sssd-session-recording.5.xml:106
 msgid "users (string)"
-msgstr "skel_dir (文字列)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1638 sssd-session-recording.5.xml:109
+#: sssd.conf.5.xml:1688 sssd-session-recording.5.xml:109
 msgid ""
 "A comma-separated list of users which should have session recording enabled. "
 "Matches user names as returned by NSS. I.e. after the possible space "
@@ -2210,21 +2224,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1644 sssd-session-recording.5.xml:115
-#, fuzzy
-#| msgid "Default: empty, i.e. ldap_uri is used."
+#: sssd.conf.5.xml:1694 sssd-session-recording.5.xml:115
 msgid "Default: Empty. Matches no users."
-msgstr "初期値: 空、つまり ldap_uri が使用されます。"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1649 sssd-session-recording.5.xml:120
-#, fuzzy
-#| msgid "ldap_group_name (string)"
+#: sssd.conf.5.xml:1699 sssd-session-recording.5.xml:120
 msgid "groups (string)"
-msgstr "ldap_group_name (文字列)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1652 sssd-session-recording.5.xml:123
+#: sssd.conf.5.xml:1702 sssd-session-recording.5.xml:123
 msgid ""
 "A comma-separated list of groups, members of which should have session "
 "recording enabled. Matches group names as returned by NSS. I.e. after the "
@@ -2232,7 +2242,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1658 sssd-session-recording.5.xml:129
+#: sssd.conf.5.xml:1708 sssd-session-recording.5.xml:129
 msgid ""
 "NOTE: using this option (having it set to anything) has a considerable "
 "performance cost, because each uncached request for a user requires "
@@ -2240,22 +2250,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1665 sssd-session-recording.5.xml:136
+#: sssd.conf.5.xml:1715 sssd-session-recording.5.xml:136
 msgid "Default: Empty. Matches no groups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1675
+#: sssd.conf.5.xml:1725
 msgid "DOMAIN SECTIONS"
 msgstr "ドメインセクション"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1682
+#: sssd.conf.5.xml:1732
 msgid "domain_type (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1685
+#: sssd.conf.5.xml:1735
 msgid ""
 "Specifies whether the domain is meant to be used by POSIX-aware clients such "
 "as the Name Service Switch or by applications that do not need POSIX data to "
@@ -2264,14 +2274,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1693
+#: sssd.conf.5.xml:1743
 msgid ""
 "Allowed values for this option are <quote>posix</quote> and "
 "<quote>application</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1697
+#: sssd.conf.5.xml:1747
 msgid ""
 "POSIX domains are reachable by all services. Application domains are only "
 "reachable from the InfoPipe responder (see <citerefentry> "
@@ -2280,31 +2290,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1705
+#: sssd.conf.5.xml:1755
 msgid ""
 "NOTE: The application domains are currently well tested with "
 "<quote>id_provider=ldap</quote> only."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1709
+#: sssd.conf.5.xml:1759
 msgid ""
 "For an easy way to configure a non-POSIX domains, please see the "
 "<quote>Application domains</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1713
+#: sssd.conf.5.xml:1763
 msgid "Default: posix"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1719
+#: sssd.conf.5.xml:1769
 msgid "min_id,max_id (integer)"
 msgstr "min_id,max_id (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1722
+#: sssd.conf.5.xml:1772
 msgid ""
 "UID and GID limits for the domain. If a domain contains an entry that is "
 "outside these limits, it is ignored."
@@ -2313,7 +2323,7 @@ msgstr ""
 "トリーを含む場合、それは無視されます。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1727
+#: sssd.conf.5.xml:1777
 msgid ""
 "For users, this affects the primary GID limit. The user will not be returned "
 "to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -2325,24 +2335,24 @@ msgstr ""
 "バーに対して、範囲内にあるものは予期されたものとして報告されます。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1734
+#: sssd.conf.5.xml:1784
 msgid ""
 "These ID limits affect even saving entries to cache, not only returning them "
 "by name or ID."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1738
+#: sssd.conf.5.xml:1788
 msgid "Default: 1 for min_id, 0 (no limit) for max_id"
 msgstr "初期値: min_id は 1, max_id は 0 (無制限)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1744
+#: sssd.conf.5.xml:1794
 msgid "enumerate (bool)"
 msgstr "enumerate (論理値)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1747
+#: sssd.conf.5.xml:1797
 msgid ""
 "Determines if a domain can be enumerated, that is, whether the domain can "
 "list all the users and group it contains. Note that it is not required to "
@@ -2351,29 +2361,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1755
+#: sssd.conf.5.xml:1805
 msgid "TRUE = Users and groups are enumerated"
 msgstr "TRUE = ユーザーとグループが列挙されます"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1758
+#: sssd.conf.5.xml:1808
 msgid "FALSE = No enumerations for this domain"
 msgstr "FALSE = このドメインに対して列挙しません"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1761 sssd.conf.5.xml:1983 sssd.conf.5.xml:2150
+#: sssd.conf.5.xml:1811 sssd.conf.5.xml:2033 sssd.conf.5.xml:2208
 msgid "Default: FALSE"
 msgstr "初期値: FALSE"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1764
+#: sssd.conf.5.xml:1814
 msgid ""
 "Enumerating a domain requires SSSD to download and store ALL user and group "
 "entries from the remote server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1769
+#: sssd.conf.5.xml:1819
 msgid ""
 "Note: Enabling enumeration has a moderate performance impact on SSSD while "
 "enumeration is running. It may take up to several minutes after SSSD startup "
@@ -2387,7 +2397,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1784
+#: sssd.conf.5.xml:1834
 msgid ""
 "While the first enumeration is running, requests for the complete user or "
 "group lists may return no results until it completes."
@@ -2396,7 +2406,7 @@ msgstr ""
 "れが完了するまで結果を返しません。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1789
+#: sssd.conf.5.xml:1839
 msgid ""
 "Further, enabling enumeration may increase the time necessary to detect "
 "network disconnection, as longer timeouts are required to ensure that "
@@ -2409,39 +2419,39 @@ msgstr ""
 "てください。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1797
+#: sssd.conf.5.xml:1847
 msgid ""
 "For the reasons cited above, enabling enumeration is not recommended, "
 "especially in large environments."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1805
+#: sssd.conf.5.xml:1855
 msgid "subdomain_enumerate (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1812
+#: sssd.conf.5.xml:1862
 msgid "all"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1813
+#: sssd.conf.5.xml:1863
 msgid "All discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1816
+#: sssd.conf.5.xml:1866
 msgid "none"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1817
+#: sssd.conf.5.xml:1867
 msgid "No discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1808
+#: sssd.conf.5.xml:1858
 msgid ""
 "Whether any of autodetected trusted domains should be enumerated. The "
 "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -2450,12 +2460,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1831
+#: sssd.conf.5.xml:1881
 msgid "entry_cache_timeout (integer)"
 msgstr "entry_cache_timeout (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1834
+#: sssd.conf.5.xml:1884
 msgid ""
 "How many seconds should nss_sss consider entries valid before asking the "
 "backend again"
@@ -2464,7 +2474,7 @@ msgstr ""
 "数です。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1838
+#: sssd.conf.5.xml:1888
 msgid ""
 "The cache expiration timestamps are stored as attributes of individual "
 "objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -2475,17 +2485,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1851
+#: sssd.conf.5.xml:1901
 msgid "Default: 5400"
 msgstr "初期値: 5400"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1857
+#: sssd.conf.5.xml:1907
 msgid "entry_cache_user_timeout (integer)"
 msgstr "entry_cache_user_timeout (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1860
+#: sssd.conf.5.xml:1910
 msgid ""
 "How many seconds should nss_sss consider user entries valid before asking "
 "the backend again"
@@ -2494,19 +2504,19 @@ msgstr ""
 "考える秒数です。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1864 sssd.conf.5.xml:1877 sssd.conf.5.xml:1890
-#: sssd.conf.5.xml:1903 sssd.conf.5.xml:1916 sssd.conf.5.xml:1930
-#: sssd.conf.5.xml:1944
+#: sssd.conf.5.xml:1914 sssd.conf.5.xml:1927 sssd.conf.5.xml:1940
+#: sssd.conf.5.xml:1953 sssd.conf.5.xml:1966 sssd.conf.5.xml:1980
+#: sssd.conf.5.xml:1994
 msgid "Default: entry_cache_timeout"
 msgstr "初期値: entry_cache_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1870
+#: sssd.conf.5.xml:1920
 msgid "entry_cache_group_timeout (integer)"
 msgstr "entry_cache_group_timeout (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1873
+#: sssd.conf.5.xml:1923
 msgid ""
 "How many seconds should nss_sss consider group entries valid before asking "
 "the backend again"
@@ -2515,12 +2525,12 @@ msgstr ""
 "考える秒数です。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1883
+#: sssd.conf.5.xml:1933
 msgid "entry_cache_netgroup_timeout (integer)"
 msgstr "entry_cache_netgroup_timeout (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1886
+#: sssd.conf.5.xml:1936
 msgid ""
 "How many seconds should nss_sss consider netgroup entries valid before "
 "asking the backend again"
@@ -2529,12 +2539,12 @@ msgstr ""
 "有効であると考える秒数です。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1896
+#: sssd.conf.5.xml:1946
 msgid "entry_cache_service_timeout (integer)"
 msgstr "entry_cache_service_timeout (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1899
+#: sssd.conf.5.xml:1949
 msgid ""
 "How many seconds should nss_sss consider service entries valid before asking "
 "the backend again"
@@ -2543,94 +2553,94 @@ msgstr ""
 "考える秒数です。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1909
+#: sssd.conf.5.xml:1959
 msgid "entry_cache_sudo_timeout (integer)"
 msgstr "entry_cache_sudo_timeout (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:1962
 msgid ""
 "How many seconds should sudo consider rules valid before asking the backend "
 "again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1922
+#: sssd.conf.5.xml:1972
 msgid "entry_cache_autofs_timeout (integer)"
 msgstr "entry_cache_autofs_timeout (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1925
+#: sssd.conf.5.xml:1975
 msgid ""
 "How many seconds should the autofs service consider automounter maps valid "
 "before asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1936
+#: sssd.conf.5.xml:1986
 msgid "entry_cache_ssh_host_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1939
+#: sssd.conf.5.xml:1989
 msgid ""
 "How many seconds to keep a host ssh key after refresh. IE how long to cache "
 "the host key for."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1950
+#: sssd.conf.5.xml:2000
 msgid "refresh_expired_interval (integer)"
 msgstr "refresh_expired_interval (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1953
+#: sssd.conf.5.xml:2003
 msgid ""
 "Specifies how many seconds SSSD has to wait before triggering a background "
 "refresh task which will refresh all expired or nearly expired records."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1958
+#: sssd.conf.5.xml:2008
 msgid ""
 "The background refresh will process users, groups and netgroups in the cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1962
+#: sssd.conf.5.xml:2012
 msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1966 sssd-ldap.5.xml:746 sssd-ipa.5.xml:254
+#: sssd.conf.5.xml:2016 sssd-ldap.5.xml:746 sssd-ipa.5.xml:254
 msgid "Default: 0 (disabled)"
 msgstr "初期値: 0 (無効)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1972
+#: sssd.conf.5.xml:2022
 msgid "cache_credentials (bool)"
 msgstr "cache_credentials (論理値)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1975
+#: sssd.conf.5.xml:2025
 msgid "Determines if user credentials are also cached in the local LDB cache"
 msgstr ""
 "ユーザーのクレディンシャルがローカル LDB キャッシュにキャッシュされるかどうか"
 "を決めます"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1979
+#: sssd.conf.5.xml:2029
 msgid "User credentials are stored in a SHA512 hash, not in plaintext"
 msgstr ""
 "ユーザーのクレディンシャルが、平文ではなく SHA512 ハッシュで保存されます"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1989
+#: sssd.conf.5.xml:2039
 msgid "cache_credentials_minimal_first_factor_length (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1992
+#: sssd.conf.5.xml:2042
 msgid ""
 "If 2-Factor-Authentication (2FA) is used and credentials should be saved "
 "this value determines the minimal length the first authentication factor "
@@ -2638,24 +2648,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1999
+#: sssd.conf.5.xml:2049
 msgid ""
 "This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
 "the cache which would make them easy targets for brute-force attacks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2004
+#: sssd.conf.5.xml:2054
 msgid "Default: 8"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2010
+#: sssd.conf.5.xml:2060
 msgid "account_cache_expiration (integer)"
 msgstr "account_cache_expiration (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2013
+#: sssd.conf.5.xml:2063
 msgid ""
 "Number of days entries are left in cache after last successful login before "
 "being removed during a cleanup of the cache. 0 means keep forever.  The "
@@ -2667,17 +2677,17 @@ msgstr ""
 "offline_credentials_expiration と同等以上でなければいけません。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2020
+#: sssd.conf.5.xml:2070
 msgid "Default: 0 (unlimited)"
 msgstr "初期値: 0 (無制限)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2025
+#: sssd.conf.5.xml:2075
 msgid "pwd_expiration_warning (integer)"
 msgstr "pwd_expiration_warning (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2036
+#: sssd.conf.5.xml:2086
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -2686,17 +2696,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2043
+#: sssd.conf.5.xml:2093
 msgid "Default: 7 (Kerberos), 0 (LDAP)"
 msgstr "初期値: 7 (Kerberos), 0 (LDAP)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2049
+#: sssd.conf.5.xml:2099
 msgid "id_provider (string)"
 msgstr "id_provider (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2052
+#: sssd.conf.5.xml:2102
 msgid ""
 "The identification provider used for the domain.  Supported ID providers are:"
 msgstr ""
@@ -2704,17 +2714,38 @@ msgstr ""
 "ダーは次のとおりです:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2056
-msgid "<quote>proxy</quote>: Support a legacy NSS provider"
+#: sssd.conf.5.xml:2106
+#, fuzzy
+#| msgid "<quote>proxy</quote>: Support a legacy NSS provider"
+msgid "<quote>proxy</quote>: Support a legacy NSS provider."
 msgstr "<quote>proxy</quote>: レガシーな NSS プロバイダーのサポート"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2059 sssd.conf.5.xml:2196
-msgid "<quote>local</quote>: SSSD internal provider for local users"
+#: sssd.conf.5.xml:2109
+#, fuzzy
+#| msgid "<quote>local</quote>: SSSD internal provider for local users"
+msgid ""
+"<quote>local</quote>: SSSD internal provider for local users (DEPRECATED)."
 msgstr "<quote>local</quote>: ローカルユーザー向け SSSD 内部プロバイダー"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2063
+#: sssd.conf.5.xml:2113
+#, fuzzy
+#| msgid ""
+#| "<quote>ldap</quote>: LDAP provider. See <citerefentry> "
+#| "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
+#| "citerefentry> for more information on configuring LDAP."
+msgid ""
+"<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-"
+"files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
+"information on how to mirror local users and groups into SSSD."
+msgstr ""
+"<quote>ldap</quote>: LDAP プロバイダー。LDAP の設定に関する詳細は "
+"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> を参照してください。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2121
 msgid ""
 "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
 "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -2725,8 +2756,8 @@ msgstr ""
 "manvolnum> </citerefentry> を参照してください。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2071 sssd.conf.5.xml:2176 sssd.conf.5.xml:2231
-#: sssd.conf.5.xml:2294
+#: sssd.conf.5.xml:2129 sssd.conf.5.xml:2234 sssd.conf.5.xml:2289
+#: sssd.conf.5.xml:2352
 msgid ""
 "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
 "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -2739,8 +2770,8 @@ msgstr ""
 "い。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2080 sssd.conf.5.xml:2185 sssd.conf.5.xml:2240
-#: sssd.conf.5.xml:2303
+#: sssd.conf.5.xml:2138 sssd.conf.5.xml:2243 sssd.conf.5.xml:2298
+#: sssd.conf.5.xml:2361
 msgid ""
 "<quote>ad</quote>: Active Directory provider. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2751,12 +2782,12 @@ msgstr ""
 "<manvolnum>5</manvolnum> </citerefentry> を参照してください。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2091
+#: sssd.conf.5.xml:2149
 msgid "use_fully_qualified_names (bool)"
 msgstr "use_fully_qualified_names (論理値)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2094
+#: sssd.conf.5.xml:2152
 msgid ""
 "Use the full name and domain (as formatted by the domain's full_name_format) "
 "as the user's login name reported to NSS."
@@ -2765,7 +2796,7 @@ msgstr ""
 "名形式により整形されたように) を使用します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2099
+#: sssd.conf.5.xml:2157
 msgid ""
 "If set to TRUE, all requests to this domain must use fully qualified names. "
 "For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -2778,7 +2809,7 @@ msgstr ""
 "んが、<command>getent passwd test@LOCAL</command> は見つけられます。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2107
+#: sssd.conf.5.xml:2165
 msgid ""
 "NOTE: This option has no effect on netgroup lookups due to their tendency to "
 "include nested netgroups without qualified names. For netgroups, all domains "
@@ -2786,22 +2817,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2114
+#: sssd.conf.5.xml:2172
 msgid "Default: FALSE (TRUE if default_domain_suffix is used)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2120
+#: sssd.conf.5.xml:2178
 msgid "ignore_group_members (bool)"
 msgstr "ignore_group_members (論理値)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2123
+#: sssd.conf.5.xml:2181
 msgid "Do not return group members for group lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2126
+#: sssd.conf.5.xml:2184
 msgid ""
 "If set to TRUE, the group membership attribute is not requested from the "
 "ldap server, and group members are not returned when processing group lookup "
@@ -2813,7 +2844,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2144
+#: sssd.conf.5.xml:2202
 msgid ""
 "Enabling this option can also make access provider checks for group "
 "membership significantly faster, especially for groups containing many "
@@ -2821,12 +2852,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2155
+#: sssd.conf.5.xml:2213
 msgid "auth_provider (string)"
 msgstr "auth_provider (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2158
+#: sssd.conf.5.xml:2216
 msgid ""
 "The authentication provider used for the domain.  Supported auth providers "
 "are:"
@@ -2835,7 +2866,7 @@ msgstr ""
 "ダーは次のとおりです:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2162 sssd.conf.5.xml:2224
+#: sssd.conf.5.xml:2220 sssd.conf.5.xml:2282
 msgid ""
 "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2846,7 +2877,7 @@ msgstr ""
 "manvolnum> </citerefentry> を参照してください。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2169
+#: sssd.conf.5.xml:2227
 msgid ""
 "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2857,19 +2888,24 @@ msgstr ""
 "manvolnum> </citerefentry> を参照してください。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2193
+#: sssd.conf.5.xml:2251
 msgid ""
 "<quote>proxy</quote> for relaying authentication to some other PAM target."
 msgstr ""
 "<quote>proxy</quote> はいくつかの他の PAM ターゲットに認証を中継します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2200
+#: sssd.conf.5.xml:2254
+msgid "<quote>local</quote>: SSSD internal provider for local users"
+msgstr "<quote>local</quote>: ローカルユーザー向け SSSD 内部プロバイダー"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2258
 msgid "<quote>none</quote> disables authentication explicitly."
 msgstr "<quote>none</quote> は明示的に認証を無効化します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2203
+#: sssd.conf.5.xml:2261
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "authentication requests."
@@ -2878,12 +2914,12 @@ msgstr ""
 "ならば、それが使用されます。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2209
+#: sssd.conf.5.xml:2267
 msgid "access_provider (string)"
 msgstr "access_provider (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2212
+#: sssd.conf.5.xml:2270
 msgid ""
 "The access control provider used for the domain.  There are two built-in "
 "access providers (in addition to any included in installed backends)  "
@@ -2894,7 +2930,7 @@ msgstr ""
 "えます）。内部の特別プロバイダーは次のとおりです:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2218
+#: sssd.conf.5.xml:2276
 msgid ""
 "<quote>permit</quote> always allow access. It's the only permitted access "
 "provider for a local domain."
@@ -2903,12 +2939,12 @@ msgstr ""
 "ロバイダーのみアクセスが許可されます。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2221
+#: sssd.conf.5.xml:2279
 msgid "<quote>deny</quote> always deny access."
 msgstr "<quote>deny</quote> は常にアクセスを拒否します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2248
+#: sssd.conf.5.xml:2306
 msgid ""
 "<quote>simple</quote> access control based on access or deny lists. See "
 "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -2921,7 +2957,7 @@ msgstr ""
 "citerefentry> を参照してください。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2255
+#: sssd.conf.5.xml:2313
 msgid ""
 "<quote>krb5</quote>: .k5login based access control.  See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
@@ -2929,22 +2965,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2262
+#: sssd.conf.5.xml:2320
 msgid "<quote>proxy</quote> for relaying access control to another PAM module."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2265
+#: sssd.conf.5.xml:2323
 msgid "Default: <quote>permit</quote>"
 msgstr "初期値: <quote>permit</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2270
+#: sssd.conf.5.xml:2328
 msgid "chpass_provider (string)"
 msgstr "chpass_provider (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2273
+#: sssd.conf.5.xml:2331
 msgid ""
 "The provider which should handle change password operations for the domain.  "
 "Supported change password providers are:"
@@ -2953,7 +2989,7 @@ msgstr ""
 "パスワード変更プロバイダーは次のとおりです:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2278
+#: sssd.conf.5.xml:2336
 msgid ""
 "<quote>ldap</quote> to change a password stored in a LDAP server. See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -2961,7 +2997,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2286
+#: sssd.conf.5.xml:2344
 msgid ""
 "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2972,7 +3008,7 @@ msgstr ""
 "<manvolnum>5</manvolnum> </citerefentry> を参照してください。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2311
+#: sssd.conf.5.xml:2369
 msgid ""
 "<quote>proxy</quote> for relaying password changes to some other PAM target."
 msgstr ""
@@ -2980,12 +3016,12 @@ msgstr ""
 "します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2315
+#: sssd.conf.5.xml:2373
 msgid "<quote>none</quote> disallows password changes explicitly."
 msgstr "<quote>none</quote> は明示的にパスワードの変更を無効化します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2318
+#: sssd.conf.5.xml:2376
 msgid ""
 "Default: <quote>auth_provider</quote> is used if it is set and can handle "
 "change password requests."
@@ -2994,19 +3030,19 @@ msgstr ""
 "うことができるならば、それが使用されます。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2325
+#: sssd.conf.5.xml:2383
 msgid "sudo_provider (string)"
 msgstr "sudo_provider (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2328
+#: sssd.conf.5.xml:2386
 msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
 msgstr ""
 "ドメインに使用される SUDO プロバイダーです。サポートされる SUDO プロバイダー"
 "は次のとおりです:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2332
+#: sssd.conf.5.xml:2390
 msgid ""
 "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3017,33 +3053,33 @@ msgstr ""
 "<manvolnum>5</manvolnum> </citerefentry> を参照します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2340
+#: sssd.conf.5.xml:2398
 msgid ""
 "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2344
+#: sssd.conf.5.xml:2402
 msgid ""
 "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2348
+#: sssd.conf.5.xml:2406
 msgid "<quote>none</quote> disables SUDO explicitly."
 msgstr "<quote>none</quote> は SUDO を明示的に無効化します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2351 sssd.conf.5.xml:2437 sssd.conf.5.xml:2507
-#: sssd.conf.5.xml:2532
+#: sssd.conf.5.xml:2409 sssd.conf.5.xml:2495 sssd.conf.5.xml:2565
+#: sssd.conf.5.xml:2590
 msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
 msgstr ""
 "初期値: <quote>id_provider</quote> の値が設定されていると使用されます。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2355
+#: sssd.conf.5.xml:2413
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -3054,7 +3090,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2370
+#: sssd.conf.5.xml:2428
 msgid ""
 "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the "
 "background unless the sudo provider is explicitly disabled. Set "
@@ -3063,12 +3099,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2380
+#: sssd.conf.5.xml:2438
 msgid "selinux_provider (string)"
 msgstr "selinux_provider (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2383
+#: sssd.conf.5.xml:2441
 msgid ""
 "The provider which should handle loading of selinux settings. Note that this "
 "provider will be called right after access provider ends.  Supported selinux "
@@ -3076,7 +3112,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2389
+#: sssd.conf.5.xml:2447
 msgid ""
 "<quote>ipa</quote> to load selinux settings from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -3084,31 +3120,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2397
+#: sssd.conf.5.xml:2455
 msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2400
+#: sssd.conf.5.xml:2458
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "selinux loading requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2406
+#: sssd.conf.5.xml:2464
 msgid "subdomains_provider (string)"
 msgstr "subdomains_provider (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2409
+#: sssd.conf.5.xml:2467
 msgid ""
 "The provider which should handle fetching of subdomains. This value should "
 "be always the same as id_provider.  Supported subdomain providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2415
+#: sssd.conf.5.xml:2473
 msgid ""
 "<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -3116,7 +3152,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2424
+#: sssd.conf.5.xml:2482
 msgid ""
 "<quote>ad</quote> to load a list of subdomains from an Active Directory "
 "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -3125,19 +3161,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2433
+#: sssd.conf.5.xml:2491
 msgid "<quote>none</quote> disallows fetching subdomains explicitly."
 msgstr "<quote>none</quote> はサブドメインの取り出しを明示的に無効化します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2443
-#, fuzzy
-#| msgid "selinux_provider (string)"
+#: sssd.conf.5.xml:2501
 msgid "session_provider (string)"
-msgstr "selinux_provider (文字列)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2446
+#: sssd.conf.5.xml:2504
 msgid ""
 "The provider which configures and manages user session related tasks. The "
 "only user session task currently provided is the integration with Fleet "
@@ -3145,43 +3179,37 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2453
+#: sssd.conf.5.xml:2511
 msgid "<quote>ipa</quote> to allow performing user session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2457
+#: sssd.conf.5.xml:2515
 msgid ""
 "<quote>none</quote> does not perform any kind of user session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2461
-#, fuzzy
-#| msgid ""
-#| "Default: <quote>id_provider</quote> is used if it is set and can handle "
-#| "authentication requests."
+#: sssd.conf.5.xml:2519
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can perform "
 "session related tasks."
 msgstr ""
-"初期値: <quote>id_provider</quote> が設定され、認証要求を取り扱うことができる"
-"ならば、それが使用されます。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2465
+#: sssd.conf.5.xml:2523
 msgid ""
 "<emphasis>NOTE:</emphasis> In order to have this feature working as expected "
 "SSSD must be running as \"root\" and not as the unprivileged user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2473
+#: sssd.conf.5.xml:2531
 msgid "autofs_provider (string)"
 msgstr "autofs_provider (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2476
+#: sssd.conf.5.xml:2534
 msgid ""
 "The autofs provider used for the domain.  Supported autofs providers are:"
 msgstr ""
@@ -3189,7 +3217,7 @@ msgstr ""
 "プロバイダーは次のとおりです:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2480
+#: sssd.conf.5.xml:2538
 msgid ""
 "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3200,7 +3228,7 @@ msgstr ""
 "<manvolnum>5</manvolnum> </citerefentry> を参照してください。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2487
+#: sssd.conf.5.xml:2545
 msgid ""
 "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
 "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3211,7 +3239,7 @@ msgstr ""
 "<manvolnum>5</manvolnum> </citerefentry> を参照してください。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2495
+#: sssd.conf.5.xml:2553
 msgid ""
 "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3219,17 +3247,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2504
+#: sssd.conf.5.xml:2562
 msgid "<quote>none</quote> disables autofs explicitly."
 msgstr "<quote>none</quote> は明示的に autofs を無効にします。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2514
+#: sssd.conf.5.xml:2572
 msgid "hostid_provider (string)"
 msgstr "hostid_provider (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2517
+#: sssd.conf.5.xml:2575
 msgid ""
 "The provider used for retrieving host identity information.  Supported "
 "hostid providers are:"
@@ -3238,7 +3266,7 @@ msgstr ""
 "hostid プロバイダーは次のとおりです:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2521
+#: sssd.conf.5.xml:2579
 msgid ""
 "<quote>ipa</quote> to load host identity stored in an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -3249,12 +3277,12 @@ msgstr ""
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> を参照してください。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2529
+#: sssd.conf.5.xml:2587
 msgid "<quote>none</quote> disables hostid explicitly."
 msgstr "<quote>none</quote> は明示的に hostid を無効にします。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2542
+#: sssd.conf.5.xml:2600
 msgid ""
 "Regular expression for this domain that describes how to parse the string "
 "containing user name and domain into these components.  The \"domain\" can "
@@ -3264,7 +3292,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2551
+#: sssd.conf.5.xml:2609
 msgid ""
 "Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
 "\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -3273,29 +3301,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2556
+#: sssd.conf.5.xml:2614
 msgid "username"
 msgstr "username"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2559
+#: sssd.conf.5.xml:2617
 msgid "username@domain.name"
 msgstr "username@domain.name"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2562
+#: sssd.conf.5.xml:2620
 msgid "domain\\username"
 msgstr "domain\\username"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2565
+#: sssd.conf.5.xml:2623
 msgid ""
 "While the first two correspond to the general default the third one is "
 "introduced to allow easy integration of users from Windows domains."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2570
+#: sssd.conf.5.xml:2628
 msgid ""
 "Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
 "which translates to \"the name is everything up to the <quote>@</quote> "
@@ -3306,7 +3334,7 @@ msgstr ""
 "everything after that\" に解釈されます。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2576
+#: sssd.conf.5.xml:2634
 msgid ""
 "PLEASE NOTE: the support for non-unique named subpatterns is not available "
 "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -3314,7 +3342,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2583
+#: sssd.conf.5.xml:2641
 msgid ""
 "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
 "P&lt;name&gt;) to label subpatterns."
@@ -3323,17 +3351,17 @@ msgstr ""
 "Python 構文 (?P&lt;name&gt;) のみをサポートします。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2630
+#: sssd.conf.5.xml:2688
 msgid "Default: <quote>%1$s@%2$s</quote>."
 msgstr "初期値: <quote>%1$s@%2$s</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2636
+#: sssd.conf.5.xml:2694
 msgid "lookup_family_order (string)"
 msgstr "lookup_family_order (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2639
+#: sssd.conf.5.xml:2697
 msgid ""
 "Provides the ability to select preferred address family to use when "
 "performing DNS lookups."
@@ -3342,81 +3370,73 @@ msgstr ""
 "します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2643
+#: sssd.conf.5.xml:2701
 msgid "Supported values:"
 msgstr "サポートする値:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2646
+#: sssd.conf.5.xml:2704
 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
 msgstr ""
 "ipv4_first: IPv4 アドレスの検索を試行します。失敗すると IPv6 を試行します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2649
+#: sssd.conf.5.xml:2707
 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
 msgstr ""
 "ipv4_only: ホスト名を IPv4 アドレスに名前解決することのみを試行します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2652
+#: sssd.conf.5.xml:2710
 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
 msgstr ""
 "ipv6_first: IPv6 アドレスの検索を試行します。失敗すると IPv4 を試行します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2655
+#: sssd.conf.5.xml:2713
 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
 msgstr ""
 "ipv6_only: ホスト名を IPv6 アドレスに名前解決することのみを試行します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2658
+#: sssd.conf.5.xml:2716
 msgid "Default: ipv4_first"
 msgstr "初期値: ipv4_first"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2664
+#: sssd.conf.5.xml:2722
 msgid "dns_resolver_timeout (integer)"
 msgstr "dns_resolver_timeout (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2667
-#, fuzzy
-#| msgid ""
-#| "Defines the amount of time (in seconds) to wait for a reply from the DNS "
-#| "resolver before assuming that it is unreachable. If this timeout is "
-#| "reached, the domain will continue to operate in offline mode."
+#: sssd.conf.5.xml:2725
 msgid ""
 "Defines the amount of time (in seconds) to wait for a reply from the "
 "internal fail over service before assuming that the service is unreachable. "
 "If this timeout is reached, the domain will continue to operate in offline "
 "mode."
 msgstr ""
-"DNS リゾルバーが到達不可能であると仮定するまでに、そこからの応答を待つ時間"
-"（秒単位）を定義します。このタイムアウトに達すると、ドメインはオフラインモー"
-"ドにて操作を継続します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2674
+#: sssd.conf.5.xml:2732
 msgid ""
 "Please see the section <quote>FAILOVER</quote> for more information about "
 "the service resolution."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2679 sssd-ldap.5.xml:1396 sssd-ldap.5.xml:1438
+#: sssd.conf.5.xml:2737 sssd-ldap.5.xml:1396 sssd-ldap.5.xml:1438
 #: sssd-ldap.5.xml:1456 sssd-krb5.5.xml:248
 msgid "Default: 6"
 msgstr "初期値: 6"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2685
+#: sssd.conf.5.xml:2743
 msgid "dns_discovery_domain (string)"
 msgstr "dns_discovery_domain (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2688
+#: sssd.conf.5.xml:2746
 msgid ""
 "If service discovery is used in the back end, specifies the domain part of "
 "the service discovery DNS query."
@@ -3425,52 +3445,52 @@ msgstr ""
 "イン部分を指定します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2692
+#: sssd.conf.5.xml:2750
 msgid "Default: Use the domain part of machine's hostname"
 msgstr "初期値: マシンのホスト名のドメイン部分を使用します"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2698
+#: sssd.conf.5.xml:2756
 msgid "override_gid (integer)"
 msgstr "override_gid (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2701
+#: sssd.conf.5.xml:2759
 msgid "Override the primary GID value with the one specified."
 msgstr "プライマリー GID の値を指定されたもので上書きします。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2707
+#: sssd.conf.5.xml:2765
 msgid "case_sensitive (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2715
+#: sssd.conf.5.xml:2773
 msgid "True"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2718
+#: sssd.conf.5.xml:2776
 msgid "Case sensitive. This value is invalid for AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2724
+#: sssd.conf.5.xml:2782
 msgid "False"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2726
+#: sssd.conf.5.xml:2784
 msgid "Case insensitive."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2730
+#: sssd.conf.5.xml:2788
 msgid "Preserving"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2733
+#: sssd.conf.5.xml:2791
 msgid ""
 "Same as False (case insensitive), but does not lowercase names in the result "
 "of NSS operations. Note that name aliases (and in case of services also "
@@ -3478,7 +3498,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2710
+#: sssd.conf.5.xml:2768
 msgid ""
 "Treat user and group names as case sensitive. At the moment, this option is "
 "not supported in the local provider. Possible option values are: "
@@ -3486,17 +3506,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2745
+#: sssd.conf.5.xml:2803
 msgid "Default: True (False for AD provider)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2751
+#: sssd.conf.5.xml:2809
 msgid "subdomain_inherit (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2754
+#: sssd.conf.5.xml:2812
 msgid ""
 "Specifies a list of configuration parameters that should be inherited by a "
 "subdomain. Please note that only selected parameters can be inherited.  "
@@ -3504,34 +3524,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2760
+#: sssd.conf.5.xml:2818
 msgid "ignore_group_members"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2763
+#: sssd.conf.5.xml:2821
 msgid "ldap_purge_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2766 sssd-ldap.5.xml:1120
+#: sssd.conf.5.xml:2824 sssd-ldap.5.xml:1120
 msgid "ldap_use_tokengroups"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2769
+#: sssd.conf.5.xml:2827
 msgid "ldap_user_principal"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2772
+#: sssd.conf.5.xml:2830
 msgid ""
 "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
 "is not set explicitly)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:2778
+#: sssd.conf.5.xml:2836
 #, no-wrap
 msgid ""
 "subdomain_inherit = ldap_purge_cache_timeout\n"
@@ -3539,32 +3559,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2776 sssd-secrets.5.xml:448
+#: sssd.conf.5.xml:2834 sssd-secrets.5.xml:448
 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2785
+#: sssd.conf.5.xml:2843
 msgid "Note: This option only works with the IPA and AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2792
+#: sssd.conf.5.xml:2850
 msgid "subdomain_homedir (string)"
 msgstr "subdomain_homedir (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2803
+#: sssd.conf.5.xml:2861
 msgid "%F"
 msgstr "%F"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2804
+#: sssd.conf.5.xml:2862
 msgid "flat (NetBIOS) name of a subdomain."
 msgstr "サブドメインのフラット (NetBIOS) 名。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2795
+#: sssd.conf.5.xml:2853
 msgid ""
 "Use this homedir as default value for all subdomains within this domain in "
 "IPA AD trust.  See <emphasis>override_homedir</emphasis> for info about "
@@ -3574,35 +3594,35 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2809
+#: sssd.conf.5.xml:2867
 msgid ""
 "The value can be overridden by <emphasis>override_homedir</emphasis> option."
 msgstr ""
 "値は <emphasis>override_homedir</emphasis> オプションにより上書きできます。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2813
+#: sssd.conf.5.xml:2871
 msgid "Default: <filename>/home/%d/%u</filename>"
 msgstr "初期値: <filename>/home/%d/%u</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2818
+#: sssd.conf.5.xml:2876
 msgid "realmd_tags (string)"
 msgstr "realmd_tags (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2821
+#: sssd.conf.5.xml:2879
 msgid ""
 "Various tags stored by the realmd configuration service for this domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2827
+#: sssd.conf.5.xml:2885
 msgid "cached_auth_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2830
+#: sssd.conf.5.xml:2888
 msgid ""
 "Specifies time in seconds since last successful online authentication for "
 "which user will be authenticated using cached credentials while SSSD is in "
@@ -3610,12 +3630,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2836
+#: sssd.conf.5.xml:2894
 msgid "Special value 0 implies that this feature is disabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2840
+#: sssd.conf.5.xml:2898
 msgid ""
 "Please note that if <quote>cached_auth_timeout</quote> is longer than "
 "<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -3623,28 +3643,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2851
-#, fuzzy
-#| msgid "autofs_provider (string)"
+#: sssd.conf.5.xml:2909
 msgid "auto_private_groups (string)"
-msgstr "autofs_provider (文字列)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2854
+#: sssd.conf.5.xml:2912
 msgid ""
 "If this option is enabled, SSSD will automatically create user private "
 "groups based on user's UID number. The GID number is ignored in this case."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2859
+#: sssd.conf.5.xml:2917
 msgid ""
 "For POSIX subdomains, setting the option in the main domain is inherited in "
 "the subdomain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2863
+#: sssd.conf.5.xml:2921
 msgid ""
 "For ID-mapping subdomains, auto_private_groups is already enabled for the "
 "subdomains and setting it to false will not have any effect for the "
@@ -3652,7 +3670,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2868
+#: sssd.conf.5.xml:2926
 msgid ""
 "NOTE: Because the GID number and the user private group are inferred from "
 "the UID number, it is not supported to have multiple entries with the same "
@@ -3661,7 +3679,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1677
+#: sssd.conf.5.xml:1727
 msgid ""
 "These configuration options can be present in a domain configuration "
 "section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -3672,17 +3690,17 @@ msgstr ""
 "\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2887
+#: sssd.conf.5.xml:2945
 msgid "proxy_pam_target (string)"
 msgstr "proxy_pam_target (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2890
+#: sssd.conf.5.xml:2948
 msgid "The proxy target PAM proxies to."
 msgstr "中継するプロキシターゲット PAM です。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2893
+#: sssd.conf.5.xml:2951
 msgid ""
 "Default: not set by default, you have to take an existing pam configuration "
 "or create a new one and add the service name here."
@@ -3691,12 +3709,12 @@ msgstr ""
 "をここに追加する必要があります。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2901
+#: sssd.conf.5.xml:2959
 msgid "proxy_lib_name (string)"
 msgstr "proxy_lib_name (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2904
+#: sssd.conf.5.xml:2962
 msgid ""
 "The name of the NSS library to use in proxy domains. The NSS functions "
 "searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -3707,12 +3725,12 @@ msgstr ""
 "_nss_files_getpwent です。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2914
+#: sssd.conf.5.xml:2972
 msgid "proxy_fast_alias (boolean)"
 msgstr "proxy_fast_alias (論理値)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2917
+#: sssd.conf.5.xml:2975
 msgid ""
 "When a user or group is looked up by name in the proxy provider, a second "
 "lookup by ID is performed to \"canonicalize\" the name in case the requested "
@@ -3721,12 +3739,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2931
+#: sssd.conf.5.xml:2989
 msgid "proxy_max_children (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2934
+#: sssd.conf.5.xml:2992
 msgid ""
 "This option specifies the number of pre-forked proxy children. It is useful "
 "for high-load SSSD environments where sssd may run out of available child "
@@ -3734,7 +3752,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2883
+#: sssd.conf.5.xml:2941
 msgid ""
 "Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
 "\"0\"/>"
@@ -3743,12 +3761,12 @@ msgstr ""
 "\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2950
+#: sssd.conf.5.xml:3008
 msgid "Application domains"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2952
+#: sssd.conf.5.xml:3010
 msgid ""
 "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</"
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to "
@@ -3765,7 +3783,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2972
+#: sssd.conf.5.xml:3030
 msgid ""
 "Please note that the application domain must still be explicitly enabled in "
 "the <quote>domains</quote> parameter so that the lookup order between the "
@@ -3773,17 +3791,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:2978
+#: sssd.conf.5.xml:3036
 msgid "Application domain parameters"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2980
+#: sssd.conf.5.xml:3038
 msgid "inherit_from (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2983
+#: sssd.conf.5.xml:3041
 msgid ""
 "The SSSD POSIX-type domain the application domain inherits all settings "
 "from. The application domain can moreover add its own settings to the "
@@ -3792,7 +3810,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2997
+#: sssd.conf.5.xml:3055
 msgid ""
 "The following example illustrates the use of an application domain. In this "
 "setup, the POSIX domain is connected to an LDAP server and is used by the OS "
@@ -3802,7 +3820,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting>
-#: sssd.conf.5.xml:3005
+#: sssd.conf.5.xml:3063
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -3822,12 +3840,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:3023
+#: sssd.conf.5.xml:3081
 msgid "The local domain section"
 msgstr "ローカルドメインのセクション"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:3025
+#: sssd.conf.5.xml:3083
 msgid ""
 "This section contains settings for domain that stores users and groups in "
 "SSSD native database, that is, a domain that uses "
@@ -3838,27 +3856,27 @@ msgstr ""
 "メインに対する設定を含みます。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3032
+#: sssd.conf.5.xml:3090
 msgid "default_shell (string)"
 msgstr "default_shell (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3035
+#: sssd.conf.5.xml:3093
 msgid "The default shell for users created with SSSD userspace tools."
 msgstr "SSSD ユーザー空間ツールを用いて作成されたユーザーの初期シェルです。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3039
+#: sssd.conf.5.xml:3097
 msgid "Default: <filename>/bin/bash</filename>"
 msgstr "初期値: <filename>/bin/bash</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3044
+#: sssd.conf.5.xml:3102
 msgid "base_directory (string)"
 msgstr "base_directory (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3047
+#: sssd.conf.5.xml:3105
 msgid ""
 "The tools append the login name to <replaceable>base_directory</replaceable> "
 "and use that as the home directory."
@@ -3867,17 +3885,17 @@ msgstr ""
 "ホームディレクトリーとして使用します。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3052
+#: sssd.conf.5.xml:3110
 msgid "Default: <filename>/home</filename>"
 msgstr "初期値: <filename>/home</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3057
+#: sssd.conf.5.xml:3115
 msgid "create_homedir (bool)"
 msgstr "create_homedir (論理値)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3060
+#: sssd.conf.5.xml:3118
 msgid ""
 "Indicate if a home directory should be created by default for new users.  "
 "Can be overridden on command line."
@@ -3886,17 +3904,17 @@ msgstr ""
 "す。コマンドラインにおいて上書きできます。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3064 sssd.conf.5.xml:3076
+#: sssd.conf.5.xml:3122 sssd.conf.5.xml:3134
 msgid "Default: TRUE"
 msgstr "初期値: TRUE"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3069
+#: sssd.conf.5.xml:3127
 msgid "remove_homedir (bool)"
 msgstr "remove_homedir (論理値)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3072
+#: sssd.conf.5.xml:3130
 msgid ""
 "Indicate if a home directory should be removed by default for deleted "
 "users.  Can be overridden on command line."
@@ -3905,12 +3923,12 @@ msgstr ""
 "す。コマンドラインにおいて上書きできます。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3081
+#: sssd.conf.5.xml:3139
 msgid "homedir_umask (integer)"
 msgstr "homedir_umask (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3084
+#: sssd.conf.5.xml:3142
 msgid ""
 "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
 "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -3921,17 +3939,17 @@ msgstr ""
 "manvolnum> </citerefentry> により使用されます。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3092
+#: sssd.conf.5.xml:3150
 msgid "Default: 077"
 msgstr "初期値: 077"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3097
+#: sssd.conf.5.xml:3155
 msgid "skel_dir (string)"
 msgstr "skel_dir (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3100
+#: sssd.conf.5.xml:3158
 msgid ""
 "The skeleton directory, which contains files and directories to be copied in "
 "the user's home directory, when the home directory is created by "
@@ -3944,17 +3962,17 @@ msgstr ""
 "を含む、スケルトンディレクトリーです。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3110
+#: sssd.conf.5.xml:3168
 msgid "Default: <filename>/etc/skel</filename>"
 msgstr "初期値: <filename>/etc/skel</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3115
+#: sssd.conf.5.xml:3173
 msgid "mail_dir (string)"
 msgstr "mail_dir (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3118
+#: sssd.conf.5.xml:3176
 msgid ""
 "The mail spool directory. This is needed to manipulate the mailbox when its "
 "corresponding user account is modified or deleted.  If not specified, a "
@@ -3965,17 +3983,17 @@ msgstr ""
 "が使用されます。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3125
+#: sssd.conf.5.xml:3183
 msgid "Default: <filename>/var/mail</filename>"
 msgstr "初期値: <filename>/var/mail</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3130
+#: sssd.conf.5.xml:3188
 msgid "userdel_cmd (string)"
 msgstr "userdel_cmd (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3133
+#: sssd.conf.5.xml:3191
 msgid ""
 "The command that is run after a user is removed.  The command us passed the "
 "username of the user being removed as the first and only parameter. The "
@@ -3986,17 +4004,17 @@ msgstr ""
 "せん。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3139
+#: sssd.conf.5.xml:3197
 msgid "Default: None, no command is run"
 msgstr "初期値: なし、コマンドを実行しません"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:3149
+#: sssd.conf.5.xml:3207
 msgid "TRUSTED DOMAIN SECTION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3151
+#: sssd.conf.5.xml:3209
 msgid ""
 "Some options used in the domain section can also be used in the trusted "
 "domain section, that is, in a section called <quote>[domain/"
@@ -4007,64 +4025,64 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3158
+#: sssd.conf.5.xml:3216
 msgid "ldap_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3159
+#: sssd.conf.5.xml:3217
 msgid "ldap_user_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3160
+#: sssd.conf.5.xml:3218
 msgid "ldap_group_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3161
+#: sssd.conf.5.xml:3219
 msgid "ldap_netgroup_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3162
+#: sssd.conf.5.xml:3220
 msgid "ldap_service_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3163
+#: sssd.conf.5.xml:3221
 msgid "ad_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3164
+#: sssd.conf.5.xml:3222
 msgid "ad_backup_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3165
+#: sssd.conf.5.xml:3223
 msgid "ad_site,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3166
+#: sssd.conf.5.xml:3224
 msgid "use_fully_qualified_names"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3168
+#: sssd.conf.5.xml:3226
 msgid ""
 "For more details about these options see their individual description in the "
 "manual page."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:3174 idmap_sss.8.xml:43
+#: sssd.conf.5.xml:3232 idmap_sss.8.xml:43
 msgid "EXAMPLES"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:3180
+#: sssd.conf.5.xml:3238
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -4118,25 +4136,16 @@ msgstr ""
 "enumerate = False\n"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3176
-#, fuzzy
-#| msgid ""
-#| "The following example shows a typical SSSD config. It does not describe "
-#| "configuration of the domains themselves - refer to documentation on "
-#| "configuring domains for more details.  <placeholder type=\"programlisting"
-#| "\" id=\"0\"/>"
+#: sssd.conf.5.xml:3234
 msgid ""
 "1. The following example shows a typical SSSD config. It does not describe "
 "configuration of the domains themselves - refer to documentation on "
 "configuring domains for more details.  <placeholder type=\"programlisting\" "
 "id=\"0\"/>"
 msgstr ""
-"以下の例は SSSD の一般的な設定を示します。ドメイン自身の設定を説明していませ"
-"ん - ドメインの設定に関する詳細はドキュメントを参照してください。  "
-"<placeholder type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:3213
+#: sssd.conf.5.xml:3271
 #, no-wrap
 msgid ""
 "[domain/ipa.com/child.ad.com]\n"
@@ -4144,7 +4153,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3207
+#: sssd.conf.5.xml:3265
 msgid ""
 "2. The following example shows configuration of IPA AD trust where the AD "
 "forest consists of two domains in a parent-child structure.  Suppose IPA "
@@ -4204,7 +4213,7 @@ msgstr ""
 "オプションを参照してください。"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:81 sssd-ad.5.xml:112
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:81 sssd-ad.5.xml:115
 #: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44 sssd-files.5.xml:57
 #: sssd-secrets.5.xml:120 sssd-session-recording.5.xml:58 sssd-kcm.8.xml:139
 msgid "CONFIGURATION OPTIONS"
@@ -4312,7 +4321,7 @@ msgstr ""
 "な LDAP 検索フィルターである必要があります。"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:662 sssd-ad.5.xml:283
+#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:662 sssd-ad.5.xml:286
 #: sss_override.8.xml:137 sss_override.8.xml:234
 msgid "Examples:"
 msgstr "例:"
@@ -5175,39 +5184,23 @@ msgstr "初期値: host"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:833
-#, fuzzy
-#| msgid "ldap_user_authorized_host (string)"
 msgid "ldap_user_authorized_rhost (string)"
-msgstr "ldap_user_authorized_host (文字列)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:836
-#, fuzzy
-#| msgid ""
-#| "If access_provider=ldap and ldap_access_order=host, SSSD will use the "
-#| "presence of the host attribute in the user's LDAP entry to determine "
-#| "access privilege."
 msgid ""
 "If access_provider=ldap and ldap_access_order=rhost, SSSD will use the "
 "presence of the rhost attribute in the user's LDAP entry to determine access "
 "privilege. Similarly to host verification process."
 msgstr ""
-"access_provider=ldap かつ ldap_access_order=host ならば、 SSSD はアクセス権限"
-"を決めるために、ユーザーの LDAP エントリーにあるホスト属性の存在を使用しま"
-"す。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:843
-#, fuzzy
-#| msgid ""
-#| "An explicit deny (!host) is resolved first. Second, SSSD searches for "
-#| "explicit allow (host) and finally for allow_all (*)."
 msgid ""
 "An explicit deny (!rhost) is resolved first. Second, SSSD searches for "
 "explicit allow (rhost) and finally for allow_all (*)."
 msgstr ""
-"明示的な拒否 (!host) がまず解決されます。次に SSSD が明示的な許可 (host) を検"
-"索します。最後にすべて許可 (*) が検索されます。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:848
@@ -5219,10 +5212,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:855
-#, fuzzy
-#| msgid "Default: host"
 msgid "Default: rhost"
-msgstr "初期値: host"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:861
@@ -5236,10 +5227,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:868
-#, fuzzy
-#| msgid "Default: filter"
 msgid "Default: userCertificate;binary"
-msgstr "初期値: filter"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:874
@@ -5582,17 +5571,13 @@ msgstr "ldap_netgroup_modify_timestamp (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1216
-#, fuzzy
-#| msgid "ldap_user_object_class (string)"
 msgid "ldap_host_object_class (string)"
-msgstr "ldap_user_object_class (文字列)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1219
-#, fuzzy
-#| msgid "The object class of a user entry in LDAP."
 msgid "The object class of a host entry in LDAP."
-msgstr "LDAP にあるユーザーエントリーのオブジェクトクラスです。"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1222 sssd-ldap.5.xml:1331
@@ -5601,75 +5586,55 @@ msgstr "初期値: ipService"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1228
-#, fuzzy
-#| msgid "ad_hostname (string)"
 msgid "ldap_host_name (string)"
-msgstr "ad_hostname (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1257
-#, fuzzy
-#| msgid "The LDAP attribute that corresponds to the group name."
 msgid "The LDAP attribute that corresponds to the host's name."
-msgstr "グループ名に対応する LDAP 属性です。"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1241
-#, fuzzy
-#| msgid "ldap_sudo_hostnames (string)"
 msgid "ldap_host_fqdn (string)"
-msgstr "ldap_sudo_hostnames (文字列)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1244
-#, fuzzy
-#| msgid "The LDAP attribute that corresponds to the user's full name."
 msgid ""
 "The LDAP attribute that corresponds to the host's fully-qualified domain "
 "name."
-msgstr "ユーザーの完全名に対応する LDAP 属性です。"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1248
-#, fuzzy
-#| msgid "Default: cn"
 msgid "Default: fqdn"
-msgstr "初期値: cn"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1254
-#, fuzzy
-#| msgid "ldap_dns_service_name (string)"
 msgid "ldap_host_serverhostname (string)"
-msgstr "ldap_dns_service_name (文字列)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1261
-#, fuzzy
-#| msgid "Default: sudoHost"
 msgid "Default: serverHostname"
-msgstr "初期値: sudoHost"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1267
-#, fuzzy
-#| msgid "ldap_user_member_of (string)"
 msgid "ldap_host_member_of (string)"
-msgstr "ldap_user_member_of (文字列)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1270
-#, fuzzy
-#| msgid "The LDAP attribute that lists the user's group memberships."
 msgid "The LDAP attribute that lists the host's group memberships."
-msgstr "ユーザーのグループメンバーを一覧にする LDAP 属性です。"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1280
-#, fuzzy
-#| msgid "ipa_host_search_base (string)"
 msgid "ldap_host_search_base (string)"
-msgstr "ipa_host_search_base (文字列)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1283
@@ -5695,31 +5660,23 @@ msgstr "初期値: <emphasis>ldap_search_base</emphasis> の値"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1299
-#, fuzzy
-#| msgid "ldap_user_ssh_public_key (string)"
 msgid "ldap_host_ssh_public_key (string)"
-msgstr "ldap_user_ssh_public_key (文字列)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1302
-#, fuzzy
-#| msgid "The LDAP attribute that contains the user's SSH public keys."
 msgid "The LDAP attribute that contains the host's SSH public keys."
-msgstr "ユーザーの SSH 公開鍵を含む LDAP 属性です。"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1312
-#, fuzzy
-#| msgid "ldap_sasl_authid (string)"
 msgid "ldap_host_uuid (string)"
-msgstr "ldap_sasl_authid (文字列)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1315
-#, fuzzy
-#| msgid "The LDAP attribute that contains the port managed by this service."
 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP host object."
-msgstr "このサービスにより管理されるポートを含む LDAP 属性です。"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1325
@@ -6307,7 +6264,7 @@ msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
 msgstr "GSSAPI が使用されている場合、TGT の有効期間を秒単位で指定します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1853 sssd-ad.5.xml:934
+#: sssd-ldap.5.xml:1853 sssd-ad.5.xml:937
 msgid "Default: 86400 (24 hours)"
 msgstr "初期値: 86400 (24 時間)"
 
@@ -6769,14 +6726,10 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:2237
-#, fuzzy
-#| msgid ""
-#| "<emphasis>host</emphasis>: use the host attribute to determine access"
 msgid ""
 "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
 "remote host can access"
 msgstr ""
-"<emphasis>host</emphasis>: アクセス権を決めるために host 属性を使用します"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:2241
@@ -6909,10 +6862,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:2341 sssd-ifp.5.xml:136
-#, fuzzy
-#| msgid "ldap_opt_timeout (integer)"
 msgid "wildcard_limit (integer)"
-msgstr "ldap_opt_timeout (整数)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:2344
@@ -7465,8 +7416,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd-ldap.5.xml:2816 sssd-simple.5.xml:131 sssd-ipa.5.xml:736
-#: sssd-ad.5.xml:1038 sssd-krb5.5.xml:570 sss_rpcidmapd.5.xml:98
-#: sssd-files.5.xml:71 sssd-session-recording.5.xml:144
+#: sssd-ad.5.xml:1041 sssd-krb5.5.xml:570 sss_rpcidmapd.5.xml:98
+#: sssd-files.5.xml:103 sssd-session-recording.5.xml:144
 msgid "EXAMPLE"
 msgstr "例"
 
@@ -7496,8 +7447,8 @@ msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para>
 #: sssd-ldap.5.xml:2823 sssd-ldap.5.xml:2841 sssd-simple.5.xml:139
-#: sssd-ipa.5.xml:744 sssd-ad.5.xml:1046 sssd-sudo.5.xml:56 sssd-krb5.5.xml:579
-#: sssd-files.5.xml:78 sssd-session-recording.5.xml:150
+#: sssd-ipa.5.xml:744 sssd-ad.5.xml:1049 sssd-sudo.5.xml:56 sssd-krb5.5.xml:579
+#: sssd-files.5.xml:110 sssd-session-recording.5.xml:150
 #: include/ldap_id_mapping.xml:105
 msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
@@ -7532,7 +7483,7 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd-ldap.5.xml:2857 sssd_krb5_locator_plugin.8.xml:61 sssd-simple.5.xml:148
-#: sssd-ad.5.xml:1061 sssd.8.xml:230 sss_seed.8.xml:163
+#: sssd-ad.5.xml:1064 sssd.8.xml:230 sss_seed.8.xml:163
 msgid "NOTES"
 msgstr "注記"
 
@@ -8001,7 +7952,7 @@ msgstr ""
 "ンの中のグループのみに適用されます。ローカルグループは評価されません。"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:82 sssd-ad.5.xml:113
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:82 sssd-ad.5.xml:116
 msgid ""
 "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
 "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -8107,23 +8058,24 @@ msgstr ""
 msgid ""
 "The rules are processed by priority while the number '0' (zero)  indicates "
 "the highest priority. The higher the number the lower is the priority. A "
-"missing value indicates the lowest priority."
+"missing value indicates the lowest priority. The rules processing is stopped "
+"when a matched rule is found and no further rules are checked."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:50
+#: sss-certmap.5.xml:52
 msgid ""
 "Internally the priority is treated as unsigned 32bit integer, using a "
 "priority value larger than 4294967295 will cause an error."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sss-certmap.5.xml:55
+#: sss-certmap.5.xml:57
 msgid "MATCHING RULE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:57
+#: sss-certmap.5.xml:59
 msgid ""
 "The matching rule is used to select a certificate to which the mapping rule "
 "should be applied. It uses a system similar to the one used by "
@@ -8135,12 +8087,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:69
+#: sss-certmap.5.xml:71
 msgid "&lt;SUBJECT&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:72
+#: sss-certmap.5.xml:74
 msgid ""
 "With this a part or the whole subject name of the certificate can be "
 "matched. For the matching POSIX Extended Regular Expression syntax is used, "
@@ -8148,7 +8100,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:78
+#: sss-certmap.5.xml:80
 msgid ""
 "For the matching the subject name stored in the certificate in DER encoded "
 "ASN.1 is converted into a string according to RFC 4514. This means the most "
@@ -8161,172 +8113,172 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:91
+#: sss-certmap.5.xml:93
 msgid "Example: &lt;SUBJECT&gt;.*,DC=MY,DC=DOMAIN"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:96
+#: sss-certmap.5.xml:98
 msgid "&lt;ISSUER&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:99
+#: sss-certmap.5.xml:101
 msgid ""
 "With this a part or the whole issuer name of the certificate can be matched. "
 "All comments for &lt;SUBJECT&gt; apply her as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:104
+#: sss-certmap.5.xml:106
 msgid "Example: &lt;ISSUER&gt;^CN=My-CA,DC=MY,DC=DOMAIN$"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:109
+#: sss-certmap.5.xml:111
 msgid "&lt;KU&gt;key-usage"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:112
+#: sss-certmap.5.xml:114
 msgid ""
 "This option can be used to specify which key usage values the certificate "
 "should have. The following values can be used in a comma separated list:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:116
+#: sss-certmap.5.xml:118
 msgid "digitalSignature"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:117
+#: sss-certmap.5.xml:119
 msgid "nonRepudiation"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:118
+#: sss-certmap.5.xml:120
 msgid "keyEncipherment"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:119
+#: sss-certmap.5.xml:121
 msgid "dataEncipherment"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:120
+#: sss-certmap.5.xml:122
 msgid "keyAgreement"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:121
+#: sss-certmap.5.xml:123
 msgid "keyCertSign"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:122
+#: sss-certmap.5.xml:124
 msgid "cRLSign"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:123
+#: sss-certmap.5.xml:125
 msgid "encipherOnly"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:124
+#: sss-certmap.5.xml:126
 msgid "decipherOnly"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:128
+#: sss-certmap.5.xml:130
 msgid ""
 "A numerical value in the range of a 32bit unsigned integer can be used as "
 "well to cover special use cases."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:132
+#: sss-certmap.5.xml:134
 msgid "Example: &lt;KU&gt;digitalSignature,keyEncipherment"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:137
+#: sss-certmap.5.xml:139
 msgid "&lt;EKU&gt;extended-key-usage"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:140
+#: sss-certmap.5.xml:142
 msgid ""
 "This option can be used to specify which extended key usage the certificate "
 "should have. The following value can be used in a comma separated list:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:144
+#: sss-certmap.5.xml:146
 msgid "serverAuth"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:145
+#: sss-certmap.5.xml:147
 msgid "clientAuth"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:146
+#: sss-certmap.5.xml:148
 msgid "codeSigning"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:147
+#: sss-certmap.5.xml:149
 msgid "emailProtection"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:148
+#: sss-certmap.5.xml:150
 msgid "timeStamping"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:149
+#: sss-certmap.5.xml:151
 msgid "OCSPSigning"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:150
+#: sss-certmap.5.xml:152
 msgid "KPClientAuth"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:151
+#: sss-certmap.5.xml:153
 msgid "pkinit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:152
+#: sss-certmap.5.xml:154
 msgid "msScLogin"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:156
+#: sss-certmap.5.xml:158
 msgid ""
 "Extended key usages which are not listed above can be specified with their "
 "OID in dotted-decimal notation."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:160
+#: sss-certmap.5.xml:162
 msgid "Example: &lt;EKU&gt;clientAuth,1.3.6.1.5.2.3.4"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:165
+#: sss-certmap.5.xml:167
 msgid "&lt;SAN&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:168
+#: sss-certmap.5.xml:170
 msgid ""
 "To be compatible with the usage of MIT Kerberos this option will match the "
 "Kerberos principals in the PKINIT or AD NT Principal SAN as &lt;SAN:"
@@ -8334,62 +8286,62 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:173
+#: sss-certmap.5.xml:175
 msgid "Example: &lt;SAN&gt;.*@MY\\.REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:178
+#: sss-certmap.5.xml:180
 msgid "&lt;SAN:Principal&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:181
+#: sss-certmap.5.xml:183
 msgid "Match the Kerberos principals in the PKINIT or AD NT Principal SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:185
+#: sss-certmap.5.xml:187
 msgid "Example: &lt;SAN:Principal&gt;.*@MY\\.REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:190
+#: sss-certmap.5.xml:192
 msgid "&lt;SAN:ntPrincipalName&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:193
+#: sss-certmap.5.xml:195
 msgid "Match the Kerberos principals from the AD NT Principal SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:197
+#: sss-certmap.5.xml:199
 msgid "Example: &lt;SAN:ntPrincipalName&gt;.*@MY.AD.REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:202
+#: sss-certmap.5.xml:204
 msgid "&lt;SAN:pkinit&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:205
+#: sss-certmap.5.xml:207
 msgid "Match the Kerberos principals from the PKINIT SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:208
+#: sss-certmap.5.xml:210
 msgid "Example: &lt;SAN:ntPrincipalName&gt;.*@MY\\.PKINIT\\.REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:213
+#: sss-certmap.5.xml:215
 msgid "&lt;SAN:dotted-decimal-oid&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:216
+#: sss-certmap.5.xml:218
 msgid ""
 "Take the value of the otherName SAN component given by the OID in dotted-"
 "decimal notation, interpret it as string and try to match it against the "
@@ -8397,17 +8349,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:222
+#: sss-certmap.5.xml:224
 msgid "Example: &lt;SAN:1.2.3.4&gt;test"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:227
+#: sss-certmap.5.xml:229
 msgid "&lt;SAN:otherName&gt;base64-string"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:230
+#: sss-certmap.5.xml:232
 msgid ""
 "Do a binary match with the base64 encoded blob against all otherName SAN "
 "components. With this option it is possible to match against custom "
@@ -8416,145 +8368,145 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:237
+#: sss-certmap.5.xml:239
 msgid "Example: &lt;SAN:otherName&gt;MTIz"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:242
+#: sss-certmap.5.xml:244
 msgid "&lt;SAN:rfc822Name&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:245
+#: sss-certmap.5.xml:247
 msgid "Match the value of the rfc822Name SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:248
+#: sss-certmap.5.xml:250
 msgid "Example: &lt;SAN:rfc822Name&gt;.*@email\\.domain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:253
+#: sss-certmap.5.xml:255
 msgid "&lt;SAN:dNSName&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:256
+#: sss-certmap.5.xml:258
 msgid "Match the value of the dNSName SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:259
+#: sss-certmap.5.xml:261
 msgid "Example: &lt;SAN:dNSName&gt;.*\\.my\\.dns\\.domain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:264
+#: sss-certmap.5.xml:266
 msgid "&lt;SAN:x400Address&gt;base64-string"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:267
+#: sss-certmap.5.xml:269
 msgid "Binary match the value of the x400Address SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:270
+#: sss-certmap.5.xml:272
 msgid "Example: &lt;SAN:x400Address&gt;MTIz"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:275
+#: sss-certmap.5.xml:277
 msgid "&lt;SAN:directoryName&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:278
+#: sss-certmap.5.xml:280
 msgid ""
 "Match the value of the directoryName SAN. The same comments as given for &lt;"
 "ISSUER&gt; and &lt;SUBJECT&gt; apply here as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:283
+#: sss-certmap.5.xml:285
 msgid "Example: &lt;SAN:directoryName&gt;.*,DC=com"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:288
+#: sss-certmap.5.xml:290
 msgid "&lt;SAN:ediPartyName&gt;base64-string"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:291
+#: sss-certmap.5.xml:293
 msgid "Binary match the value of the ediPartyName SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:294
+#: sss-certmap.5.xml:296
 msgid "Example: &lt;SAN:ediPartyName&gt;MTIz"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:299
+#: sss-certmap.5.xml:301
 msgid "&lt;SAN:uniformResourceIdentifier&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:302
+#: sss-certmap.5.xml:304
 msgid "Match the value of the uniformResourceIdentifier SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:305
+#: sss-certmap.5.xml:307
 msgid "Example: &lt;SAN:uniformResourceIdentifier&gt;URN:.*"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:310
+#: sss-certmap.5.xml:312
 msgid "&lt;SAN:iPAddress&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:313
+#: sss-certmap.5.xml:315
 msgid "Match the value of the iPAddress SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:316
+#: sss-certmap.5.xml:318
 msgid "Example: &lt;SAN:iPAddress&gt;192\\.168\\..*"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:321
+#: sss-certmap.5.xml:323
 msgid "&lt;SAN:registeredID&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:324
+#: sss-certmap.5.xml:326
 msgid "Match the value of the registeredID SAN as dotted-decimal string."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:328
+#: sss-certmap.5.xml:330
 msgid "Example: &lt;SAN:registeredID&gt;1\\.2\\.3\\..*"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:66
+#: sss-certmap.5.xml:68
 msgid ""
 "The available options are: <placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sss-certmap.5.xml:336
+#: sss-certmap.5.xml:338
 msgid "MAPPING RULE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:338
+#: sss-certmap.5.xml:340
 msgid ""
 "The mapping rule is used to associate a certificate with one or more "
 "accounts. A Smartcard with the certificate and the matching private key can "
@@ -8562,7 +8514,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:343
+#: sss-certmap.5.xml:345
 msgid ""
 "Currently SSSD basically only supports LDAP to lookup user information (the "
 "exception is the proxy provider which is not of relevance here). Because of "
@@ -8574,7 +8526,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:353
+#: sss-certmap.5.xml:355
 msgid ""
 "In general it is recommended to use attributes from the certificate and add "
 "them to special attributes to the LDAP user object. E.g. the "
@@ -8583,7 +8535,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:359
+#: sss-certmap.5.xml:361
 msgid ""
 "This should be preferred to read user specific data from the certificate "
 "like e.g. an email address and search for it in the LDAP server. The reason "
@@ -8593,12 +8545,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:374
+#: sss-certmap.5.xml:376
 msgid "{issuer_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:377
+#: sss-certmap.5.xml:379
 msgid ""
 "This template will add the full issuer DN converted to a string according to "
 "RFC 4514. If X.500 ordering (most specific RDN comes last) an option with "
@@ -8606,40 +8558,40 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:383 sss-certmap.5.xml:409
+#: sss-certmap.5.xml:385 sss-certmap.5.xml:411
 msgid ""
 "The conversion options starting with 'ad_' will use attribute names as used "
 "by AD, e.g. 'S' instead of 'ST'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:387 sss-certmap.5.xml:413
+#: sss-certmap.5.xml:389 sss-certmap.5.xml:415
 msgid ""
 "The conversion options starting with 'nss_' will use attribute names as used "
 "by NSS."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:391 sss-certmap.5.xml:417
+#: sss-certmap.5.xml:393 sss-certmap.5.xml:419
 msgid ""
 "The default conversion option is 'nss', i.e. attribute names according to "
 "NSS and LDAP/RFC 4514 ordering."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:395
+#: sss-certmap.5.xml:397
 msgid ""
 "Example: (ipacertmapdata=X509:&lt;I&gt;{issuer_dn!ad}&lt;S&gt;{subject_dn!"
 "ad})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:400
+#: sss-certmap.5.xml:402
 msgid "{subject_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:403
+#: sss-certmap.5.xml:405
 msgid ""
 "This template will add the full subject DN converted to string according to "
 "RFC 4514. If X.500 ordering (most specific RDN comes last) an option with "
@@ -8647,19 +8599,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:421
+#: sss-certmap.5.xml:423
 msgid ""
 "Example: (ipacertmapdata=X509:&lt;I&gt;{issuer_dn!nss_x500}&lt;S&gt;"
 "{subject_dn!nss_x500})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:426
+#: sss-certmap.5.xml:428
 msgid "{cert[!(bin|base64)]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:429
+#: sss-certmap.5.xml:431
 msgid ""
 "This template will add the whole DER encoded certificate as a string to the "
 "search filter. Depending on the conversion option the binary certificate is "
@@ -8669,17 +8621,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:437
+#: sss-certmap.5.xml:439
 msgid "Example: (userCertificate;binary={cert!bin})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:442
+#: sss-certmap.5.xml:444
 msgid "{subject_principal[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:445
+#: sss-certmap.5.xml:447
 msgid ""
 "This template will add the Kerberos principal which is taken either from the "
 "SAN used by pkinit or the one used by AD. The 'short_name' component "
@@ -8687,19 +8639,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:451 sss-certmap.5.xml:479
+#: sss-certmap.5.xml:453 sss-certmap.5.xml:481
 msgid ""
 "Example: (|(userPrincipal={subject_principal})"
 "(samAccountName={subject_principal.short_name}))"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:456
+#: sss-certmap.5.xml:458
 msgid "{subject_pkinit_principal[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:459
+#: sss-certmap.5.xml:461
 msgid ""
 "This template will add the Kerberos principal which is given by the SAN used "
 "by pkinit. The 'short_name' component represents the first part of the "
@@ -8707,19 +8659,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:465
+#: sss-certmap.5.xml:467
 msgid ""
 "Example: (|(userPrincipal={subject_pkinit_principal})"
 "(uid={subject_pkinit_principal.short_name}))"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:470
+#: sss-certmap.5.xml:472
 msgid "{subject_nt_principal[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:473
+#: sss-certmap.5.xml:475
 msgid ""
 "This template will add the Kerberos principal which is given by the SAN used "
 "by AD. The 'short_name' component represent the first part of the principal "
@@ -8727,12 +8679,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:484
+#: sss-certmap.5.xml:486
 msgid "{subject_rfc822_name[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:487
+#: sss-certmap.5.xml:489
 msgid ""
 "This template will add the string which is stored in the rfc822Name "
 "component of the SAN, typically an email address. The 'short_name' component "
@@ -8740,19 +8692,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:493
+#: sss-certmap.5.xml:495
 msgid ""
 "Example: (|(mail={subject_rfc822_name})(uid={subject_rfc822_name."
 "short_name}))"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:498
+#: sss-certmap.5.xml:500
 msgid "{subject_dns_name[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:501
+#: sss-certmap.5.xml:503
 msgid ""
 "This template will add the string which is stored in the dNSName component "
 "of the SAN, typically a fully-qualified host name.  The 'short_name' "
@@ -8760,116 +8712,116 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:507
+#: sss-certmap.5.xml:509
 msgid ""
 "Example: (|(fqdn={subject_dns_name})(host={subject_dns_name.short_name}))"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:512
+#: sss-certmap.5.xml:514
 msgid "{subject_uri}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:515
+#: sss-certmap.5.xml:517
 msgid ""
 "This template will add the string which is stored in the "
 "uniformResourceIdentifier component of the SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:519
+#: sss-certmap.5.xml:521
 msgid "Example: (uri={subject_uri})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:524
+#: sss-certmap.5.xml:526
 msgid "{subject_ip_address}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:527
+#: sss-certmap.5.xml:529
 msgid ""
 "This template will add the string which is stored in the iPAddress component "
 "of the SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:531
+#: sss-certmap.5.xml:533
 msgid "Example: (ip={subject_ip_address})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:536
+#: sss-certmap.5.xml:538
 msgid "{subject_x400_address}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:539
+#: sss-certmap.5.xml:541
 msgid ""
 "This template will add the value which is stored in the x400Address "
 "component of the SAN as escaped hex sequence."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:544
+#: sss-certmap.5.xml:546
 msgid "Example: (attr:binary={subject_x400_address})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:549
+#: sss-certmap.5.xml:551
 msgid ""
 "{subject_directory_name[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:552
+#: sss-certmap.5.xml:554
 msgid ""
 "This template will add the DN string of the value which is stored in the "
 "directoryName component of the SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:556
+#: sss-certmap.5.xml:558
 msgid "Example: (orig_dn={subject_directory_name})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:561
+#: sss-certmap.5.xml:563
 msgid "{subject_ediparty_name}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:564
+#: sss-certmap.5.xml:566
 msgid ""
 "This template will add the value which is stored in the ediPartyName "
 "component of the SAN as escaped hex sequence."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:569
+#: sss-certmap.5.xml:571
 msgid "Example: (attr:binary={subject_ediparty_name})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:574
+#: sss-certmap.5.xml:576
 msgid "{subject_registered_id}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:577
+#: sss-certmap.5.xml:579
 msgid ""
 "This template will add the OID which is stored in the registeredID component "
 "of the SAN as a dotted-decimal string."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:582
+#: sss-certmap.5.xml:584
 msgid "Example: (oid={subject_registered_id})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:367
+#: sss-certmap.5.xml:369
 msgid ""
 "The templates to add certificate data to the search filter are based on "
 "Python-style formatting strings. They consist of a keyword in curly braces "
@@ -8879,12 +8831,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sss-certmap.5.xml:590
+#: sss-certmap.5.xml:592
 msgid "DOMAIN LIST"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:592
+#: sss-certmap.5.xml:594
 msgid ""
 "If the domain list is not empty users mapped to a given certificate are not "
 "only searched in the local domain but in the listed domains as well as long "
@@ -9009,20 +8961,14 @@ msgstr "ipa_hostname (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:119
-#, fuzzy
-#| msgid ""
-#| "Optional. May be set on machines where the hostname(5) does not reflect "
-#| "the fully qualified name used in the IPA domain to identify this host."
 msgid ""
 "Optional. May be set on machines where the hostname(5) does not reflect the "
 "fully qualified name used in the IPA domain to identify this host.  The "
 "hostname must be fully qualified."
 msgstr ""
-"オプションです。hostname(5) がこのホストを識別するために IPA ドメインにおいて"
-"使用される完全修飾名を反映しないマシンにおいて設定されます。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:863
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:866
 msgid "dyndns_update (boolean)"
 msgstr "dyndns_update (論理値)"
 
@@ -9037,7 +8983,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:140 sssd-ad.5.xml:877
+#: sssd-ipa.5.xml:140 sssd-ad.5.xml:880
 msgid ""
 "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
 "the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -9055,12 +9001,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:157 sssd-ad.5.xml:888
+#: sssd-ipa.5.xml:157 sssd-ad.5.xml:891
 msgid "dyndns_ttl (integer)"
 msgstr "dyndns_ttl (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:160 sssd-ad.5.xml:891
+#: sssd-ipa.5.xml:160 sssd-ad.5.xml:894
 msgid ""
 "The TTL to apply to the client DNS record when updating it.  If "
 "dyndns_update is false this has no effect. This will override the TTL "
@@ -9081,12 +9027,12 @@ msgid "Default: 1200 (seconds)"
 msgstr "初期値: 1200 (秒)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:177 sssd-ad.5.xml:902
+#: sssd-ipa.5.xml:177 sssd-ad.5.xml:905
 msgid "dyndns_iface (string)"
 msgstr "dyndns_iface (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:180 sssd-ad.5.xml:905
+#: sssd-ipa.5.xml:180 sssd-ad.5.xml:908
 msgid ""
 "Optional. Applicable only when dyndns_update is true. Choose the interface "
 "or a list of interfaces whose IP addresses should be used for dynamic DNS "
@@ -9110,17 +9056,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:197 sssd-ad.5.xml:916
+#: sssd-ipa.5.xml:197 sssd-ad.5.xml:919
 msgid "Example: dyndns_iface = em1, vnet1, vnet2"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:203 sssd-ad.5.xml:967
+#: sssd-ipa.5.xml:203 sssd-ad.5.xml:970
 msgid "dyndns_auth (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:206 sssd-ad.5.xml:970
+#: sssd-ipa.5.xml:206 sssd-ad.5.xml:973
 msgid ""
 "Whether the nsupdate utility should use GSS-TSIG authentication for secure "
 "updates with the DNS server, insecure updates can be sent by setting this "
@@ -9128,7 +9074,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:212 sssd-ad.5.xml:976
+#: sssd-ipa.5.xml:212 sssd-ad.5.xml:979
 msgid "Default: GSS-TSIG"
 msgstr ""
 
@@ -9138,7 +9084,7 @@ msgid "ipa_enable_dns_sites (boolean)"
 msgstr "ipa_enable_dns_sites (論理値)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:221 sssd-ad.5.xml:210
+#: sssd-ipa.5.xml:221 sssd-ad.5.xml:213
 msgid "Enables DNS sites - location based service discovery."
 msgstr "DNS サイトの有効化 - 位置情報に基づいたサービス探索。"
 
@@ -9155,7 +9101,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:244 sssd-ad.5.xml:922
+#: sssd-ipa.5.xml:244 sssd-ad.5.xml:925
 msgid "dyndns_refresh_interval (integer)"
 msgstr "dyndns_refresh_interval (整数)"
 
@@ -9168,12 +9114,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:940
+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:943
 msgid "dyndns_update_ptr (bool)"
 msgstr "dyndns_update_ptr (論理値)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:263 sssd-ad.5.xml:943
+#: sssd-ipa.5.xml:263 sssd-ad.5.xml:946
 msgid ""
 "Whether the PTR record should also be explicitly updated when updating the "
 "client's DNS records.  Applicable only when dyndns_update is true."
@@ -9192,12 +9138,12 @@ msgid "Default: False (disabled)"
 msgstr "初期値: False (無効)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:280 sssd-ad.5.xml:954
+#: sssd-ipa.5.xml:280 sssd-ad.5.xml:957
 msgid "dyndns_force_tcp (bool)"
 msgstr "dyndns_force_tcp (論理値)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:283 sssd-ad.5.xml:957
+#: sssd-ipa.5.xml:283 sssd-ad.5.xml:960
 msgid ""
 "Whether the nsupdate utility should default to using TCP for communicating "
 "with the DNS server."
@@ -9206,59 +9152,52 @@ msgstr ""
 "どうか。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:287 sssd-ad.5.xml:961
+#: sssd-ipa.5.xml:287 sssd-ad.5.xml:964
 msgid "Default: False (let nsupdate choose the protocol)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:293 sssd-ad.5.xml:982
+#: sssd-ipa.5.xml:293 sssd-ad.5.xml:985
 msgid "dyndns_server (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:296 sssd-ad.5.xml:985
+#: sssd-ipa.5.xml:296 sssd-ad.5.xml:988
 msgid ""
 "The DNS server to use when performing a DNS update. In most setups, it's "
 "recommended to leave this option unset."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:301 sssd-ad.5.xml:990
+#: sssd-ipa.5.xml:301 sssd-ad.5.xml:993
 msgid ""
 "Setting this option makes sense for environments where the DNS server is "
 "different from the identity server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:306 sssd-ad.5.xml:995
+#: sssd-ipa.5.xml:306 sssd-ad.5.xml:998
 msgid ""
 "Please note that this option will be only used in fallback attempt when "
 "previous attempt using autodetected settings failed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1000
+#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1003
 msgid "Default: None (let nsupdate choose the server)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:317
-#, fuzzy
-#| msgid "ipa_host_search_base (string)"
 msgid "ipa_deskprofile_search_base (string)"
-msgstr "ipa_host_search_base (文字列)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:320
-#, fuzzy
-#| msgid ""
-#| "Optional. Use the given string as search base for HBAC related objects."
 msgid ""
 "Optional. Use the given string as search base for Desktop Profile related "
 "objects."
 msgstr ""
-"オプションです。与えられた文字列を HBAC 関連オブジェクトに対する検索ベースと"
-"して使用します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:324 sssd-ipa.5.xml:337
@@ -9365,36 +9304,34 @@ msgstr ""
 "めに使用するベース DN に変換されます。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:443 sssd-ad.5.xml:1009
+#: sssd-ipa.5.xml:443 sssd-ad.5.xml:1012
 msgid "krb5_confd_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:446 sssd-ad.5.xml:1012
+#: sssd-ipa.5.xml:446 sssd-ad.5.xml:1015
 msgid ""
 "Absolute path of a directory where SSSD should place Kerberos configuration "
 "snippets."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:450 sssd-ad.5.xml:1016
+#: sssd-ipa.5.xml:450 sssd-ad.5.xml:1019
 msgid ""
 "To disable the creation of the configuration snippets set the parameter to "
 "'none'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454 sssd-ad.5.xml:1020
+#: sssd-ipa.5.xml:454 sssd-ad.5.xml:1023
 msgid ""
 "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:461
-#, fuzzy
-#| msgid "ipa_hbac_refresh (integer)"
 msgid "ipa_deskprofile_refresh (integer)"
-msgstr "ipa_hbac_refresh (整数)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:464
@@ -9405,16 +9342,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471 sssd-ipa.5.xml:501 sssd-ipa.5.xml:517 sssd-ad.5.xml:428
+#: sssd-ipa.5.xml:471 sssd-ipa.5.xml:501 sssd-ipa.5.xml:517 sssd-ad.5.xml:431
 msgid "Default: 5 (seconds)"
 msgstr "初期値: 5 (秒)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:477
-#, fuzzy
-#| msgid "ldap_sudo_full_refresh_interval (integer)"
 msgid "ipa_deskprofile_request_interval (integer)"
-msgstr "ldap_sudo_full_refresh_interval (整数)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:480
@@ -9425,10 +9360,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:485
-#, fuzzy
-#| msgid "Default: 900 (15 minutes)"
 msgid "Default: 60 (minutes)"
-msgstr "初期値: 900 (15 分)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:491
@@ -9837,11 +9770,13 @@ msgid ""
 "POSIX attributes are not replicated to the Global Catalog, SSSD must search "
 "all the domains in the forest sequentially. Please note that the "
 "<quote>cache_first</quote> option might be also helpful in speeding up "
-"domainless searches."
+"domainless searches.  Note that if only a subset of POSIX attributes is "
+"present in the Global Catalog, the non-replicated attributes are currently "
+"not read from the LDAP port."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:105
+#: sssd-ad.5.xml:108
 msgid ""
 "Users, groups and other entities served by SSSD are always treated as case-"
 "insensitive in the AD provider for compatibility with Active Directory's "
@@ -9849,12 +9784,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:120
+#: sssd-ad.5.xml:123
 msgid "ad_domain (string)"
 msgstr "ad_domain (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:123
+#: sssd-ad.5.xml:126
 msgid ""
 "Specifies the name of the Active Directory domain.  This is optional. If not "
 "provided, the configuration domain name is used."
@@ -9863,7 +9798,7 @@ msgstr ""
 "ければ、設定のドメイン名が使用されます。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:128
+#: sssd-ad.5.xml:131
 msgid ""
 "For proper operation, this option should be specified as the lower-case "
 "version of the long version of the Active Directory domain."
@@ -9872,19 +9807,19 @@ msgstr ""
 "ンの小文字バージョンとして指定されます。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:133
+#: sssd-ad.5.xml:136
 msgid ""
 "The short domain name (also known as the NetBIOS or the flat name) is "
 "autodetected by the SSSD."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:140
+#: sssd-ad.5.xml:143
 msgid "ad_enabled_domains (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:143
+#: sssd-ad.5.xml:146
 msgid ""
 "A comma-separated list of enabled Active Directory domains.  If provided, "
 "SSSD will ignore any domains not listed in this option. If left unset, all "
@@ -9892,7 +9827,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:153
+#: sssd-ad.5.xml:156
 #, no-wrap
 msgid ""
 "ad_enabled_domains = sales.example.com, eng.example.com\n"
@@ -9900,7 +9835,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:149
+#: sssd-ad.5.xml:152
 msgid ""
 "For proper operation, this option must be specified in all lower-case and as "
 "the fully qualified domain name of the Active Directory domain. For example: "
@@ -9908,19 +9843,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:157
+#: sssd-ad.5.xml:160
 msgid ""
 "The short domain name (also known as the NetBIOS or the flat name) will be "
 "autodetected by SSSD."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:167
+#: sssd-ad.5.xml:170
 msgid "ad_server, ad_backup_server (string)"
 msgstr "ad_server, ad_backup_server (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:170
+#: sssd-ad.5.xml:173
 msgid ""
 "The comma-separated list of hostnames of the AD servers to which SSSD should "
 "connect in order of preference. For more information on failover and server "
@@ -9928,26 +9863,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:177
+#: sssd-ad.5.xml:180
 msgid ""
 "This is optional if autodiscovery is enabled.  For more information on "
 "service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:182
+#: sssd-ad.5.xml:185
 msgid ""
 "Note: Trusted domains will always auto-discover servers even if the primary "
 "server is explicitly defined in the ad_server option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:190
+#: sssd-ad.5.xml:193
 msgid "ad_hostname (string)"
 msgstr "ad_hostname (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:193
+#: sssd-ad.5.xml:196
 msgid ""
 "Optional. May be set on machines where the hostname(5) does not reflect the "
 "fully qualified name used in the Active Directory domain to identify this "
@@ -9957,7 +9892,7 @@ msgstr ""
 "全修飾名を反映しないマシンにおいてマシンに設定されるかもしれません。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:199
+#: sssd-ad.5.xml:202
 msgid ""
 "This field is used to determine the host principal in use in the keytab. It "
 "must match the hostname for which the keytab was issued."
@@ -9966,12 +9901,12 @@ msgstr ""
 "されます。キーテーブルが発行されたホスト名と一致する必要があります。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:207
+#: sssd-ad.5.xml:210
 msgid "ad_enable_dns_sites (boolean)"
 msgstr "ad_enable_dns_sites (論理値)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:214
+#: sssd-ad.5.xml:217
 msgid ""
 "If true and service discovery (see Service Discovery paragraph at the bottom "
 "of the man page)  is enabled, the SSSD will first attempt to discover the "
@@ -9982,12 +9917,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:230
+#: sssd-ad.5.xml:233
 msgid "ad_access_filter (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:233
+#: sssd-ad.5.xml:236
 msgid ""
 "This option specifies LDAP access control filter that the user must match in "
 "order to be allowed access. Please note that the <quote>access_provider</"
@@ -9996,7 +9931,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:241
+#: sssd-ad.5.xml:244
 msgid ""
 "The option also supports specifying different filters per domain or forest. "
 "This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>.  "
@@ -10005,7 +9940,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:249
+#: sssd-ad.5.xml:252
 msgid ""
 "If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</"
 "quote> specifies the domain or subdomain the filter applies to.  If the "
@@ -10014,14 +9949,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:257
+#: sssd-ad.5.xml:260
 msgid ""
 "Multiple filters can be separated with the <quote>?</quote> character, "
 "similarly to how search bases work."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:262
+#: sssd-ad.5.xml:265
 msgid ""
 "Nested group membership must be searched for using a special OID "
 "<quote>:1.2.840.113556.1.4.1941:</quote> in addition to the full DOM:domain."
@@ -10034,7 +9969,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:275
+#: sssd-ad.5.xml:278
 msgid ""
 "The most specific match is always used. For example, if the option specified "
 "filter for a domain the user is a member of and a global filter, the per-"
@@ -10043,7 +9978,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ad.5.xml:286
+#: sssd-ad.5.xml:289
 #, no-wrap
 msgid ""
 "# apply filter on domain called dom1 only:\n"
@@ -10061,24 +9996,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:305
+#: sssd-ad.5.xml:308
 msgid "ad_site (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:308
+#: sssd-ad.5.xml:311
 msgid ""
 "Specify AD site to which client should try to connect.  If this option is "
 "not provided, the AD site will be auto-discovered."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:319
+#: sssd-ad.5.xml:322
 msgid "ad_enable_gc (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:322
+#: sssd-ad.5.xml:325
 msgid ""
 "By default, the SSSD connects to the Global Catalog first to retrieve users "
 "from trusted domains and uses the LDAP port to retrieve group memberships or "
@@ -10087,7 +10022,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:330
+#: sssd-ad.5.xml:333
 msgid ""
 "Please note that disabling Global Catalog support does not disable "
 "retrieving users from trusted domains. The SSSD would connect to the LDAP "
@@ -10096,12 +10031,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:344
+#: sssd-ad.5.xml:347
 msgid "ad_gpo_access_control (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:347
+#: sssd-ad.5.xml:350
 msgid ""
 "This option specifies the operation mode for GPO-based access control "
 "functionality: whether it operates in disabled mode, enforcing mode, or "
@@ -10111,14 +10046,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:356
+#: sssd-ad.5.xml:359
 msgid ""
 "GPO-based access control functionality uses GPO policy settings to determine "
 "whether or not a particular user is allowed to logon to a particular host."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:362
+#: sssd-ad.5.xml:365
 msgid ""
 "NOTE: The current version of SSSD does not support host (computer) entries "
 "in the GPO 'Security Filtering' list. Only user and group entries are "
@@ -10126,7 +10061,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:369
+#: sssd-ad.5.xml:372
 msgid ""
 "NOTE: If the operation mode is set to enforcing, it is possible that users "
 "that were previously allowed logon access will now be denied logon access "
@@ -10139,23 +10074,23 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:382
+#: sssd-ad.5.xml:385
 msgid "There are three supported values for this option:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:386
+#: sssd-ad.5.xml:389
 msgid ""
 "disabled: GPO-based access control rules are neither evaluated nor enforced."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:392
+#: sssd-ad.5.xml:395
 msgid "enforcing: GPO-based access control rules are evaluated and enforced."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:398
+#: sssd-ad.5.xml:401
 msgid ""
 "permissive: GPO-based access control rules are evaluated, but not enforced.  "
 "Instead, a syslog message will be emitted indicating that the user would "
@@ -10163,22 +10098,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:409
+#: sssd-ad.5.xml:412
 msgid "Default: permissive"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:412
+#: sssd-ad.5.xml:415
 msgid "Default: enforcing"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:418
+#: sssd-ad.5.xml:421
 msgid "ad_gpo_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:421
+#: sssd-ad.5.xml:424
 msgid ""
 "The amount of time between lookups of GPO policy files against the AD "
 "server. This will reduce the latency and load on the AD server if there are "
@@ -10186,12 +10121,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:434
+#: sssd-ad.5.xml:437
 msgid "ad_gpo_map_interactive (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:437
+#: sssd-ad.5.xml:440
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the InteractiveLogonRight and "
@@ -10199,14 +10134,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:443
+#: sssd-ad.5.xml:446
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Allow "
 "log on locally\" and \"Deny log on locally\"."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:457
+#: sssd-ad.5.xml:460
 #, no-wrap
 msgid ""
 "ad_gpo_map_interactive = +my_pam_service, -login\n"
@@ -10214,7 +10149,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:448
+#: sssd-ad.5.xml:451
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -10226,78 +10161,78 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:461 sssd-ad.5.xml:557 sssd-ad.5.xml:603 sssd-ad.5.xml:648
-#: sssd-ad.5.xml:714
+#: sssd-ad.5.xml:464 sssd-ad.5.xml:560 sssd-ad.5.xml:606 sssd-ad.5.xml:651
+#: sssd-ad.5.xml:717
 msgid "Default: the default set of PAM service names includes:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:465
+#: sssd-ad.5.xml:468
 msgid "login"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:470
+#: sssd-ad.5.xml:473
 msgid "su"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:475
+#: sssd-ad.5.xml:478
 msgid "su-l"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:480
+#: sssd-ad.5.xml:483
 msgid "gdm-fingerprint"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:485
+#: sssd-ad.5.xml:488
 msgid "gdm-password"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:490
+#: sssd-ad.5.xml:493
 msgid "gdm-smartcard"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:495
+#: sssd-ad.5.xml:498
 msgid "kdm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:500
+#: sssd-ad.5.xml:503
 msgid "lightdm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:505
+#: sssd-ad.5.xml:508
 msgid "lxdm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:510
+#: sssd-ad.5.xml:513
 msgid "sddm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:515
+#: sssd-ad.5.xml:518
 msgid "unity"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:520
+#: sssd-ad.5.xml:523
 msgid "xdm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:529
+#: sssd-ad.5.xml:532
 msgid "ad_gpo_map_remote_interactive (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:532
+#: sssd-ad.5.xml:535
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the RemoteInteractiveLogonRight and "
@@ -10305,7 +10240,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:538
+#: sssd-ad.5.xml:541
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Allow "
 "log on through Remote Desktop Services\" and \"Deny log on through Remote "
@@ -10313,7 +10248,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:553
+#: sssd-ad.5.xml:556
 #, no-wrap
 msgid ""
 "ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n"
@@ -10321,7 +10256,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:544
+#: sssd-ad.5.xml:547
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -10333,22 +10268,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:561
+#: sssd-ad.5.xml:564
 msgid "sshd"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:566
+#: sssd-ad.5.xml:569
 msgid "cockpit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:575
+#: sssd-ad.5.xml:578
 msgid "ad_gpo_map_network (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:578
+#: sssd-ad.5.xml:581
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the NetworkLogonRight and "
@@ -10356,7 +10291,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:584
+#: sssd-ad.5.xml:587
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Access "
 "this computer from the network\" and \"Deny access to this computer from the "
@@ -10364,7 +10299,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:599
+#: sssd-ad.5.xml:602
 #, no-wrap
 msgid ""
 "ad_gpo_map_network = +my_pam_service, -ftp\n"
@@ -10372,7 +10307,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:590
+#: sssd-ad.5.xml:593
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -10384,22 +10319,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:607
+#: sssd-ad.5.xml:610
 msgid "ftp"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:612
+#: sssd-ad.5.xml:615
 msgid "samba"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:621
+#: sssd-ad.5.xml:624
 msgid "ad_gpo_map_batch (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:624
+#: sssd-ad.5.xml:627
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the BatchLogonRight and DenyBatchLogonRight "
@@ -10407,14 +10342,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:630
+#: sssd-ad.5.xml:633
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Allow "
 "log on as a batch job\" and \"Deny log on as a batch job\"."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:644
+#: sssd-ad.5.xml:647
 #, no-wrap
 msgid ""
 "ad_gpo_map_batch = +my_pam_service, -crond\n"
@@ -10422,7 +10357,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:635
+#: sssd-ad.5.xml:638
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -10434,17 +10369,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:652
+#: sssd-ad.5.xml:655
 msgid "crond"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:661
+#: sssd-ad.5.xml:664
 msgid "ad_gpo_map_service (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:664
+#: sssd-ad.5.xml:667
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the ServiceLogonRight and "
@@ -10452,14 +10387,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:670
+#: sssd-ad.5.xml:673
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Allow "
 "log on as a service\" and \"Deny log on as a service\"."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:683
+#: sssd-ad.5.xml:686
 #, no-wrap
 msgid ""
 "ad_gpo_map_service = +my_pam_service\n"
@@ -10467,7 +10402,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:675 sssd-ad.5.xml:750
+#: sssd-ad.5.xml:678 sssd-ad.5.xml:753
 msgid ""
 "It is possible to add a PAM service name to the default set by using <quote>"
 "+service_name</quote>.  Since the default set is empty, it is not possible "
@@ -10478,19 +10413,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:693
+#: sssd-ad.5.xml:696
 msgid "ad_gpo_map_permit (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:696
+#: sssd-ad.5.xml:699
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access is "
 "always granted, regardless of any GPO Logon Rights."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:710
+#: sssd-ad.5.xml:713
 #, no-wrap
 msgid ""
 "ad_gpo_map_permit = +my_pam_service, -sudo\n"
@@ -10498,7 +10433,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:701
+#: sssd-ad.5.xml:704
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -10510,39 +10445,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:718
+#: sssd-ad.5.xml:721
 msgid "polkit-1"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:723
+#: sssd-ad.5.xml:726
 msgid "sudo"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:728
+#: sssd-ad.5.xml:731
 msgid "sudo-i"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:733
+#: sssd-ad.5.xml:736
 msgid "systemd-user"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:742
+#: sssd-ad.5.xml:745
 msgid "ad_gpo_map_deny (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:745
+#: sssd-ad.5.xml:748
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access is "
 "always denied, regardless of any GPO Logon Rights."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:758
+#: sssd-ad.5.xml:761
 #, no-wrap
 msgid ""
 "ad_gpo_map_deny = +my_pam_service\n"
@@ -10550,12 +10485,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:768
+#: sssd-ad.5.xml:771
 msgid "ad_gpo_default_right (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:771
+#: sssd-ad.5.xml:774
 msgid ""
 "This option defines how access control is evaluated for PAM service names "
 "that are not explicitly listed in one of the ad_gpo_map_* options. This "
@@ -10568,57 +10503,57 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:784
+#: sssd-ad.5.xml:787
 msgid "Supported values for this option include:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:788
+#: sssd-ad.5.xml:791
 msgid "interactive"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:793
+#: sssd-ad.5.xml:796
 msgid "remote_interactive"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:798
+#: sssd-ad.5.xml:801
 msgid "network"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:803
+#: sssd-ad.5.xml:806
 msgid "batch"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:808
+#: sssd-ad.5.xml:811
 msgid "service"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:813
+#: sssd-ad.5.xml:816
 msgid "permit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:818
+#: sssd-ad.5.xml:821
 msgid "deny"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:824
+#: sssd-ad.5.xml:827
 msgid "Default: deny"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:830
+#: sssd-ad.5.xml:833
 msgid "ad_maximum_machine_account_password_age (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:833
+#: sssd-ad.5.xml:836
 msgid ""
 "SSSD will check once a day if the machine account password is older than the "
 "given age in days and try to renew it. A value of 0 will disable the renewal "
@@ -10626,17 +10561,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:839
+#: sssd-ad.5.xml:842
 msgid "Default: 30 days"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:845
+#: sssd-ad.5.xml:848
 msgid "ad_machine_account_password_renewal_opts (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:848
+#: sssd-ad.5.xml:851
 msgid ""
 "This option should only be used to test the machine account renewal task. "
 "The option expects 2 integers separated by a colon (':'). The first integer "
@@ -10646,12 +10581,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:857
+#: sssd-ad.5.xml:860
 msgid "Default: 86400:750 (24h and 15m)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:866
+#: sssd-ad.5.xml:869
 msgid ""
 "Optional. This option tells SSSD to automatically update the Active "
 "Directory DNS server with the IP address of this client. The update is "
@@ -10662,19 +10597,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:896
+#: sssd-ad.5.xml:899
 msgid "Default: 3600 (seconds)"
 msgstr "初期値: 3600 (秒)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:912
+#: sssd-ad.5.xml:915
 msgid ""
 "Default: Use the IP addresses of the interface which is used for AD LDAP "
 "connection"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:925
+#: sssd-ad.5.xml:928
 msgid ""
 "How often should the back end perform periodic DNS update in addition to the "
 "automatic update performed when the back end goes online.  This option is "
@@ -10684,12 +10619,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:948 sss_rpcidmapd.5.xml:76
+#: sssd-ad.5.xml:951 sss_rpcidmapd.5.xml:76
 msgid "Default: True"
 msgstr "初期値: True"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:1040
+#: sssd-ad.5.xml:1043
 msgid ""
 "The following example assumes that SSSD is correctly configured and example."
 "com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -10700,7 +10635,7 @@ msgstr ""
 "AD プロバイダー固有のオプションのみ示してします。"
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:1047
+#: sssd-ad.5.xml:1050
 #, no-wrap
 msgid ""
 "[domain/EXAMPLE]\n"
@@ -10724,7 +10659,7 @@ msgstr ""
 "ad_domain = example.com\n"
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:1067
+#: sssd-ad.5.xml:1070
 #, no-wrap
 msgid ""
 "access_provider = ldap\n"
@@ -10736,7 +10671,7 @@ msgstr ""
 "ldap_account_expire_policy = ad\n"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:1063
+#: sssd-ad.5.xml:1066
 msgid ""
 "The AD access control provider checks if the account is expired.  It has the "
 "same effect as the following configuration of the LDAP provider: "
@@ -10744,7 +10679,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:1073
+#: sssd-ad.5.xml:1076
 msgid ""
 "However, unless the <quote>ad</quote> access control provider is explicitly "
 "configured, the default access provider is <quote>permit</quote>. Please "
@@ -10754,15 +10689,15 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:1081
+#: sssd-ad.5.xml:1084
 msgid ""
 "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
 "attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
 "are included in the default Active Directory schema."
 msgstr ""
 
-#. type: Content of: <reference><refentry><refmeta><refentrytitle>
-#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 sssd-session-recording.5.xml:10
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16
 msgid "sssd-sudo"
 msgstr "sssd-sudo"
 
@@ -11098,10 +11033,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sssd.8.xml:101
-#, fuzzy
-#| msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>"
 msgid "<option>--logger=</option><replaceable>value</replaceable>"
-msgstr "<option>--debug-timestamps=</option><replaceable>mode</replaceable>"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd.8.xml:105
@@ -11113,36 +11046,24 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd.8.xml:112
-#, fuzzy
-#| msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages"
 msgid ""
 "<emphasis>stderr</emphasis>: Redirect debug messages to standard error "
 "output."
-msgstr "<emphasis>1</emphasis>: デバッグメッセージに日時を追加します"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd.8.xml:116
-#, fuzzy
-#| msgid ""
-#| "Send the debug output to files instead of stderr. By default, the log "
-#| "files are stored in <filename>/var/log/sssd</filename> and there are "
-#| "separate log files for every SSSD service and domain."
 msgid ""
 "<emphasis>files</emphasis>: Redirect debug messages to the log files. By "
 "default, the log files are stored in <filename>/var/log/sssd</filename> and "
 "there are separate log files for every SSSD service and domain."
 msgstr ""
-"デバッグ出力を標準エラーの代わりにファイルに送信します。初期状態で、ログファ"
-"イルは <filename>/var/log/sssd</filename> に保存され、すべての SSSD サービス"
-"とドメインに対して別々のログファイルがあります。"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd.8.xml:122
-#, fuzzy
-#| msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages"
 msgid ""
 "<emphasis>journald</emphasis>: Redirect debug messages to systemd-journald"
-msgstr "<emphasis>1</emphasis>: デバッグメッセージに日時を追加します"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sssd.8.xml:132
@@ -11336,7 +11257,7 @@ msgid "The password to obfuscate will be read from standard input."
 msgstr "解読しにくくするパスワードが標準入力から読み込まれます。"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:70
+#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:127
 #: sss_ssh_knownhostsproxy.1.xml:78
 msgid ""
 "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
@@ -13049,10 +12970,8 @@ msgstr "sss_debuglevel"
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sss_debuglevel.8.xml:16
-#, fuzzy
-#| msgid "change debug level while SSSD is running"
 msgid "[DEPRECATED] change debug level while SSSD is running"
-msgstr "SSSD が実行中にデバッグレベルを変更する"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
 #: sss_debuglevel.8.xml:21
@@ -13562,8 +13481,98 @@ msgid ""
 "\" id=\"0\"/>"
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sss_ssh_authorizedkeys.1.xml:65
+msgid "KEYS FROM CERTIFICATES"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:67
+msgid ""
+"In addition to the public SSH keys for user <replaceable>USER</replaceable> "
+"<command>sss_ssh_authorizedkeys</command> can return public SSH keys derived "
+"from the public key of a X.509 certificate as well."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:73
+msgid ""
+"To enable this the <quote>ssh_use_certificate_keys</quote> option must be "
+"set to true (default) in the [ssh] section of <filename>sssd.conf</"
+"filename>. If the user entry contains certificates (see "
+"<quote>ldap_user_certificate</quote> in <citerefentry><refentrytitle>sssd-"
+"ldap</refentrytitle> <manvolnum>5</manvolnum></citerefentry> for details) or "
+"there is a certificate in an override entry for the user (see "
+"<citerefentry><refentrytitle>sss_override</refentrytitle> <manvolnum>8</"
+"manvolnum></citerefentry> or <citerefentry><refentrytitle>sssd-ipa</"
+"refentrytitle> <manvolnum>5</manvolnum></citerefentry> for details) and the "
+"certificate is valid SSSD will extract the public key from the certificate "
+"and convert it into the format expected by sshd."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:90
+msgid "Besides <quote>ssh_use_certificate_keys</quote> the options"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+#: sss_ssh_authorizedkeys.1.xml:92
+msgid "ca_db"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+#: sss_ssh_authorizedkeys.1.xml:93
+#, fuzzy
+#| msgid "client_idle_timeout"
+msgid "p11_child_timeout"
+msgstr "client_idle_timeout"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+#: sss_ssh_authorizedkeys.1.xml:94
+msgid "certificate_verification"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:96
+#, fuzzy
+#| msgid ""
+#| "Please refer to the <quote>dns_discovery_domain</quote> parameter in the "
+#| "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+#| "manvolnum> </citerefentry> manual page for more details."
+msgid ""
+"can be used to control how the certificates are validated (see "
+"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry> for details)."
+msgstr ""
+"詳細は <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> マニュアルページにある "
+"<quote>dns_discovery_domain</quote> パラメーターを参照してください。"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:101
+msgid ""
+"The validation is the benefit of using X.509 certificates instead of SSH "
+"keys directly because e.g. it gives a better control of the lifetime of the "
+"keys. When the ssh client is configured to use the private keys from a "
+"Smartcard with the help of a PKCS#11 shared library (see "
+"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></"
+"citerefentry> for details) it might be irritating that authentication is "
+"still working even if the related X.509 certificate on the Smartcard is "
+"already expired because neither <command>ssh</command> nor <command>sshd</"
+"command> will look at the certificate at all."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:114
+msgid ""
+"It has to be noted that the derived public SSH key can still be added to the "
+"<filename>authorized_keys</filename> file of the user to bypass the "
+"certificate validation if the <command>sshd</command> configuration permits "
+"this."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_authorizedkeys.1.xml:75
+#: sss_ssh_authorizedkeys.1.xml:132
 msgid ""
 "Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
 msgstr ""
@@ -13571,12 +13580,12 @@ msgstr ""
 "します。"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_authorizedkeys.1.xml:84 sss_ssh_knownhostsproxy.1.xml:92
+#: sss_ssh_authorizedkeys.1.xml:141 sss_ssh_knownhostsproxy.1.xml:92
 msgid "EXIT STATUS"
 msgstr "終了コード"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:86 sss_ssh_knownhostsproxy.1.xml:94
+#: sss_ssh_authorizedkeys.1.xml:143 sss_ssh_knownhostsproxy.1.xml:94
 msgid ""
 "In case of success, an exit value of 0 is returned. Otherwise, 1 is returned."
 msgstr ""
@@ -13796,25 +13805,79 @@ msgid ""
 "manvolnum> </citerefentry>."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-files.5.xml:69
+#, fuzzy
+#| msgid "ldap_access_filter (string)"
+msgid "passwd_files (string)"
+msgstr "ldap_access_filter (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:72
+msgid ""
+"Comma-separated list of one or multiple password filenames to be read and "
+"enumerated by the files provider, inotify monitor watches will be set on "
+"each file to detect changes dynamically."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:78
+#, fuzzy
+#| msgid "Default: password"
+msgid "Default: /etc/passwd"
+msgstr "初期値: password"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-files.5.xml:84
+#, fuzzy
+#| msgid "ldap_netgroup_triple (string)"
+msgid "group_files (string)"
+msgstr "ldap_netgroup_triple (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:87
+msgid ""
+"Comma-separated list of one or multiple group filenames to be read and "
+"enumerated by the files provider, inotify monitor watches will be set on "
+"each file to detect changes dynamically."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:93
+#, fuzzy
+#| msgid "Default: nisNetgroup"
+msgid "Default: /etc/group"
+msgstr "初期値: nisNetgroup"
+
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-files.5.xml:59
+#, fuzzy
+#| msgid ""
+#| "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
+#| "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
+#| "citerefentry> manual page for details on the configuration of an SSSD "
+#| "domain.  <placeholder type=\"variablelist\" id=\"0\"/>"
 msgid ""
-"The files provider has no specific options of its own, however, generic SSSD "
-"domain options can be set where applicable.  Refer to the section "
-"<quote>DOMAIN SECTIONS</quote> of the <citerefentry> <refentrytitle>sssd."
-"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page "
-"for details on the configuration of an SSSD domain."
+"In addition to the options listed below, generic SSSD domain options can be "
+"set where applicable.  Refer to the section <quote>DOMAIN SECTIONS</quote> "
+"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> manual page for details on the configuration of "
+"an SSSD domain.  <placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
+"SSSD ドメインの設定に関する詳細は <citerefentry> <refentrytitle>sssd.conf</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> マニュアルページの "
+"<quote>ドメインセクション</quote> のセクションを参照してください。  "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-files.5.xml:73
+#: sssd-files.5.xml:105
 msgid ""
 "The following example assumes that SSSD is correctly configured and files is "
 "one of the domains in the <replaceable>[sssd]</replaceable> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-files.5.xml:79
+#: sssd-files.5.xml:111
 #, no-wrap
 msgid ""
 "[domain/files]\n"
@@ -13890,18 +13953,10 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-secrets.5.xml:75
-#, fuzzy
-#| msgid ""
-#| "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
-#| "<manvolnum>8</manvolnum> </citerefentry> to specify the default "
-#| "permissions on a newly created home directory."
 msgid ""
 "used by the <citerefentry> <refentrytitle>sssd-kcm</refentrytitle> "
 "<manvolnum>8</manvolnum> </citerefentry> service."
 msgstr ""
-"新規に作成されるホームディレクトリーにパーミッションの初期値を指定するために "
-"<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</"
-"manvolnum> </citerefentry> により使用されます。"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-secrets.5.xml:61
@@ -14061,10 +14116,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sssd-secrets.5.xml:216
-#, fuzzy
-#| msgid "pam_id_timeout (integer)"
 msgid "max_uid_secrets (integer)"
-msgstr "pam_id_timeout (整数)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd-secrets.5.xml:219
@@ -14593,27 +14646,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-session-recording.5.xml:16
+#: sssd-session-recording.5.xml:10 sssd-session-recording.5.xml:16
 msgid "sssd-session-recording"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sssd-session-recording.5.xml:17
-#, fuzzy
-#| msgid "Configuring sudo with the SSSD back end"
 msgid "Configuring session recording with SSSD"
-msgstr "SSSD バックエンドを用いた sudo の設定法"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-session-recording.5.xml:23
-#, fuzzy
-#| msgid ""
-#| "This manual page describes the configuration of the simple access-control "
-#| "provider for <citerefentry> <refentrytitle>sssd</refentrytitle> "
-#| "<manvolnum>8</manvolnum> </citerefentry>.  For a detailed syntax "
-#| "reference, refer to the <quote>FILE FORMAT</quote> section of the "
-#| "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-#| "manvolnum> </citerefentry> manual page."
 msgid ""
 "This manual page describes how to configure <citerefentry> "
 "<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> "
@@ -14624,11 +14667,6 @@ msgid ""
 "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
 "<manvolnum>5</manvolnum> </citerefentry> manual page."
 msgstr ""
-"このマニュアルは <citerefentry> <refentrytitle>sssd</refentrytitle> "
-"<manvolnum>8</manvolnum> </citerefentry> に対して簡単なアクセス制御の設定を説"
-"明しています。詳細は <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> マニュアルページの <quote>ファイル形"
-"式</quote> セクションを参照してください。"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-session-recording.5.xml:41
@@ -14652,10 +14690,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-session-recording.5.xml:60
-#, fuzzy
-#| msgid "These options can be used to configure the SSH service."
 msgid "These options can be used to configure the session recording."
-msgstr "これらのオプションは SSH サービスを設定するために使用されます。"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-session-recording.5.xml:146
@@ -14879,10 +14915,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sssd-systemtap.5.xml:10 sssd-systemtap.5.xml:16
-#, fuzzy
-#| msgid "sssd-simple"
 msgid "sssd-systemtap"
-msgstr "sssd-simple"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sssd-systemtap.5.xml:17
@@ -14891,20 +14925,11 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-systemtap.5.xml:23
-#, fuzzy
-#| msgid ""
-#| "This manual page only describes attribute name mapping.  For detailed "
-#| "explanation of sudo related attribute semantics, see <citerefentry> "
-#| "<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </"
-#| "citerefentry>"
 msgid ""
 "This manual page provides information about the systemtap functionality in "
 "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
 "</citerefentry>."
 msgstr ""
-"このマニュアルページは属性名マッピングのみを説明します。 sudo に関連する属性"
-"セマンティックの詳細な説明は <citerefentry> <refentrytitle>sudoers.ldap</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry> を参照してください"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-systemtap.5.xml:32
@@ -14940,10 +14965,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sssd-systemtap.5.xml:64
-#, fuzzy
-#| msgid "realm name"
 msgid "probe $name"
-msgstr "レルム名"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd-systemtap.5.xml:67
@@ -15139,16 +15162,11 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
 #: sssd-systemtap.5.xml:257 sssd-systemtap.5.xml:269 sssd-systemtap.5.xml:281
 #: sssd-systemtap.5.xml:293
-#, fuzzy, no-wrap
-#| msgid ""
-#| "fallback_homedir = /home/%u\n"
-#| "                            "
+#, no-wrap
 msgid ""
 "filter:string\n"
 "                       "
 msgstr ""
-"fallback_homedir = /home/%u\n"
-"                            "
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sssd-systemtap.5.xml:262
@@ -15460,10 +15478,8 @@ msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
 #: include/failover.xml:76
-#, fuzzy
-#| msgid "dns_resolver_timeout (integer)"
 msgid "dns_resolver_op_timeout"
-msgstr "dns_resolver_timeout (整数)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: include/failover.xml:80
@@ -15472,10 +15488,8 @@ msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
 #: include/failover.xml:86
-#, fuzzy
-#| msgid "dns_resolver_timeout (integer)"
 msgid "dns_resolver_timeout"
-msgstr "dns_resolver_timeout (整数)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: include/failover.xml:90
@@ -15487,30 +15501,18 @@ msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para>
 #: include/failover.xml:67
-#, fuzzy
-#| msgid ""
-#| "All of the common configuration options that apply to SSSD domains also "
-#| "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> "
-#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
-#| "<manvolnum>5</manvolnum> </citerefentry> manual page for full details.  "
-#| "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgid ""
 "This section lists the available tunables. Please refer to their description "
 "in the <citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
 "manvolnum> </citerefentry>, manual page.  <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
 msgstr ""
-"SSSD ドメインに適用するすべての全体設定オプションを LDAP ドメインに適用しま"
-"す。完全な詳細は <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> マニュアルページの <quote>ドメインセ"
-"クション</quote> を参照してください。  <placeholder type=\"variablelist\" id="
-"\"0\"/>"
 
 #. type: Content of: <refsect1><refsect2><para>
 #: include/failover.xml:100
 msgid ""
 "For LDAP-based providers, the resolve operation is performed as part of an "
-"LDAP connection operation. Thefore, also the <quote>ldap_opt_timeout></"
+"LDAP connection operation. Therefore, also the <quote>ldap_opt_timeout></"
 "quote> timeout should be set to a larger value than "
 "<quote>dns_resolver_timeout</quote> which in turn should be set to a larger "
 "value than <quote>dns_resolver_op_timeout</quote>."
@@ -16376,6 +16378,23 @@ msgstr ""
 msgid "ldap_use_tokengroups = true"
 msgstr ""
 
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ad_modified_defaults.xml:63
+msgid "ldap_sasl_authid = sAMAccountName@REALM (typically SHORTNAME$@REALM)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ad_modified_defaults.xml:66
+msgid ""
+"The AD provider looks for a different principal than the LDAP provider by "
+"default, because in an Active Directory environment the principals are "
+"divided into two groups - User Principals and Service Principals. Only User "
+"Principal can be used to obtain a TGT and by default, computer object's "
+"principal is constructed from its sAMAccountName and the AD realm. The well-"
+"known host/hostname@REALM principal is a Service Principal and thus cannot "
+"be used to get a TGT with."
+msgstr ""
+
 #. type: Content of: <refsect1><para>
 #: include/ipa_modified_defaults.xml:4
 msgid ""
@@ -16478,22 +16497,3 @@ msgstr ""
 #: include/ipa_modified_defaults.xml:118
 msgid "ldap_group_external_member = ipaExternalMember"
 msgstr ""
-
-#~ msgid ""
-#~ "Determines if a domain can be enumerated. This parameter can have one of "
-#~ "the following values:"
-#~ msgstr ""
-#~ "ドメインが列挙できるかを決定します。このパラメーターは以下の値のどれかであ"
-#~ "る必要があります:"
-
-#~ msgid ""
-#~ "<command>sss_debuglevel</command> changes debug level of SSSD monitor and "
-#~ "providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is "
-#~ "running."
-#~ msgstr ""
-#~ "<command>sss_debuglevel</command> は SSSD が実行中に SSSD モニターとプロバ"
-#~ "イダーのデバッグレベルを <replaceable>NEW_DEBUG_LEVEL</replaceable> に変更"
-#~ "します。"
-
-#~ msgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>"
-#~ msgstr "<replaceable>NEW_DEBUG_LEVEL</replaceable>"
diff --git a/src/man/po/lv.po b/src/man/po/lv.po
index d51596f..663ff40 100644
--- a/src/man/po/lv.po
+++ b/src/man/po/lv.po
@@ -7,10 +7,10 @@
 # Kristaps, 2012
 msgid ""
 msgstr ""
-"Project-Id-Version: sssd-docs 1.15.3\n"
+"Project-Id-Version: sssd-docs 1.16.1\n"
 "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2018-03-09 12:30+0100\n"
-"PO-Revision-Date: 2014-12-15 12:00-0500\n"
+"POT-Creation-Date: 2018-06-08 21:00+0200\n"
+"PO-Revision-Date: 2014-12-15 12:00+0000\n"
 "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
 "Language-Team: Latvian (http://www.transifex.com/projects/p/sssd/language/"
 "lv/)\n"
@@ -20,7 +20,7 @@ msgstr ""
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n != 0 ? 1 : "
 "2);\n"
-"X-Generator: Zanata 3.9.6\n"
+"X-Generator: Zanata 4.4.5\n"
 
 #. type: Content of: <reference><title>
 #: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
@@ -91,7 +91,7 @@ msgstr ""
 #: sss_groupmod.8.xml:39 pam_sss.8.xml:64 sssd.8.xml:42 sss_obfuscate.8.xml:58
 #: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
 #: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
-#: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:66
+#: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:123
 #: sss_ssh_knownhostsproxy.1.xml:62
 msgid "OPTIONS"
 msgstr "IESPĒJAS"
@@ -187,7 +187,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd.conf.5.xml:41
 msgid ""
-"A line comment starts with a hash sign (<quote>#</quote>) or a semicolon "
+"A comment line starts with a hash sign (<quote>#</quote>) or a semicolon "
 "(<quote>;</quote>).  Inline comments are not supported."
 msgstr ""
 
@@ -295,11 +295,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:133 sssd.conf.5.xml:543 sssd.conf.5.xml:837
-#: sssd.conf.5.xml:1474 sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1937
-#: sssd-ldap.5.xml:1999 sssd-ldap.5.xml:2565 sssd-ldap.5.xml:2630
-#: sssd-ldap.5.xml:2648 sssd-ad.5.xml:224 sssd-ad.5.xml:338 sssd-ad.5.xml:882
-#: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
+#: sssd.conf.5.xml:133 sssd.conf.5.xml:543 sssd.conf.5.xml:839
+#: sssd.conf.5.xml:1491 sssd.conf.5.xml:1521 sssd-ldap.5.xml:1840
+#: sssd-ldap.5.xml:1937 sssd-ldap.5.xml:1999 sssd-ldap.5.xml:2565
+#: sssd-ldap.5.xml:2630 sssd-ldap.5.xml:2648 sssd-ad.5.xml:227
+#: sssd-ad.5.xml:341 sssd-ad.5.xml:885 sssd-krb5.5.xml:499
+#: sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
 msgid "Default: true"
 msgstr ""
 
@@ -316,8 +317,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:146 sssd.conf.5.xml:540 sssd.conf.5.xml:721
-#: sssd.conf.5.xml:1407 sssd.conf.5.xml:2925 sssd-ldap.5.xml:708
+#: sssd.conf.5.xml:146 sssd.conf.5.xml:540 sssd.conf.5.xml:722
+#: sssd.conf.5.xml:1424 sssd.conf.5.xml:2983 sssd-ldap.5.xml:708
 #: sssd-ldap.5.xml:1714 sssd-ldap.5.xml:1733 sssd-ldap.5.xml:1909
 #: sssd-ldap.5.xml:2335 sssd-ipa.5.xml:151 sssd-ipa.5.xml:238
 #: sssd-ipa.5.xml:559 sssd-krb5.5.xml:266 sssd-krb5.5.xml:300
@@ -351,7 +352,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:169 sssd.conf.5.xml:1359 sssd.conf.5.xml:2941
+#: sssd.conf.5.xml:169 sssd.conf.5.xml:1376 sssd.conf.5.xml:2999
 #: sssd-ldap.5.xml:1585 include/ldap_id_mapping.xml:264
 msgid "Default: 10"
 msgstr "Noklusējuma: 10"
@@ -367,7 +368,7 @@ msgid "The [sssd] section"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:191 sssd.conf.5.xml:3030
+#: sssd.conf.5.xml:191 sssd.conf.5.xml:3088
 msgid "Section parameters"
 msgstr ""
 
@@ -415,19 +416,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231 sssd.conf.5.xml:613
+#: sssd.conf.5.xml:231 sssd.conf.5.xml:614
 msgid "reconnection_retries (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:234 sssd.conf.5.xml:616
+#: sssd.conf.5.xml:234 sssd.conf.5.xml:617
 msgid ""
 "Number of times services should attempt to reconnect in the event of a Data "
 "Provider crash or restart before they give up"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:239 sssd.conf.5.xml:621
+#: sssd.conf.5.xml:239 sssd.conf.5.xml:622
 msgid "Default: 3"
 msgstr ""
 
@@ -447,7 +448,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:259 sssd.conf.5.xml:2539
+#: sssd.conf.5.xml:259 sssd.conf.5.xml:2597
 msgid "re_expression (string)"
 msgstr ""
 
@@ -467,12 +468,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:276 sssd.conf.5.xml:2590
+#: sssd.conf.5.xml:276 sssd.conf.5.xml:2648
 msgid "full_name_format (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:279 sssd.conf.5.xml:2593
+#: sssd.conf.5.xml:279 sssd.conf.5.xml:2651
 msgid ""
 "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
 "manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -480,39 +481,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:290 sssd.conf.5.xml:2604
+#: sssd.conf.5.xml:290 sssd.conf.5.xml:2662
 msgid "%1$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:291 sssd.conf.5.xml:2605
+#: sssd.conf.5.xml:291 sssd.conf.5.xml:2663
 msgid "user name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:294 sssd.conf.5.xml:2608
+#: sssd.conf.5.xml:294 sssd.conf.5.xml:2666
 msgid "%2$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:297 sssd.conf.5.xml:2611
+#: sssd.conf.5.xml:297 sssd.conf.5.xml:2669
 msgid "domain name as specified in the SSSD config file."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:303 sssd.conf.5.xml:2617
+#: sssd.conf.5.xml:303 sssd.conf.5.xml:2675
 msgid "%3$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:306 sssd.conf.5.xml:2620
+#: sssd.conf.5.xml:306 sssd.conf.5.xml:2678
 msgid ""
 "domain flat name. Mostly usable for Active Directory domains, both directly "
 "configured or discovered via IPA trusts."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:287 sssd.conf.5.xml:2601
+#: sssd.conf.5.xml:287 sssd.conf.5.xml:2659
 msgid ""
 "The following expansions are supported: <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
@@ -636,9 +637,9 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:418 sssd.conf.5.xml:1163 sssd-ldap.5.xml:679
+#: sssd.conf.5.xml:418 sssd.conf.5.xml:1165 sssd-ldap.5.xml:679
 #: sssd-ldap.5.xml:1319 sssd-ldap.5.xml:1673 sssd-ldap.5.xml:1685
-#: sssd-ldap.5.xml:1767 sssd-ad.5.xml:687 sssd-ad.5.xml:762 sssd.8.xml:126
+#: sssd-ldap.5.xml:1767 sssd-ad.5.xml:690 sssd-ad.5.xml:765 sssd.8.xml:126
 #: sssd-krb5.5.xml:410 sssd-krb5.5.xml:556 sssd-secrets.5.xml:339
 #: sssd-secrets.5.xml:377 sssd-secrets.5.xml:390 sssd-secrets.5.xml:404
 #: sssd-secrets.5.xml:415 include/ldap_id_mapping.xml:205
@@ -816,21 +817,22 @@ msgstr ""
 #: sssd.conf.5.xml:563
 msgid ""
 "Please, note that when this option is set the output format of all commands "
-"is always fully-qualified even when using short names for input.  In case "
-"the administrator wants the output not fully-qualified, the full_name_format "
-"option can be used as shown below: <quote>full_name_format=%1$s</quote> "
-"However, keep in mind that during login, login applications often "
-"canonicalize the username by calling <citerefentry> <refentrytitle>getpwnam</"
-"refentrytitle> <manvolnum>3</manvolnum> </citerefentry> which, if a "
-"shortname is returned for a qualified input (while trying to reach a user "
-"which exists in multiple domains) might re-route the login attempt into the "
-"domain which users shortnames, making this workaround totally not "
-"recommended in cases where usernames may overlap between domains."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587 sssd.conf.5.xml:1371 sssd.conf.5.xml:2991
-#: sssd-ad.5.xml:161 sssd-ad.5.xml:299 sssd-ad.5.xml:313
+"is always fully-qualified even when using short names for input, for all "
+"users but the ones managed by the files provider.  In case the administrator "
+"wants the output not fully-qualified, the full_name_format option can be "
+"used as shown below: <quote>full_name_format=%1$s</quote> However, keep in "
+"mind that during login, login applications often canonicalize the username "
+"by calling <citerefentry> <refentrytitle>getpwnam</refentrytitle> "
+"<manvolnum>3</manvolnum> </citerefentry> which, if a shortname is returned "
+"for a qualified input (while trying to reach a user which exists in multiple "
+"domains) might re-route the login attempt into the domain which uses "
+"shortnames, making this workaround totally not recommended in cases where "
+"usernames may overlap between domains."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:588 sssd.conf.5.xml:1388 sssd.conf.5.xml:3049
+#: sssd-ad.5.xml:164 sssd-ad.5.xml:302 sssd-ad.5.xml:316
 msgid "Default: Not set"
 msgstr ""
 
@@ -846,12 +848,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:598
+#: sssd.conf.5.xml:599
 msgid "SERVICES SECTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:600
+#: sssd.conf.5.xml:601
 msgid ""
 "Settings that can be used to configure different services are described in "
 "this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -860,22 +862,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:607
+#: sssd.conf.5.xml:608
 msgid "General service configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:609
+#: sssd.conf.5.xml:610
 msgid "These options can be used to configure any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:626
+#: sssd.conf.5.xml:627
 msgid "fd_limit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:629
+#: sssd.conf.5.xml:630
 msgid ""
 "This option specifies the maximum number of file descriptors that may be "
 "opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -885,17 +887,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:638
+#: sssd.conf.5.xml:639
 msgid "Default: 8192 (or limits.conf \"hard\" limit)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:643
+#: sssd.conf.5.xml:644
 msgid "client_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:646
+#: sssd.conf.5.xml:647
 msgid ""
 "This option specifies the number of seconds that a client of an SSSD process "
 "can hold onto a file descriptor without communicating on it. This value is "
@@ -905,18 +907,18 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:655 sssd.conf.5.xml:687 sssd.conf.5.xml:968
-#: sssd.conf.5.xml:1229 sssd-ldap.5.xml:1412
+#: sssd.conf.5.xml:656 sssd.conf.5.xml:688 sssd.conf.5.xml:970
+#: sssd.conf.5.xml:1231 sssd-ldap.5.xml:1412
 msgid "Default: 60"
 msgstr "Noklusējuma: 60"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:660
+#: sssd.conf.5.xml:661
 msgid "offline_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:663
+#: sssd.conf.5.xml:664
 msgid ""
 "When SSSD switches to offline mode the amount of time before it tries to go "
 "back online will increase based upon the time spent disconnected.  This "
@@ -924,24 +926,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:670
+#: sssd.conf.5.xml:671
 msgid "offline_timeout + random_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:673
+#: sssd.conf.5.xml:674
 msgid ""
 "The random offset can increment up to 30 seconds.  After each unsuccessful "
 "attempt to go online, the new interval is recalculated by the following:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:678
+#: sssd.conf.5.xml:679
 msgid "new_interval = old_interval*2 + random_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:681
+#: sssd.conf.5.xml:682
 msgid ""
 "Note that the maximum length of each interval is currently limited to one "
 "hour. If the calculated length of new_interval is greater than an hour, it "
@@ -949,12 +951,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:692
+#: sssd.conf.5.xml:693
 msgid "responder_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:695
+#: sssd.conf.5.xml:696
 msgid ""
 "This option specifies the number of seconds that an SSSD responder process "
 "can be up without being used. This value is limited in order to avoid "
@@ -966,58 +968,58 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:709 sssd.conf.5.xml:981 sssd.conf.5.xml:1566
+#: sssd.conf.5.xml:710 sssd.conf.5.xml:983 sssd.conf.5.xml:1616
 #: sssd-ldap.5.xml:722
 msgid "Default: 300"
 msgstr "Noklusējuma: 300"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:714
+#: sssd.conf.5.xml:715
 msgid "cache_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:717
+#: sssd.conf.5.xml:718
 msgid ""
 "This option specifies whether the responder should query all caches before "
 "querying the Data Providers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:729
+#: sssd.conf.5.xml:730
 msgid "NSS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:731
+#: sssd.conf.5.xml:732
 msgid ""
 "These options can be used to configure the Name Service Switch (NSS) service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:736
+#: sssd.conf.5.xml:737
 msgid "enum_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:739
+#: sssd.conf.5.xml:740
 msgid ""
 "How many seconds should nss_sss cache enumerations (requests for info about "
 "all users)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:743
+#: sssd.conf.5.xml:744
 msgid "Default: 120"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:748
+#: sssd.conf.5.xml:749
 msgid "entry_cache_nowait_percentage (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:751
+#: sssd.conf.5.xml:752
 msgid ""
 "The entry cache can be set to automatically update entries in the background "
 "if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -1025,7 +1027,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:757
+#: sssd.conf.5.xml:758
 msgid ""
 "For example, if the domain's entry_cache_timeout is set to 30s and "
 "entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -1035,7 +1037,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:767
+#: sssd.conf.5.xml:768
 msgid ""
 "Valid values for this option are 0-99 and represent a percentage of the "
 "entry_cache_timeout for each domain. For performance reasons, this "
@@ -1044,17 +1046,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:775 sssd.conf.5.xml:1428
+#: sssd.conf.5.xml:776 sssd.conf.5.xml:1445
 msgid "Default: 50"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:780
+#: sssd.conf.5.xml:781
 msgid "entry_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:784
 msgid ""
 "Specifies for how many seconds nss_sss should cache negative cache hits "
 "(that is, queries for invalid database entries, like nonexistent ones)  "
@@ -1062,34 +1064,37 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:789 sssd.conf.5.xml:1452
+#: sssd.conf.5.xml:790 sssd.conf.5.xml:1469
 msgid "Default: 15"
 msgstr "Noklusējuma: 15"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:794
+#: sssd.conf.5.xml:795
 msgid "local_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:797
+#: sssd.conf.5.xml:798
 msgid ""
 "Specifies for how many seconds nss_sss should keep local users and groups in "
-"negative cache before trying to look it up in the back end again."
+"negative cache before trying to look it up in the back end again. Setting "
+"the option to 0 disables this feature."
 msgstr ""
 
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:802 sssd.conf.5.xml:1217 sssd.conf.5.xml:2846 sssd.8.xml:79
-msgid "Default: 0"
-msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:804
+#, fuzzy
+#| msgid "Default: 86400 (24 hours)"
+msgid "Default: 14400 (4 hours)"
+msgstr "Noklusējuma: 86400 (24 stundas)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:807
+#: sssd.conf.5.xml:809
 msgid "filter_users, filter_groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:810
+#: sssd.conf.5.xml:812
 msgid ""
 "Exclude certain users or groups from being fetched from the sss NSS "
 "database. This is particularly useful for system accounts. This option can "
@@ -1098,7 +1103,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:817
+#: sssd.conf.5.xml:819
 msgid ""
 "NOTE: The filter_groups option doesn't affect inheritance of nested group "
 "members, since filtering happens after they are propagated for returning via "
@@ -1107,41 +1112,41 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:825
+#: sssd.conf.5.xml:827
 msgid "Default: root"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:830
+#: sssd.conf.5.xml:832
 msgid "filter_users_in_groups (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:833
+#: sssd.conf.5.xml:835
 msgid ""
 "If you want filtered user still be group members set this option to false."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:844
+#: sssd.conf.5.xml:846
 msgid "fallback_homedir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:849
 msgid ""
 "Set a default template for a user's home directory if one is not specified "
 "explicitly by the domain's data provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:852
+#: sssd.conf.5.xml:854
 msgid ""
 "The available values for this option are the same as for override_homedir."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:858
+#: sssd.conf.5.xml:860
 #, no-wrap
 msgid ""
 "fallback_homedir = /home/%u\n"
@@ -1149,23 +1154,23 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:856 sssd.conf.5.xml:1296 sssd.conf.5.xml:1315
+#: sssd.conf.5.xml:858 sssd.conf.5.xml:1298 sssd.conf.5.xml:1317
 #: sssd-krb5.5.xml:539 include/override_homedir.xml:59
 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:862
+#: sssd.conf.5.xml:864
 msgid "Default: not set (no substitution for unset home directories)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:870
 msgid "override_shell (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:873
 msgid ""
 "Override the login shell for all users. This option supersedes any other "
 "shell options if it takes effect and can be set either in the [nss] section "
@@ -1173,47 +1178,47 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:877
+#: sssd.conf.5.xml:879
 msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:883
+#: sssd.conf.5.xml:885
 msgid "allowed_shells (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:886
+#: sssd.conf.5.xml:888
 msgid ""
 "Restrict user shell to one of the listed values. The order of evaluation is:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:889
+#: sssd.conf.5.xml:891
 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:895
 msgid ""
 "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
 "quote>, use the value of the shell_fallback parameter."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:898
+#: sssd.conf.5.xml:900
 msgid ""
 "3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
 "shells</quote>, a nologin shell is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:903
+#: sssd.conf.5.xml:905
 msgid "The wildcard (*) can be used to allow any shell."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:906
+#: sssd.conf.5.xml:908
 msgid ""
 "The (*) is useful if you want to use shell_fallback in case that user's "
 "shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -1221,112 +1226,112 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:913
+#: sssd.conf.5.xml:915
 msgid "An empty string for shell is passed as-is to libc."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:918
 msgid ""
 "The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
 "that a restart of the SSSD is required in case a new shell is installed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:920
+#: sssd.conf.5.xml:922
 msgid "Default: Not set. The user shell is automatically used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:925
+#: sssd.conf.5.xml:927
 msgid "vetoed_shells (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:928
+#: sssd.conf.5.xml:930
 msgid "Replace any instance of these shells with the shell_fallback"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:933
+#: sssd.conf.5.xml:935
 msgid "shell_fallback (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:936
+#: sssd.conf.5.xml:938
 msgid ""
 "The default shell to use if an allowed shell is not installed on the machine."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
+#: sssd.conf.5.xml:942
 msgid "Default: /bin/sh"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:945
+#: sssd.conf.5.xml:947
 msgid "default_shell"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:950
 msgid ""
 "The default shell to use if the provider does not return one during lookup. "
 "This option can be specified globally in the [nss] section or per-domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:956
 msgid ""
 "Default: not set (Return NULL if no shell is specified and rely on libc to "
 "substitute something sensible when necessary, usually /bin/sh)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:961 sssd.conf.5.xml:1222
+#: sssd.conf.5.xml:963 sssd.conf.5.xml:1224
 msgid "get_domains_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:964 sssd.conf.5.xml:1225
+#: sssd.conf.5.xml:966 sssd.conf.5.xml:1227
 msgid ""
 "Specifies time in seconds for which the list of subdomains will be "
 "considered valid."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:973
+#: sssd.conf.5.xml:975
 msgid "memcache_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:976
+#: sssd.conf.5.xml:978
 msgid ""
 "Specifies time in seconds for which records in the in-memory cache will be "
 "valid. Setting this option to zero will disable the in-memory cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:984
+#: sssd.conf.5.xml:986
 msgid ""
 "WARNING: Disabling the in-memory cache will have significant negative impact "
 "on SSSD's performance and should only be used for testing."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:990
+#: sssd.conf.5.xml:992
 msgid ""
 "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
 "client applications will not use the fast in-memory cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:998 sssd-ifp.5.xml:74
+#: sssd.conf.5.xml:1000 sssd-ifp.5.xml:74
 msgid "user_attributes (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1001
+#: sssd.conf.5.xml:1003
 msgid ""
 "Some of the additional NSS responder requests can return more attributes "
 "than just the POSIX ones defined by the NSS interface. The list of "
@@ -1337,96 +1342,96 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1014
+#: sssd.conf.5.xml:1016
 msgid ""
 "To make configuration more easy the NSS responder will check the InfoPipe "
 "option if it is not set for the NSS responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1019
+#: sssd.conf.5.xml:1021
 msgid "Default: not set, fallback to InfoPipe option"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1026
 msgid "pwfield (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1029
 msgid ""
 "The value that NSS operations that return users or groups will return for "
 "the <quote>password</quote> field."
 msgstr ""
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:1032 include/override_homedir.xml:56
+#: sssd.conf.5.xml:1034 include/override_homedir.xml:56
 msgid "This option can also be set per-domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1035
+#: sssd.conf.5.xml:1037
 msgid ""
 "Default: <quote>*</quote> (remote domains)  or <quote>x</quote> (the files "
 "domain)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1043
+#: sssd.conf.5.xml:1045
 msgid "PAM configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1047
 msgid ""
 "These options can be used to configure the Pluggable Authentication Module "
 "(PAM) service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1050
+#: sssd.conf.5.xml:1052
 msgid "offline_credentials_expiration (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1053
+#: sssd.conf.5.xml:1055
 msgid ""
 "If the authentication provider is offline, how long should we allow cached "
 "logins (in days since the last successful online login)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1058 sssd.conf.5.xml:1071
+#: sssd.conf.5.xml:1060 sssd.conf.5.xml:1073
 msgid "Default: 0 (No limit)"
 msgstr "Noklusējuma: 0 (bez ierobežojuma)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1064
+#: sssd.conf.5.xml:1066
 msgid "offline_failed_login_attempts (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1067
+#: sssd.conf.5.xml:1069
 msgid ""
 "If the authentication provider is offline, how many failed login attempts "
 "are allowed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1077
+#: sssd.conf.5.xml:1079
 msgid "offline_failed_login_delay (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1080
+#: sssd.conf.5.xml:1082
 msgid ""
 "The time in minutes which has to pass after offline_failed_login_attempts "
 "has been reached before a new login attempt is possible."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1085
+#: sssd.conf.5.xml:1087
 msgid ""
 "If set to 0 the user cannot authenticate offline if "
 "offline_failed_login_attempts has been reached. Only a successful online "
@@ -1434,59 +1439,59 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1091 sssd.conf.5.xml:1189
+#: sssd.conf.5.xml:1093 sssd.conf.5.xml:1191
 msgid "Default: 5"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1097
+#: sssd.conf.5.xml:1099
 msgid "pam_verbosity (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1100
+#: sssd.conf.5.xml:1102
 msgid ""
 "Controls what kind of messages are shown to the user during authentication. "
 "The higher the number to more messages are displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1105
+#: sssd.conf.5.xml:1107
 msgid "Currently sssd supports the following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1108
+#: sssd.conf.5.xml:1110
 msgid "<emphasis>0</emphasis>: do not show any message"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1111
+#: sssd.conf.5.xml:1113
 msgid "<emphasis>1</emphasis>: show only important messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1115
+#: sssd.conf.5.xml:1117
 msgid "<emphasis>2</emphasis>: show informational messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1118
+#: sssd.conf.5.xml:1120
 msgid "<emphasis>3</emphasis>: show all messages and debug information"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1122 sssd.8.xml:63
+#: sssd.conf.5.xml:1124 sssd.8.xml:63
 msgid "Default: 1"
 msgstr "Noklusējuma: 1"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1128
+#: sssd.conf.5.xml:1130
 msgid "pam_response_filter (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1131
+#: sssd.conf.5.xml:1133
 msgid ""
 "A comma separated list of strings which allows to remove (filter) data sent "
 "by the PAM responder to pam_sss PAM module. There are different kind of "
@@ -1495,61 +1500,61 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1139
+#: sssd.conf.5.xml:1141
 msgid ""
 "While messages already can be controlled with the help of the pam_verbosity "
 "option this option allows to filter out other kind of responses as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1148
 msgid "ENV"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1147
+#: sssd.conf.5.xml:1149
 msgid "Do not send any environment variables to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1150
+#: sssd.conf.5.xml:1152
 msgid "ENV:var_name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1151
+#: sssd.conf.5.xml:1153
 msgid "Do not send environment variable var_name to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1155
+#: sssd.conf.5.xml:1157
 msgid "ENV:var_name:service"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1156
+#: sssd.conf.5.xml:1158
 msgid "Do not send environment variable var_name to service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1144
+#: sssd.conf.5.xml:1146
 msgid ""
 "Currently the following filters are supported: <placeholder type="
 "\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1166
+#: sssd.conf.5.xml:1168
 msgid "Example: ENV:KRB5CCNAME:sudo-i"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1174
 msgid "pam_id_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1175
+#: sssd.conf.5.xml:1177
 msgid ""
 "For any PAM request while SSSD is online, the SSSD will attempt to "
 "immediately update the cached identity information for the user in order to "
@@ -1557,7 +1562,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1181
+#: sssd.conf.5.xml:1183
 msgid ""
 "A complete PAM conversation may perform multiple PAM requests, such as "
 "account management and session opening. This option controls (on a per-"
@@ -1566,17 +1571,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1195
+#: sssd.conf.5.xml:1197
 msgid "pam_pwd_expiration_warning (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1198 sssd.conf.5.xml:2028
+#: sssd.conf.5.xml:1200 sssd.conf.5.xml:2078
 msgid "Display a warning N days before the password expires."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1201
+#: sssd.conf.5.xml:1203
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -1584,26 +1589,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1207 sssd.conf.5.xml:2031
+#: sssd.conf.5.xml:1209 sssd.conf.5.xml:2081
 msgid ""
 "If zero is set, then this filter is not applied, i.e. if the expiration "
 "warning was received from backend server, it will automatically be displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1212
+#: sssd.conf.5.xml:1214
 msgid ""
 "This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
 "emphasis> for a particular domain."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1219 sssd.conf.5.xml:2904 sssd.8.xml:79
+msgid "Default: 0"
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1234
+#: sssd.conf.5.xml:1236
 msgid "pam_trusted_users (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1237
+#: sssd.conf.5.xml:1239
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to run PAM conversations against trusted domains.  Users not "
@@ -1613,74 +1623,74 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1247
+#: sssd.conf.5.xml:1249
 msgid "Default: All users are considered trusted by default"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1251
+#: sssd.conf.5.xml:1253
 msgid ""
 "Please note that UID 0 is always allowed to access the PAM responder even in "
 "case it is not in the pam_trusted_users list."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1258
+#: sssd.conf.5.xml:1260
 msgid "pam_public_domains (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1261
+#: sssd.conf.5.xml:1263
 msgid ""
 "Specifies the comma-separated list of domain names that are accessible even "
 "to untrusted users."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1265
+#: sssd.conf.5.xml:1267
 msgid "Two special values for pam_public_domains option are defined:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1269
+#: sssd.conf.5.xml:1271
 msgid ""
 "all (Untrusted users are allowed to access all domains in PAM responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1273
+#: sssd.conf.5.xml:1275
 msgid ""
 "none (Untrusted users are not allowed to access any domains PAM in "
 "responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1277 sssd.conf.5.xml:1302 sssd.conf.5.xml:1321
-#: sssd.conf.5.xml:1825 sssd.conf.5.xml:2782 sssd-ldap.5.xml:1968
+#: sssd.conf.5.xml:1279 sssd.conf.5.xml:1304 sssd.conf.5.xml:1323
+#: sssd.conf.5.xml:1875 sssd.conf.5.xml:2840 sssd-ldap.5.xml:1968
 msgid "Default: none"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1282
+#: sssd.conf.5.xml:1284
 msgid "pam_account_expired_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1285
+#: sssd.conf.5.xml:1287
 msgid ""
 "Allows a custom expiration message to be set, replacing the default "
 "'Permission denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1290
+#: sssd.conf.5.xml:1292
 msgid ""
 "Note: Please be aware that message is only printed for the SSH service "
 "unless pam_verbosity is set to 3 (show all messages and debug information)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1298
+#: sssd.conf.5.xml:1300
 #, no-wrap
 msgid ""
 "pam_account_expired_message = Account expired, please contact help desk.\n"
@@ -1688,19 +1698,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1307
+#: sssd.conf.5.xml:1309
 msgid "pam_account_locked_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1310
+#: sssd.conf.5.xml:1312
 msgid ""
 "Allows a custom lockout message to be set, replacing the default 'Permission "
 "denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1317
+#: sssd.conf.5.xml:1319
 #, no-wrap
 msgid ""
 "pam_account_locked_message = Account locked, please contact help desk.\n"
@@ -1708,12 +1718,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1326
+#: sssd.conf.5.xml:1328
 msgid "pam_cert_auth (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1329
+#: sssd.conf.5.xml:1331
 msgid ""
 "Enable certificate based Smartcard authentication.  Since this requires "
 "additional communication with the Smartcard which will delay the "
@@ -1721,58 +1731,82 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1335 sssd.conf.5.xml:2875 sssd-ldap.5.xml:1087
+#: sssd.conf.5.xml:1337 sssd.conf.5.xml:2933 sssd-ldap.5.xml:1087
 #: sssd-ldap.5.xml:1114 sssd-ldap.5.xml:1514 sssd-ldap.5.xml:1535
 #: sssd-ldap.5.xml:2041 include/ldap_id_mapping.xml:244
 msgid "Default: False"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1340
+#: sssd.conf.5.xml:1342
 msgid "pam_cert_db_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1343
+#: sssd.conf.5.xml:1345
 msgid ""
 "The path to the certificate database which contain the PKCS#11 modules to "
 "access the Smartcard."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1347
-msgid "Default: /etc/pki/nssdb (NSS version)"
+#: sssd.conf.5.xml:1349 sssd.conf.5.xml:1534
+#, fuzzy
+#| msgid "Default: 1"
+msgid "Default:"
+msgstr "Noklusējuma: 1"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:1351 sssd.conf.5.xml:1536
+msgid "/etc/pki/nssdb (NSS version, path to a NSS database)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:1354 sssd.conf.5.xml:1539
+msgid ""
+"/etc/sssd/pki/sssd_auth_ca_db.pem (OpenSSL version, path to a file with "
+"trusted CA certificates in PEM format)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1361 sssd.conf.5.xml:1546
+msgid "This man page was generated for the NSS version."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1364 sssd.conf.5.xml:1549
+msgid "This man page was generated for the OpenSSL version."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1352
+#: sssd.conf.5.xml:1369
 msgid "p11_child_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1355
+#: sssd.conf.5.xml:1372
 msgid "How many seconds will pam_sss wait for p11_child to finish."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1364
+#: sssd.conf.5.xml:1381
 msgid "pam_app_services (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1367
+#: sssd.conf.5.xml:1384
 msgid ""
 "Which PAM services are permitted to contact domains of type "
 "<quote>application</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1380
+#: sssd.conf.5.xml:1397
 msgid "SUDO configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1382
+#: sssd.conf.5.xml:1399
 msgid ""
 "These options can be used to configure the sudo service.  The detailed "
 "instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -1783,26 +1817,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1399
+#: sssd.conf.5.xml:1416
 msgid "sudo_timed (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1402
+#: sssd.conf.5.xml:1419
 msgid ""
 "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
 "that implement time-dependent sudoers entries."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1414
-#, fuzzy
-#| msgid "timeout (integer)"
+#: sssd.conf.5.xml:1431
 msgid "sudo_threshold (integer)"
-msgstr "noildze (vesels skaitlis)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1417
+#: sssd.conf.5.xml:1434
 msgid ""
 "Maximum number of expired rules that can be refreshed at once. If number of "
 "expired rules is below threshold, those rules are refreshed with "
@@ -1812,22 +1844,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1436
+#: sssd.conf.5.xml:1453
 msgid "AUTOFS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1438
+#: sssd.conf.5.xml:1455
 msgid "These options can be used to configure the autofs service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1442
+#: sssd.conf.5.xml:1459
 msgid "autofs_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1445
+#: sssd.conf.5.xml:1462
 msgid ""
 "Specifies for how many seconds should the autofs responder negative cache "
 "hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1835,68 +1867,77 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1461
+#: sssd.conf.5.xml:1478
 msgid "SSH configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1463
+#: sssd.conf.5.xml:1480
 msgid "These options can be used to configure the SSH service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1467
+#: sssd.conf.5.xml:1484
 msgid "ssh_hash_known_hosts (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1470
+#: sssd.conf.5.xml:1487
 msgid ""
 "Whether or not to hash host names and addresses in the managed known_hosts "
 "file."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1479
+#: sssd.conf.5.xml:1496
 msgid "ssh_known_hosts_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1482
+#: sssd.conf.5.xml:1499
 msgid ""
 "How many seconds to keep a host in the managed known_hosts file after its "
 "host keys were requested."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1486
+#: sssd.conf.5.xml:1503
 msgid "Default: 180"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1491
-msgid "ca_db (string)"
+#: sssd.conf.5.xml:1508
+msgid "ssh_use_certificate_keys (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1494
+#: sssd.conf.5.xml:1511
 msgid ""
-"Path to a storage of trusted CA certificates. The option is used to validate "
-"user certificates before deriving public ssh keys from them."
+"If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh "
+"keys derived from the public key of X.509 certificates stored in the user "
+"entry as well. See <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</"
+"refentrytitle> <manvolnum>1</manvolnum> </citerefentry> for details."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1526
+msgid "ca_db (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1499
-msgid "Default: /etc/pki/nssdb"
+#: sssd.conf.5.xml:1529
+msgid ""
+"Path to a storage of trusted CA certificates. The option is used to validate "
+"user certificates before deriving public ssh keys from them."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1507
+#: sssd.conf.5.xml:1557
 msgid "PAC responder configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1509
+#: sssd.conf.5.xml:1559
 msgid ""
 "The PAC responder works together with the authorization data plugin for MIT "
 "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -1907,7 +1948,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1518
+#: sssd.conf.5.xml:1568
 msgid ""
 "If the remote user does not exist in the cache, it is created. The UID is "
 "determined with the help of the SID, trusted domains will have UPGs and the "
@@ -1918,24 +1959,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1526
+#: sssd.conf.5.xml:1576
 msgid ""
 "If there are SIDs of groups from domains sssd knows about, the user will be "
 "added to those groups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1532
+#: sssd.conf.5.xml:1582
 msgid "These options can be used to configure the PAC responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1536 sssd-ifp.5.xml:50
+#: sssd.conf.5.xml:1586 sssd-ifp.5.xml:50
 msgid "allowed_uids (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1539
+#: sssd.conf.5.xml:1589
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -1943,12 +1984,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1545
+#: sssd.conf.5.xml:1595
 msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1549
+#: sssd.conf.5.xml:1599
 msgid ""
 "Please note that although the UID 0 is used as the default it will be "
 "overwritten with this option. If you still want to allow the root user to "
@@ -1957,24 +1998,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1558
+#: sssd.conf.5.xml:1608
 msgid "pac_lifetime (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1561
+#: sssd.conf.5.xml:1611
 msgid ""
 "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
 "data can be used to determine the group memberships of a user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1574
+#: sssd.conf.5.xml:1624
 msgid "Session recording configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1576
+#: sssd.conf.5.xml:1626
 msgid ""
 "Session recording works in conjunction with <citerefentry> "
 "<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </"
@@ -1984,68 +2025,66 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1589
+#: sssd.conf.5.xml:1639
 msgid "These options can be used to configure session recording."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1593 sssd-session-recording.5.xml:64
+#: sssd.conf.5.xml:1643 sssd-session-recording.5.xml:64
 msgid "scope (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1600 sssd-session-recording.5.xml:71
+#: sssd.conf.5.xml:1650 sssd-session-recording.5.xml:71
 msgid "\"none\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1603 sssd-session-recording.5.xml:74
+#: sssd.conf.5.xml:1653 sssd-session-recording.5.xml:74
 msgid "No users are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1608 sssd-session-recording.5.xml:79
+#: sssd.conf.5.xml:1658 sssd-session-recording.5.xml:79
 msgid "\"some\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1611 sssd-session-recording.5.xml:82
+#: sssd.conf.5.xml:1661 sssd-session-recording.5.xml:82
 msgid ""
 "Users/groups specified by <replaceable>users</replaceable> and "
 "<replaceable>groups</replaceable> options are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1620 sssd-session-recording.5.xml:91
+#: sssd.conf.5.xml:1670 sssd-session-recording.5.xml:91
 msgid "\"all\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1623 sssd-session-recording.5.xml:94
+#: sssd.conf.5.xml:1673 sssd-session-recording.5.xml:94
 msgid "All users are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1596 sssd-session-recording.5.xml:67
+#: sssd.conf.5.xml:1646 sssd-session-recording.5.xml:67
 msgid ""
 "One of the following strings specifying the scope of session recording: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1630 sssd-session-recording.5.xml:101
-#, fuzzy
-#| msgid "Default: 1"
+#: sssd.conf.5.xml:1680 sssd-session-recording.5.xml:101
 msgid "Default: \"none\""
-msgstr "Noklusējuma: 1"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1635 sssd-session-recording.5.xml:106
+#: sssd.conf.5.xml:1685 sssd-session-recording.5.xml:106
 msgid "users (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1638 sssd-session-recording.5.xml:109
+#: sssd.conf.5.xml:1688 sssd-session-recording.5.xml:109
 msgid ""
 "A comma-separated list of users which should have session recording enabled. "
 "Matches user names as returned by NSS. I.e. after the possible space "
@@ -2053,17 +2092,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1644 sssd-session-recording.5.xml:115
+#: sssd.conf.5.xml:1694 sssd-session-recording.5.xml:115
 msgid "Default: Empty. Matches no users."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1649 sssd-session-recording.5.xml:120
+#: sssd.conf.5.xml:1699 sssd-session-recording.5.xml:120
 msgid "groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1652 sssd-session-recording.5.xml:123
+#: sssd.conf.5.xml:1702 sssd-session-recording.5.xml:123
 msgid ""
 "A comma-separated list of groups, members of which should have session "
 "recording enabled. Matches group names as returned by NSS. I.e. after the "
@@ -2071,7 +2110,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1658 sssd-session-recording.5.xml:129
+#: sssd.conf.5.xml:1708 sssd-session-recording.5.xml:129
 msgid ""
 "NOTE: using this option (having it set to anything) has a considerable "
 "performance cost, because each uncached request for a user requires "
@@ -2079,22 +2118,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1665 sssd-session-recording.5.xml:136
+#: sssd.conf.5.xml:1715 sssd-session-recording.5.xml:136
 msgid "Default: Empty. Matches no groups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1675
+#: sssd.conf.5.xml:1725
 msgid "DOMAIN SECTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1682
+#: sssd.conf.5.xml:1732
 msgid "domain_type (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1685
+#: sssd.conf.5.xml:1735
 msgid ""
 "Specifies whether the domain is meant to be used by POSIX-aware clients such "
 "as the Name Service Switch or by applications that do not need POSIX data to "
@@ -2103,14 +2142,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1693
+#: sssd.conf.5.xml:1743
 msgid ""
 "Allowed values for this option are <quote>posix</quote> and "
 "<quote>application</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1697
+#: sssd.conf.5.xml:1747
 msgid ""
 "POSIX domains are reachable by all services. Application domains are only "
 "reachable from the InfoPipe responder (see <citerefentry> "
@@ -2119,38 +2158,38 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1705
+#: sssd.conf.5.xml:1755
 msgid ""
 "NOTE: The application domains are currently well tested with "
 "<quote>id_provider=ldap</quote> only."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1709
+#: sssd.conf.5.xml:1759
 msgid ""
 "For an easy way to configure a non-POSIX domains, please see the "
 "<quote>Application domains</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1713
+#: sssd.conf.5.xml:1763
 msgid "Default: posix"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1719
+#: sssd.conf.5.xml:1769
 msgid "min_id,max_id (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1722
+#: sssd.conf.5.xml:1772
 msgid ""
 "UID and GID limits for the domain. If a domain contains an entry that is "
 "outside these limits, it is ignored."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1727
+#: sssd.conf.5.xml:1777
 msgid ""
 "For users, this affects the primary GID limit. The user will not be returned "
 "to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -2159,24 +2198,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1734
+#: sssd.conf.5.xml:1784
 msgid ""
 "These ID limits affect even saving entries to cache, not only returning them "
 "by name or ID."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1738
+#: sssd.conf.5.xml:1788
 msgid "Default: 1 for min_id, 0 (no limit) for max_id"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1744
+#: sssd.conf.5.xml:1794
 msgid "enumerate (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1747
+#: sssd.conf.5.xml:1797
 msgid ""
 "Determines if a domain can be enumerated, that is, whether the domain can "
 "list all the users and group it contains. Note that it is not required to "
@@ -2185,29 +2224,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1755
+#: sssd.conf.5.xml:1805
 msgid "TRUE = Users and groups are enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1758
+#: sssd.conf.5.xml:1808
 msgid "FALSE = No enumerations for this domain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1761 sssd.conf.5.xml:1983 sssd.conf.5.xml:2150
+#: sssd.conf.5.xml:1811 sssd.conf.5.xml:2033 sssd.conf.5.xml:2208
 msgid "Default: FALSE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1764
+#: sssd.conf.5.xml:1814
 msgid ""
 "Enumerating a domain requires SSSD to download and store ALL user and group "
 "entries from the remote server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1769
+#: sssd.conf.5.xml:1819
 msgid ""
 "Note: Enabling enumeration has a moderate performance impact on SSSD while "
 "enumeration is running. It may take up to several minutes after SSSD startup "
@@ -2221,14 +2260,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1784
+#: sssd.conf.5.xml:1834
 msgid ""
 "While the first enumeration is running, requests for the complete user or "
 "group lists may return no results until it completes."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1789
+#: sssd.conf.5.xml:1839
 msgid ""
 "Further, enabling enumeration may increase the time necessary to detect "
 "network disconnection, as longer timeouts are required to ensure that "
@@ -2237,39 +2276,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1797
+#: sssd.conf.5.xml:1847
 msgid ""
 "For the reasons cited above, enabling enumeration is not recommended, "
 "especially in large environments."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1805
+#: sssd.conf.5.xml:1855
 msgid "subdomain_enumerate (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1812
+#: sssd.conf.5.xml:1862
 msgid "all"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1813
+#: sssd.conf.5.xml:1863
 msgid "All discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1816
+#: sssd.conf.5.xml:1866
 msgid "none"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1817
+#: sssd.conf.5.xml:1867
 msgid "No discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1808
+#: sssd.conf.5.xml:1858
 msgid ""
 "Whether any of autodetected trusted domains should be enumerated. The "
 "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -2278,19 +2317,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1831
+#: sssd.conf.5.xml:1881
 msgid "entry_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1834
+#: sssd.conf.5.xml:1884
 msgid ""
 "How many seconds should nss_sss consider entries valid before asking the "
 "backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1838
+#: sssd.conf.5.xml:1888
 msgid ""
 "The cache expiration timestamps are stored as attributes of individual "
 "objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -2301,151 +2340,151 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1851
+#: sssd.conf.5.xml:1901
 msgid "Default: 5400"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1857
+#: sssd.conf.5.xml:1907
 msgid "entry_cache_user_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1860
+#: sssd.conf.5.xml:1910
 msgid ""
 "How many seconds should nss_sss consider user entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1864 sssd.conf.5.xml:1877 sssd.conf.5.xml:1890
-#: sssd.conf.5.xml:1903 sssd.conf.5.xml:1916 sssd.conf.5.xml:1930
-#: sssd.conf.5.xml:1944
+#: sssd.conf.5.xml:1914 sssd.conf.5.xml:1927 sssd.conf.5.xml:1940
+#: sssd.conf.5.xml:1953 sssd.conf.5.xml:1966 sssd.conf.5.xml:1980
+#: sssd.conf.5.xml:1994
 msgid "Default: entry_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1870
+#: sssd.conf.5.xml:1920
 msgid "entry_cache_group_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1873
+#: sssd.conf.5.xml:1923
 msgid ""
 "How many seconds should nss_sss consider group entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1883
+#: sssd.conf.5.xml:1933
 msgid "entry_cache_netgroup_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1886
+#: sssd.conf.5.xml:1936
 msgid ""
 "How many seconds should nss_sss consider netgroup entries valid before "
 "asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1896
+#: sssd.conf.5.xml:1946
 msgid "entry_cache_service_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1899
+#: sssd.conf.5.xml:1949
 msgid ""
 "How many seconds should nss_sss consider service entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1909
+#: sssd.conf.5.xml:1959
 msgid "entry_cache_sudo_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:1962
 msgid ""
 "How many seconds should sudo consider rules valid before asking the backend "
 "again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1922
+#: sssd.conf.5.xml:1972
 msgid "entry_cache_autofs_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1925
+#: sssd.conf.5.xml:1975
 msgid ""
 "How many seconds should the autofs service consider automounter maps valid "
 "before asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1936
+#: sssd.conf.5.xml:1986
 msgid "entry_cache_ssh_host_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1939
+#: sssd.conf.5.xml:1989
 msgid ""
 "How many seconds to keep a host ssh key after refresh. IE how long to cache "
 "the host key for."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1950
+#: sssd.conf.5.xml:2000
 msgid "refresh_expired_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1953
+#: sssd.conf.5.xml:2003
 msgid ""
 "Specifies how many seconds SSSD has to wait before triggering a background "
 "refresh task which will refresh all expired or nearly expired records."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1958
+#: sssd.conf.5.xml:2008
 msgid ""
 "The background refresh will process users, groups and netgroups in the cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1962
+#: sssd.conf.5.xml:2012
 msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1966 sssd-ldap.5.xml:746 sssd-ipa.5.xml:254
+#: sssd.conf.5.xml:2016 sssd-ldap.5.xml:746 sssd-ipa.5.xml:254
 msgid "Default: 0 (disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1972
+#: sssd.conf.5.xml:2022
 msgid "cache_credentials (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1975
+#: sssd.conf.5.xml:2025
 msgid "Determines if user credentials are also cached in the local LDB cache"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1979
+#: sssd.conf.5.xml:2029
 msgid "User credentials are stored in a SHA512 hash, not in plaintext"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1989
+#: sssd.conf.5.xml:2039
 msgid "cache_credentials_minimal_first_factor_length (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1992
+#: sssd.conf.5.xml:2042
 msgid ""
 "If 2-Factor-Authentication (2FA) is used and credentials should be saved "
 "this value determines the minimal length the first authentication factor "
@@ -2453,24 +2492,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1999
+#: sssd.conf.5.xml:2049
 msgid ""
 "This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
 "the cache which would make them easy targets for brute-force attacks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2004
+#: sssd.conf.5.xml:2054
 msgid "Default: 8"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2010
+#: sssd.conf.5.xml:2060
 msgid "account_cache_expiration (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2013
+#: sssd.conf.5.xml:2063
 msgid ""
 "Number of days entries are left in cache after last successful login before "
 "being removed during a cleanup of the cache. 0 means keep forever.  The "
@@ -2479,17 +2518,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2020
+#: sssd.conf.5.xml:2070
 msgid "Default: 0 (unlimited)"
 msgstr "Noklusējuma: 0 (neierobežots)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2025
+#: sssd.conf.5.xml:2075
 msgid "pwd_expiration_warning (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2036
+#: sssd.conf.5.xml:2086
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -2498,33 +2537,42 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2043
+#: sssd.conf.5.xml:2093
 msgid "Default: 7 (Kerberos), 0 (LDAP)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2049
+#: sssd.conf.5.xml:2099
 msgid "id_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2052
+#: sssd.conf.5.xml:2102
 msgid ""
 "The identification provider used for the domain.  Supported ID providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2056
-msgid "<quote>proxy</quote>: Support a legacy NSS provider"
+#: sssd.conf.5.xml:2106
+msgid "<quote>proxy</quote>: Support a legacy NSS provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2059 sssd.conf.5.xml:2196
-msgid "<quote>local</quote>: SSSD internal provider for local users"
+#: sssd.conf.5.xml:2109
+msgid ""
+"<quote>local</quote>: SSSD internal provider for local users (DEPRECATED)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2063
+#: sssd.conf.5.xml:2113
+msgid ""
+"<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-"
+"files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
+"information on how to mirror local users and groups into SSSD."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2121
 msgid ""
 "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
 "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -2532,8 +2580,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2071 sssd.conf.5.xml:2176 sssd.conf.5.xml:2231
-#: sssd.conf.5.xml:2294
+#: sssd.conf.5.xml:2129 sssd.conf.5.xml:2234 sssd.conf.5.xml:2289
+#: sssd.conf.5.xml:2352
 msgid ""
 "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
 "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -2542,8 +2590,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2080 sssd.conf.5.xml:2185 sssd.conf.5.xml:2240
-#: sssd.conf.5.xml:2303
+#: sssd.conf.5.xml:2138 sssd.conf.5.xml:2243 sssd.conf.5.xml:2298
+#: sssd.conf.5.xml:2361
 msgid ""
 "<quote>ad</quote>: Active Directory provider. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2551,19 +2599,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2091
+#: sssd.conf.5.xml:2149
 msgid "use_fully_qualified_names (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2094
+#: sssd.conf.5.xml:2152
 msgid ""
 "Use the full name and domain (as formatted by the domain's full_name_format) "
 "as the user's login name reported to NSS."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2099
+#: sssd.conf.5.xml:2157
 msgid ""
 "If set to TRUE, all requests to this domain must use fully qualified names. "
 "For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -2572,7 +2620,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2107
+#: sssd.conf.5.xml:2165
 msgid ""
 "NOTE: This option has no effect on netgroup lookups due to their tendency to "
 "include nested netgroups without qualified names. For netgroups, all domains "
@@ -2580,22 +2628,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2114
+#: sssd.conf.5.xml:2172
 msgid "Default: FALSE (TRUE if default_domain_suffix is used)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2120
+#: sssd.conf.5.xml:2178
 msgid "ignore_group_members (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2123
+#: sssd.conf.5.xml:2181
 msgid "Do not return group members for group lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2126
+#: sssd.conf.5.xml:2184
 msgid ""
 "If set to TRUE, the group membership attribute is not requested from the "
 "ldap server, and group members are not returned when processing group lookup "
@@ -2607,7 +2655,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2144
+#: sssd.conf.5.xml:2202
 msgid ""
 "Enabling this option can also make access provider checks for group "
 "membership significantly faster, especially for groups containing many "
@@ -2615,19 +2663,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2155
+#: sssd.conf.5.xml:2213
 msgid "auth_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2158
+#: sssd.conf.5.xml:2216
 msgid ""
 "The authentication provider used for the domain.  Supported auth providers "
 "are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2162 sssd.conf.5.xml:2224
+#: sssd.conf.5.xml:2220 sssd.conf.5.xml:2282
 msgid ""
 "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2635,7 +2683,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2169
+#: sssd.conf.5.xml:2227
 msgid ""
 "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2643,30 +2691,35 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2193
+#: sssd.conf.5.xml:2251
 msgid ""
 "<quote>proxy</quote> for relaying authentication to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2200
+#: sssd.conf.5.xml:2254
+msgid "<quote>local</quote>: SSSD internal provider for local users"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2258
 msgid "<quote>none</quote> disables authentication explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2203
+#: sssd.conf.5.xml:2261
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "authentication requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2209
+#: sssd.conf.5.xml:2267
 msgid "access_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2212
+#: sssd.conf.5.xml:2270
 msgid ""
 "The access control provider used for the domain.  There are two built-in "
 "access providers (in addition to any included in installed backends)  "
@@ -2674,19 +2727,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2218
+#: sssd.conf.5.xml:2276
 msgid ""
 "<quote>permit</quote> always allow access. It's the only permitted access "
 "provider for a local domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2221
+#: sssd.conf.5.xml:2279
 msgid "<quote>deny</quote> always deny access."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2248
+#: sssd.conf.5.xml:2306
 msgid ""
 "<quote>simple</quote> access control based on access or deny lists. See "
 "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -2695,7 +2748,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2255
+#: sssd.conf.5.xml:2313
 msgid ""
 "<quote>krb5</quote>: .k5login based access control.  See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
@@ -2703,29 +2756,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2262
+#: sssd.conf.5.xml:2320
 msgid "<quote>proxy</quote> for relaying access control to another PAM module."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2265
+#: sssd.conf.5.xml:2323
 msgid "Default: <quote>permit</quote>"
 msgstr "Noklusējuma: <quote>atļaut</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2270
+#: sssd.conf.5.xml:2328
 msgid "chpass_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2273
+#: sssd.conf.5.xml:2331
 msgid ""
 "The provider which should handle change password operations for the domain.  "
 "Supported change password providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2278
+#: sssd.conf.5.xml:2336
 msgid ""
 "<quote>ldap</quote> to change a password stored in a LDAP server. See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -2733,7 +2786,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2286
+#: sssd.conf.5.xml:2344
 msgid ""
 "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2741,35 +2794,35 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2311
+#: sssd.conf.5.xml:2369
 msgid ""
 "<quote>proxy</quote> for relaying password changes to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2315
+#: sssd.conf.5.xml:2373
 msgid "<quote>none</quote> disallows password changes explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2318
+#: sssd.conf.5.xml:2376
 msgid ""
 "Default: <quote>auth_provider</quote> is used if it is set and can handle "
 "change password requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2325
+#: sssd.conf.5.xml:2383
 msgid "sudo_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2328
+#: sssd.conf.5.xml:2386
 msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2332
+#: sssd.conf.5.xml:2390
 msgid ""
 "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2777,32 +2830,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2340
+#: sssd.conf.5.xml:2398
 msgid ""
 "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2344
+#: sssd.conf.5.xml:2402
 msgid ""
 "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2348
+#: sssd.conf.5.xml:2406
 msgid "<quote>none</quote> disables SUDO explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2351 sssd.conf.5.xml:2437 sssd.conf.5.xml:2507
-#: sssd.conf.5.xml:2532
+#: sssd.conf.5.xml:2409 sssd.conf.5.xml:2495 sssd.conf.5.xml:2565
+#: sssd.conf.5.xml:2590
 msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2355
+#: sssd.conf.5.xml:2413
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -2813,7 +2866,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2370
+#: sssd.conf.5.xml:2428
 msgid ""
 "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the "
 "background unless the sudo provider is explicitly disabled. Set "
@@ -2822,12 +2875,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2380
+#: sssd.conf.5.xml:2438
 msgid "selinux_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2383
+#: sssd.conf.5.xml:2441
 msgid ""
 "The provider which should handle loading of selinux settings. Note that this "
 "provider will be called right after access provider ends.  Supported selinux "
@@ -2835,7 +2888,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2389
+#: sssd.conf.5.xml:2447
 msgid ""
 "<quote>ipa</quote> to load selinux settings from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2843,31 +2896,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2397
+#: sssd.conf.5.xml:2455
 msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2400
+#: sssd.conf.5.xml:2458
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "selinux loading requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2406
+#: sssd.conf.5.xml:2464
 msgid "subdomains_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2409
+#: sssd.conf.5.xml:2467
 msgid ""
 "The provider which should handle fetching of subdomains. This value should "
 "be always the same as id_provider.  Supported subdomain providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2415
+#: sssd.conf.5.xml:2473
 msgid ""
 "<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2875,7 +2928,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2424
+#: sssd.conf.5.xml:2482
 msgid ""
 "<quote>ad</quote> to load a list of subdomains from an Active Directory "
 "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -2884,17 +2937,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2433
+#: sssd.conf.5.xml:2491
 msgid "<quote>none</quote> disallows fetching subdomains explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2443
+#: sssd.conf.5.xml:2501
 msgid "session_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2446
+#: sssd.conf.5.xml:2504
 msgid ""
 "The provider which configures and manages user session related tasks. The "
 "only user session task currently provided is the integration with Fleet "
@@ -2902,43 +2955,43 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2453
+#: sssd.conf.5.xml:2511
 msgid "<quote>ipa</quote> to allow performing user session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2457
+#: sssd.conf.5.xml:2515
 msgid ""
 "<quote>none</quote> does not perform any kind of user session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2461
+#: sssd.conf.5.xml:2519
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can perform "
 "session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2465
+#: sssd.conf.5.xml:2523
 msgid ""
 "<emphasis>NOTE:</emphasis> In order to have this feature working as expected "
 "SSSD must be running as \"root\" and not as the unprivileged user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2473
+#: sssd.conf.5.xml:2531
 msgid "autofs_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2476
+#: sssd.conf.5.xml:2534
 msgid ""
 "The autofs provider used for the domain.  Supported autofs providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2480
+#: sssd.conf.5.xml:2538
 msgid ""
 "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2946,7 +2999,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2487
+#: sssd.conf.5.xml:2545
 msgid ""
 "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
 "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2954,7 +3007,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2495
+#: sssd.conf.5.xml:2553
 msgid ""
 "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2962,24 +3015,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2504
+#: sssd.conf.5.xml:2562
 msgid "<quote>none</quote> disables autofs explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2514
+#: sssd.conf.5.xml:2572
 msgid "hostid_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2517
+#: sssd.conf.5.xml:2575
 msgid ""
 "The provider used for retrieving host identity information.  Supported "
 "hostid providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2521
+#: sssd.conf.5.xml:2579
 msgid ""
 "<quote>ipa</quote> to load host identity stored in an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2987,12 +3040,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2529
+#: sssd.conf.5.xml:2587
 msgid "<quote>none</quote> disables hostid explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2542
+#: sssd.conf.5.xml:2600
 msgid ""
 "Regular expression for this domain that describes how to parse the string "
 "containing user name and domain into these components.  The \"domain\" can "
@@ -3002,7 +3055,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2551
+#: sssd.conf.5.xml:2609
 msgid ""
 "Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
 "\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -3011,29 +3064,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2556
+#: sssd.conf.5.xml:2614
 msgid "username"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2559
+#: sssd.conf.5.xml:2617
 msgid "username@domain.name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2562
+#: sssd.conf.5.xml:2620
 msgid "domain\\username"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2565
+#: sssd.conf.5.xml:2623
 msgid ""
 "While the first two correspond to the general default the third one is "
 "introduced to allow easy integration of users from Windows domains."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2570
+#: sssd.conf.5.xml:2628
 msgid ""
 "Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
 "which translates to \"the name is everything up to the <quote>@</quote> "
@@ -3041,7 +3094,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2576
+#: sssd.conf.5.xml:2634
 msgid ""
 "PLEASE NOTE: the support for non-unique named subpatterns is not available "
 "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -3049,66 +3102,66 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2583
+#: sssd.conf.5.xml:2641
 msgid ""
 "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
 "P&lt;name&gt;) to label subpatterns."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2630
+#: sssd.conf.5.xml:2688
 msgid "Default: <quote>%1$s@%2$s</quote>."
 msgstr "Noklusējuma: <quote>%1$s@%2$s</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2636
+#: sssd.conf.5.xml:2694
 msgid "lookup_family_order (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2639
+#: sssd.conf.5.xml:2697
 msgid ""
 "Provides the ability to select preferred address family to use when "
 "performing DNS lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2643
+#: sssd.conf.5.xml:2701
 msgid "Supported values:"
 msgstr "Atbalstītās vērtības:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2646
+#: sssd.conf.5.xml:2704
 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2649
+#: sssd.conf.5.xml:2707
 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2652
+#: sssd.conf.5.xml:2710
 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2655
+#: sssd.conf.5.xml:2713
 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2658
+#: sssd.conf.5.xml:2716
 msgid "Default: ipv4_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2664
+#: sssd.conf.5.xml:2722
 msgid "dns_resolver_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2667
+#: sssd.conf.5.xml:2725
 msgid ""
 "Defines the amount of time (in seconds) to wait for a reply from the "
 "internal fail over service before assuming that the service is unreachable. "
@@ -3117,77 +3170,77 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2674
+#: sssd.conf.5.xml:2732
 msgid ""
 "Please see the section <quote>FAILOVER</quote> for more information about "
 "the service resolution."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2679 sssd-ldap.5.xml:1396 sssd-ldap.5.xml:1438
+#: sssd.conf.5.xml:2737 sssd-ldap.5.xml:1396 sssd-ldap.5.xml:1438
 #: sssd-ldap.5.xml:1456 sssd-krb5.5.xml:248
 msgid "Default: 6"
 msgstr "Noklusējuma: 6"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2685
+#: sssd.conf.5.xml:2743
 msgid "dns_discovery_domain (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2688
+#: sssd.conf.5.xml:2746
 msgid ""
 "If service discovery is used in the back end, specifies the domain part of "
 "the service discovery DNS query."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2692
+#: sssd.conf.5.xml:2750
 msgid "Default: Use the domain part of machine's hostname"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2698
+#: sssd.conf.5.xml:2756
 msgid "override_gid (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2701
+#: sssd.conf.5.xml:2759
 msgid "Override the primary GID value with the one specified."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2707
+#: sssd.conf.5.xml:2765
 msgid "case_sensitive (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2715
+#: sssd.conf.5.xml:2773
 msgid "True"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2718
+#: sssd.conf.5.xml:2776
 msgid "Case sensitive. This value is invalid for AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2724
+#: sssd.conf.5.xml:2782
 msgid "False"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2726
+#: sssd.conf.5.xml:2784
 msgid "Case insensitive."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2730
+#: sssd.conf.5.xml:2788
 msgid "Preserving"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2733
+#: sssd.conf.5.xml:2791
 msgid ""
 "Same as False (case insensitive), but does not lowercase names in the result "
 "of NSS operations. Note that name aliases (and in case of services also "
@@ -3195,7 +3248,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2710
+#: sssd.conf.5.xml:2768
 msgid ""
 "Treat user and group names as case sensitive. At the moment, this option is "
 "not supported in the local provider. Possible option values are: "
@@ -3203,17 +3256,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2745
+#: sssd.conf.5.xml:2803
 msgid "Default: True (False for AD provider)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2751
+#: sssd.conf.5.xml:2809
 msgid "subdomain_inherit (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2754
+#: sssd.conf.5.xml:2812
 msgid ""
 "Specifies a list of configuration parameters that should be inherited by a "
 "subdomain. Please note that only selected parameters can be inherited.  "
@@ -3221,34 +3274,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2760
+#: sssd.conf.5.xml:2818
 msgid "ignore_group_members"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2763
+#: sssd.conf.5.xml:2821
 msgid "ldap_purge_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2766 sssd-ldap.5.xml:1120
+#: sssd.conf.5.xml:2824 sssd-ldap.5.xml:1120
 msgid "ldap_use_tokengroups"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2769
+#: sssd.conf.5.xml:2827
 msgid "ldap_user_principal"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2772
+#: sssd.conf.5.xml:2830
 msgid ""
 "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
 "is not set explicitly)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:2778
+#: sssd.conf.5.xml:2836
 #, no-wrap
 msgid ""
 "subdomain_inherit = ldap_purge_cache_timeout\n"
@@ -3256,32 +3309,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2776 sssd-secrets.5.xml:448
+#: sssd.conf.5.xml:2834 sssd-secrets.5.xml:448
 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2785
+#: sssd.conf.5.xml:2843
 msgid "Note: This option only works with the IPA and AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2792
+#: sssd.conf.5.xml:2850
 msgid "subdomain_homedir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2803
+#: sssd.conf.5.xml:2861
 msgid "%F"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2804
+#: sssd.conf.5.xml:2862
 msgid "flat (NetBIOS) name of a subdomain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2795
+#: sssd.conf.5.xml:2853
 msgid ""
 "Use this homedir as default value for all subdomains within this domain in "
 "IPA AD trust.  See <emphasis>override_homedir</emphasis> for info about "
@@ -3291,34 +3344,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2809
+#: sssd.conf.5.xml:2867
 msgid ""
 "The value can be overridden by <emphasis>override_homedir</emphasis> option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2813
+#: sssd.conf.5.xml:2871
 msgid "Default: <filename>/home/%d/%u</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2818
+#: sssd.conf.5.xml:2876
 msgid "realmd_tags (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2821
+#: sssd.conf.5.xml:2879
 msgid ""
 "Various tags stored by the realmd configuration service for this domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2827
+#: sssd.conf.5.xml:2885
 msgid "cached_auth_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2830
+#: sssd.conf.5.xml:2888
 msgid ""
 "Specifies time in seconds since last successful online authentication for "
 "which user will be authenticated using cached credentials while SSSD is in "
@@ -3326,12 +3379,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2836
+#: sssd.conf.5.xml:2894
 msgid "Special value 0 implies that this feature is disabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2840
+#: sssd.conf.5.xml:2898
 msgid ""
 "Please note that if <quote>cached_auth_timeout</quote> is longer than "
 "<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -3339,26 +3392,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2851
+#: sssd.conf.5.xml:2909
 msgid "auto_private_groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2854
+#: sssd.conf.5.xml:2912
 msgid ""
 "If this option is enabled, SSSD will automatically create user private "
 "groups based on user's UID number. The GID number is ignored in this case."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2859
+#: sssd.conf.5.xml:2917
 msgid ""
 "For POSIX subdomains, setting the option in the main domain is inherited in "
 "the subdomain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2863
+#: sssd.conf.5.xml:2921
 msgid ""
 "For ID-mapping subdomains, auto_private_groups is already enabled for the "
 "subdomains and setting it to false will not have any effect for the "
@@ -3366,7 +3419,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2868
+#: sssd.conf.5.xml:2926
 msgid ""
 "NOTE: Because the GID number and the user private group are inferred from "
 "the UID number, it is not supported to have multiple entries with the same "
@@ -3375,7 +3428,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1677
+#: sssd.conf.5.xml:1727
 msgid ""
 "These configuration options can be present in a domain configuration "
 "section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -3383,29 +3436,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2887
+#: sssd.conf.5.xml:2945
 msgid "proxy_pam_target (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2890
+#: sssd.conf.5.xml:2948
 msgid "The proxy target PAM proxies to."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2893
+#: sssd.conf.5.xml:2951
 msgid ""
 "Default: not set by default, you have to take an existing pam configuration "
 "or create a new one and add the service name here."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2901
+#: sssd.conf.5.xml:2959
 msgid "proxy_lib_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2904
+#: sssd.conf.5.xml:2962
 msgid ""
 "The name of the NSS library to use in proxy domains. The NSS functions "
 "searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -3413,12 +3466,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2914
+#: sssd.conf.5.xml:2972
 msgid "proxy_fast_alias (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2917
+#: sssd.conf.5.xml:2975
 msgid ""
 "When a user or group is looked up by name in the proxy provider, a second "
 "lookup by ID is performed to \"canonicalize\" the name in case the requested "
@@ -3427,12 +3480,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2931
+#: sssd.conf.5.xml:2989
 msgid "proxy_max_children (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2934
+#: sssd.conf.5.xml:2992
 msgid ""
 "This option specifies the number of pre-forked proxy children. It is useful "
 "for high-load SSSD environments where sssd may run out of available child "
@@ -3440,19 +3493,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2883
+#: sssd.conf.5.xml:2941
 msgid ""
 "Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
 "\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2950
+#: sssd.conf.5.xml:3008
 msgid "Application domains"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2952
+#: sssd.conf.5.xml:3010
 msgid ""
 "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</"
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to "
@@ -3469,7 +3522,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2972
+#: sssd.conf.5.xml:3030
 msgid ""
 "Please note that the application domain must still be explicitly enabled in "
 "the <quote>domains</quote> parameter so that the lookup order between the "
@@ -3477,17 +3530,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:2978
+#: sssd.conf.5.xml:3036
 msgid "Application domain parameters"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2980
+#: sssd.conf.5.xml:3038
 msgid "inherit_from (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2983
+#: sssd.conf.5.xml:3041
 msgid ""
 "The SSSD POSIX-type domain the application domain inherits all settings "
 "from. The application domain can moreover add its own settings to the "
@@ -3496,7 +3549,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2997
+#: sssd.conf.5.xml:3055
 msgid ""
 "The following example illustrates the use of an application domain. In this "
 "setup, the POSIX domain is connected to an LDAP server and is used by the OS "
@@ -3506,7 +3559,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting>
-#: sssd.conf.5.xml:3005
+#: sssd.conf.5.xml:3063
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -3526,12 +3579,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:3023
+#: sssd.conf.5.xml:3081
 msgid "The local domain section"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:3025
+#: sssd.conf.5.xml:3083
 msgid ""
 "This section contains settings for domain that stores users and groups in "
 "SSSD native database, that is, a domain that uses "
@@ -3539,73 +3592,73 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3032
+#: sssd.conf.5.xml:3090
 msgid "default_shell (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3035
+#: sssd.conf.5.xml:3093
 msgid "The default shell for users created with SSSD userspace tools."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3039
+#: sssd.conf.5.xml:3097
 msgid "Default: <filename>/bin/bash</filename>"
 msgstr "Noklusējuma: <filename>/bin/bash</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3044
+#: sssd.conf.5.xml:3102
 msgid "base_directory (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3047
+#: sssd.conf.5.xml:3105
 msgid ""
 "The tools append the login name to <replaceable>base_directory</replaceable> "
 "and use that as the home directory."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3052
+#: sssd.conf.5.xml:3110
 msgid "Default: <filename>/home</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3057
+#: sssd.conf.5.xml:3115
 msgid "create_homedir (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3060
+#: sssd.conf.5.xml:3118
 msgid ""
 "Indicate if a home directory should be created by default for new users.  "
 "Can be overridden on command line."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3064 sssd.conf.5.xml:3076
+#: sssd.conf.5.xml:3122 sssd.conf.5.xml:3134
 msgid "Default: TRUE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3069
+#: sssd.conf.5.xml:3127
 msgid "remove_homedir (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3072
+#: sssd.conf.5.xml:3130
 msgid ""
 "Indicate if a home directory should be removed by default for deleted "
 "users.  Can be overridden on command line."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3081
+#: sssd.conf.5.xml:3139
 msgid "homedir_umask (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3084
+#: sssd.conf.5.xml:3142
 msgid ""
 "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
 "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -3613,17 +3666,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3092
+#: sssd.conf.5.xml:3150
 msgid "Default: 077"
 msgstr "Noklusējuma: 077"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3097
+#: sssd.conf.5.xml:3155
 msgid "skel_dir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3100
+#: sssd.conf.5.xml:3158
 msgid ""
 "The skeleton directory, which contains files and directories to be copied in "
 "the user's home directory, when the home directory is created by "
@@ -3632,17 +3685,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3110
+#: sssd.conf.5.xml:3168
 msgid "Default: <filename>/etc/skel</filename>"
 msgstr "Noklusējuma: <filename>/etc/skel</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3115
+#: sssd.conf.5.xml:3173
 msgid "mail_dir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3118
+#: sssd.conf.5.xml:3176
 msgid ""
 "The mail spool directory. This is needed to manipulate the mailbox when its "
 "corresponding user account is modified or deleted.  If not specified, a "
@@ -3650,17 +3703,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3125
+#: sssd.conf.5.xml:3183
 msgid "Default: <filename>/var/mail</filename>"
 msgstr "Noklusējuma: <filename>/var/mail</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3130
+#: sssd.conf.5.xml:3188
 msgid "userdel_cmd (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3133
+#: sssd.conf.5.xml:3191
 msgid ""
 "The command that is run after a user is removed.  The command us passed the "
 "username of the user being removed as the first and only parameter. The "
@@ -3668,17 +3721,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3139
+#: sssd.conf.5.xml:3197
 msgid "Default: None, no command is run"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:3149
+#: sssd.conf.5.xml:3207
 msgid "TRUSTED DOMAIN SECTION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3151
+#: sssd.conf.5.xml:3209
 msgid ""
 "Some options used in the domain section can also be used in the trusted "
 "domain section, that is, in a section called <quote>[domain/"
@@ -3689,64 +3742,64 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3158
+#: sssd.conf.5.xml:3216
 msgid "ldap_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3159
+#: sssd.conf.5.xml:3217
 msgid "ldap_user_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3160
+#: sssd.conf.5.xml:3218
 msgid "ldap_group_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3161
+#: sssd.conf.5.xml:3219
 msgid "ldap_netgroup_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3162
+#: sssd.conf.5.xml:3220
 msgid "ldap_service_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3163
+#: sssd.conf.5.xml:3221
 msgid "ad_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3164
+#: sssd.conf.5.xml:3222
 msgid "ad_backup_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3165
+#: sssd.conf.5.xml:3223
 msgid "ad_site,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3166
+#: sssd.conf.5.xml:3224
 msgid "use_fully_qualified_names"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3168
+#: sssd.conf.5.xml:3226
 msgid ""
 "For more details about these options see their individual description in the "
 "manual page."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:3174 idmap_sss.8.xml:43
+#: sssd.conf.5.xml:3232 idmap_sss.8.xml:43
 msgid "EXAMPLES"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:3180
+#: sssd.conf.5.xml:3238
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -3776,7 +3829,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3176
+#: sssd.conf.5.xml:3234
 msgid ""
 "1. The following example shows a typical SSSD config. It does not describe "
 "configuration of the domains themselves - refer to documentation on "
@@ -3785,7 +3838,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:3213
+#: sssd.conf.5.xml:3271
 #, no-wrap
 msgid ""
 "[domain/ipa.com/child.ad.com]\n"
@@ -3793,7 +3846,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3207
+#: sssd.conf.5.xml:3265
 msgid ""
 "2. The following example shows configuration of IPA AD trust where the AD "
 "forest consists of two domains in a parent-child structure.  Suppose IPA "
@@ -3841,7 +3894,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:81 sssd-ad.5.xml:112
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:81 sssd-ad.5.xml:115
 #: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44 sssd-files.5.xml:57
 #: sssd-secrets.5.xml:120 sssd-session-recording.5.xml:58 sssd-kcm.8.xml:139
 msgid "CONFIGURATION OPTIONS"
@@ -3942,7 +3995,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:662 sssd-ad.5.xml:283
+#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:662 sssd-ad.5.xml:286
 #: sss_override.8.xml:137 sss_override.8.xml:234
 msgid "Examples:"
 msgstr ""
@@ -4768,10 +4821,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:855
-#, fuzzy
-#| msgid "Default: 1"
 msgid "Default: rhost"
-msgstr "Noklusējuma: 1"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:861
@@ -4785,10 +4836,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:868
-#, fuzzy
-#| msgid "Default: filter"
 msgid "Default: userCertificate;binary"
-msgstr "Noklusējuma: filtrēt"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:874
@@ -5159,10 +5208,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1248
-#, fuzzy
-#| msgid "Default: 1"
 msgid "Default: fqdn"
-msgstr "Noklusējuma: 1"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1254
@@ -5171,10 +5218,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1261
-#, fuzzy
-#| msgid "Default: /tmp"
 msgid "Default: serverHostname"
-msgstr "Noklusējuma: / tmp"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1267
@@ -5764,7 +5809,7 @@ msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1853 sssd-ad.5.xml:934
+#: sssd-ldap.5.xml:1853 sssd-ad.5.xml:937
 msgid "Default: 86400 (24 hours)"
 msgstr "Noklusējuma: 86400 (24 stundas)"
 
@@ -6308,10 +6353,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:2341 sssd-ifp.5.xml:136
-#, fuzzy
-#| msgid "timeout (integer)"
 msgid "wildcard_limit (integer)"
-msgstr "noildze (vesels skaitlis)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:2344
@@ -6838,8 +6881,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd-ldap.5.xml:2816 sssd-simple.5.xml:131 sssd-ipa.5.xml:736
-#: sssd-ad.5.xml:1038 sssd-krb5.5.xml:570 sss_rpcidmapd.5.xml:98
-#: sssd-files.5.xml:71 sssd-session-recording.5.xml:144
+#: sssd-ad.5.xml:1041 sssd-krb5.5.xml:570 sss_rpcidmapd.5.xml:98
+#: sssd-files.5.xml:103 sssd-session-recording.5.xml:144
 msgid "EXAMPLE"
 msgstr "PIEMĒRS"
 
@@ -6866,8 +6909,8 @@ msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para>
 #: sssd-ldap.5.xml:2823 sssd-ldap.5.xml:2841 sssd-simple.5.xml:139
-#: sssd-ipa.5.xml:744 sssd-ad.5.xml:1046 sssd-sudo.5.xml:56 sssd-krb5.5.xml:579
-#: sssd-files.5.xml:78 sssd-session-recording.5.xml:150
+#: sssd-ipa.5.xml:744 sssd-ad.5.xml:1049 sssd-sudo.5.xml:56 sssd-krb5.5.xml:579
+#: sssd-files.5.xml:110 sssd-session-recording.5.xml:150
 #: include/ldap_id_mapping.xml:105
 msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
@@ -6902,7 +6945,7 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd-ldap.5.xml:2857 sssd_krb5_locator_plugin.8.xml:61 sssd-simple.5.xml:148
-#: sssd-ad.5.xml:1061 sssd.8.xml:230 sss_seed.8.xml:163
+#: sssd-ad.5.xml:1064 sssd.8.xml:230 sss_seed.8.xml:163
 msgid "NOTES"
 msgstr "PIEZĪMES"
 
@@ -7313,7 +7356,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:82 sssd-ad.5.xml:113
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:82 sssd-ad.5.xml:116
 msgid ""
 "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
 "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -7410,23 +7453,24 @@ msgstr ""
 msgid ""
 "The rules are processed by priority while the number '0' (zero)  indicates "
 "the highest priority. The higher the number the lower is the priority. A "
-"missing value indicates the lowest priority."
+"missing value indicates the lowest priority. The rules processing is stopped "
+"when a matched rule is found and no further rules are checked."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:50
+#: sss-certmap.5.xml:52
 msgid ""
 "Internally the priority is treated as unsigned 32bit integer, using a "
 "priority value larger than 4294967295 will cause an error."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sss-certmap.5.xml:55
+#: sss-certmap.5.xml:57
 msgid "MATCHING RULE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:57
+#: sss-certmap.5.xml:59
 msgid ""
 "The matching rule is used to select a certificate to which the mapping rule "
 "should be applied. It uses a system similar to the one used by "
@@ -7438,12 +7482,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:69
+#: sss-certmap.5.xml:71
 msgid "&lt;SUBJECT&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:72
+#: sss-certmap.5.xml:74
 msgid ""
 "With this a part or the whole subject name of the certificate can be "
 "matched. For the matching POSIX Extended Regular Expression syntax is used, "
@@ -7451,7 +7495,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:78
+#: sss-certmap.5.xml:80
 msgid ""
 "For the matching the subject name stored in the certificate in DER encoded "
 "ASN.1 is converted into a string according to RFC 4514. This means the most "
@@ -7464,172 +7508,172 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:91
+#: sss-certmap.5.xml:93
 msgid "Example: &lt;SUBJECT&gt;.*,DC=MY,DC=DOMAIN"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:96
+#: sss-certmap.5.xml:98
 msgid "&lt;ISSUER&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:99
+#: sss-certmap.5.xml:101
 msgid ""
 "With this a part or the whole issuer name of the certificate can be matched. "
 "All comments for &lt;SUBJECT&gt; apply her as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:104
+#: sss-certmap.5.xml:106
 msgid "Example: &lt;ISSUER&gt;^CN=My-CA,DC=MY,DC=DOMAIN$"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:109
+#: sss-certmap.5.xml:111
 msgid "&lt;KU&gt;key-usage"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:112
+#: sss-certmap.5.xml:114
 msgid ""
 "This option can be used to specify which key usage values the certificate "
 "should have. The following values can be used in a comma separated list:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:116
+#: sss-certmap.5.xml:118
 msgid "digitalSignature"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:117
+#: sss-certmap.5.xml:119
 msgid "nonRepudiation"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:118
+#: sss-certmap.5.xml:120
 msgid "keyEncipherment"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:119
+#: sss-certmap.5.xml:121
 msgid "dataEncipherment"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:120
+#: sss-certmap.5.xml:122
 msgid "keyAgreement"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:121
+#: sss-certmap.5.xml:123
 msgid "keyCertSign"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:122
+#: sss-certmap.5.xml:124
 msgid "cRLSign"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:123
+#: sss-certmap.5.xml:125
 msgid "encipherOnly"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:124
+#: sss-certmap.5.xml:126
 msgid "decipherOnly"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:128
+#: sss-certmap.5.xml:130
 msgid ""
 "A numerical value in the range of a 32bit unsigned integer can be used as "
 "well to cover special use cases."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:132
+#: sss-certmap.5.xml:134
 msgid "Example: &lt;KU&gt;digitalSignature,keyEncipherment"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:137
+#: sss-certmap.5.xml:139
 msgid "&lt;EKU&gt;extended-key-usage"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:140
+#: sss-certmap.5.xml:142
 msgid ""
 "This option can be used to specify which extended key usage the certificate "
 "should have. The following value can be used in a comma separated list:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:144
+#: sss-certmap.5.xml:146
 msgid "serverAuth"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:145
+#: sss-certmap.5.xml:147
 msgid "clientAuth"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:146
+#: sss-certmap.5.xml:148
 msgid "codeSigning"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:147
+#: sss-certmap.5.xml:149
 msgid "emailProtection"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:148
+#: sss-certmap.5.xml:150
 msgid "timeStamping"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:149
+#: sss-certmap.5.xml:151
 msgid "OCSPSigning"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:150
+#: sss-certmap.5.xml:152
 msgid "KPClientAuth"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:151
+#: sss-certmap.5.xml:153
 msgid "pkinit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:152
+#: sss-certmap.5.xml:154
 msgid "msScLogin"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:156
+#: sss-certmap.5.xml:158
 msgid ""
 "Extended key usages which are not listed above can be specified with their "
 "OID in dotted-decimal notation."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:160
+#: sss-certmap.5.xml:162
 msgid "Example: &lt;EKU&gt;clientAuth,1.3.6.1.5.2.3.4"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:165
+#: sss-certmap.5.xml:167
 msgid "&lt;SAN&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:168
+#: sss-certmap.5.xml:170
 msgid ""
 "To be compatible with the usage of MIT Kerberos this option will match the "
 "Kerberos principals in the PKINIT or AD NT Principal SAN as &lt;SAN:"
@@ -7637,62 +7681,62 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:173
+#: sss-certmap.5.xml:175
 msgid "Example: &lt;SAN&gt;.*@MY\\.REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:178
+#: sss-certmap.5.xml:180
 msgid "&lt;SAN:Principal&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:181
+#: sss-certmap.5.xml:183
 msgid "Match the Kerberos principals in the PKINIT or AD NT Principal SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:185
+#: sss-certmap.5.xml:187
 msgid "Example: &lt;SAN:Principal&gt;.*@MY\\.REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:190
+#: sss-certmap.5.xml:192
 msgid "&lt;SAN:ntPrincipalName&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:193
+#: sss-certmap.5.xml:195
 msgid "Match the Kerberos principals from the AD NT Principal SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:197
+#: sss-certmap.5.xml:199
 msgid "Example: &lt;SAN:ntPrincipalName&gt;.*@MY.AD.REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:202
+#: sss-certmap.5.xml:204
 msgid "&lt;SAN:pkinit&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:205
+#: sss-certmap.5.xml:207
 msgid "Match the Kerberos principals from the PKINIT SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:208
+#: sss-certmap.5.xml:210
 msgid "Example: &lt;SAN:ntPrincipalName&gt;.*@MY\\.PKINIT\\.REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:213
+#: sss-certmap.5.xml:215
 msgid "&lt;SAN:dotted-decimal-oid&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:216
+#: sss-certmap.5.xml:218
 msgid ""
 "Take the value of the otherName SAN component given by the OID in dotted-"
 "decimal notation, interpret it as string and try to match it against the "
@@ -7700,17 +7744,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:222
+#: sss-certmap.5.xml:224
 msgid "Example: &lt;SAN:1.2.3.4&gt;test"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:227
+#: sss-certmap.5.xml:229
 msgid "&lt;SAN:otherName&gt;base64-string"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:230
+#: sss-certmap.5.xml:232
 msgid ""
 "Do a binary match with the base64 encoded blob against all otherName SAN "
 "components. With this option it is possible to match against custom "
@@ -7719,145 +7763,145 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:237
+#: sss-certmap.5.xml:239
 msgid "Example: &lt;SAN:otherName&gt;MTIz"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:242
+#: sss-certmap.5.xml:244
 msgid "&lt;SAN:rfc822Name&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:245
+#: sss-certmap.5.xml:247
 msgid "Match the value of the rfc822Name SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:248
+#: sss-certmap.5.xml:250
 msgid "Example: &lt;SAN:rfc822Name&gt;.*@email\\.domain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:253
+#: sss-certmap.5.xml:255
 msgid "&lt;SAN:dNSName&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:256
+#: sss-certmap.5.xml:258
 msgid "Match the value of the dNSName SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:259
+#: sss-certmap.5.xml:261
 msgid "Example: &lt;SAN:dNSName&gt;.*\\.my\\.dns\\.domain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:264
+#: sss-certmap.5.xml:266
 msgid "&lt;SAN:x400Address&gt;base64-string"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:267
+#: sss-certmap.5.xml:269
 msgid "Binary match the value of the x400Address SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:270
+#: sss-certmap.5.xml:272
 msgid "Example: &lt;SAN:x400Address&gt;MTIz"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:275
+#: sss-certmap.5.xml:277
 msgid "&lt;SAN:directoryName&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:278
+#: sss-certmap.5.xml:280
 msgid ""
 "Match the value of the directoryName SAN. The same comments as given for &lt;"
 "ISSUER&gt; and &lt;SUBJECT&gt; apply here as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:283
+#: sss-certmap.5.xml:285
 msgid "Example: &lt;SAN:directoryName&gt;.*,DC=com"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:288
+#: sss-certmap.5.xml:290
 msgid "&lt;SAN:ediPartyName&gt;base64-string"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:291
+#: sss-certmap.5.xml:293
 msgid "Binary match the value of the ediPartyName SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:294
+#: sss-certmap.5.xml:296
 msgid "Example: &lt;SAN:ediPartyName&gt;MTIz"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:299
+#: sss-certmap.5.xml:301
 msgid "&lt;SAN:uniformResourceIdentifier&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:302
+#: sss-certmap.5.xml:304
 msgid "Match the value of the uniformResourceIdentifier SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:305
+#: sss-certmap.5.xml:307
 msgid "Example: &lt;SAN:uniformResourceIdentifier&gt;URN:.*"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:310
+#: sss-certmap.5.xml:312
 msgid "&lt;SAN:iPAddress&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:313
+#: sss-certmap.5.xml:315
 msgid "Match the value of the iPAddress SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:316
+#: sss-certmap.5.xml:318
 msgid "Example: &lt;SAN:iPAddress&gt;192\\.168\\..*"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:321
+#: sss-certmap.5.xml:323
 msgid "&lt;SAN:registeredID&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:324
+#: sss-certmap.5.xml:326
 msgid "Match the value of the registeredID SAN as dotted-decimal string."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:328
+#: sss-certmap.5.xml:330
 msgid "Example: &lt;SAN:registeredID&gt;1\\.2\\.3\\..*"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:66
+#: sss-certmap.5.xml:68
 msgid ""
 "The available options are: <placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sss-certmap.5.xml:336
+#: sss-certmap.5.xml:338
 msgid "MAPPING RULE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:338
+#: sss-certmap.5.xml:340
 msgid ""
 "The mapping rule is used to associate a certificate with one or more "
 "accounts. A Smartcard with the certificate and the matching private key can "
@@ -7865,7 +7909,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:343
+#: sss-certmap.5.xml:345
 msgid ""
 "Currently SSSD basically only supports LDAP to lookup user information (the "
 "exception is the proxy provider which is not of relevance here). Because of "
@@ -7877,7 +7921,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:353
+#: sss-certmap.5.xml:355
 msgid ""
 "In general it is recommended to use attributes from the certificate and add "
 "them to special attributes to the LDAP user object. E.g. the "
@@ -7886,7 +7930,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:359
+#: sss-certmap.5.xml:361
 msgid ""
 "This should be preferred to read user specific data from the certificate "
 "like e.g. an email address and search for it in the LDAP server. The reason "
@@ -7896,12 +7940,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:374
+#: sss-certmap.5.xml:376
 msgid "{issuer_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:377
+#: sss-certmap.5.xml:379
 msgid ""
 "This template will add the full issuer DN converted to a string according to "
 "RFC 4514. If X.500 ordering (most specific RDN comes last) an option with "
@@ -7909,40 +7953,40 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:383 sss-certmap.5.xml:409
+#: sss-certmap.5.xml:385 sss-certmap.5.xml:411
 msgid ""
 "The conversion options starting with 'ad_' will use attribute names as used "
 "by AD, e.g. 'S' instead of 'ST'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:387 sss-certmap.5.xml:413
+#: sss-certmap.5.xml:389 sss-certmap.5.xml:415
 msgid ""
 "The conversion options starting with 'nss_' will use attribute names as used "
 "by NSS."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:391 sss-certmap.5.xml:417
+#: sss-certmap.5.xml:393 sss-certmap.5.xml:419
 msgid ""
 "The default conversion option is 'nss', i.e. attribute names according to "
 "NSS and LDAP/RFC 4514 ordering."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:395
+#: sss-certmap.5.xml:397
 msgid ""
 "Example: (ipacertmapdata=X509:&lt;I&gt;{issuer_dn!ad}&lt;S&gt;{subject_dn!"
 "ad})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:400
+#: sss-certmap.5.xml:402
 msgid "{subject_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:403
+#: sss-certmap.5.xml:405
 msgid ""
 "This template will add the full subject DN converted to string according to "
 "RFC 4514. If X.500 ordering (most specific RDN comes last) an option with "
@@ -7950,19 +7994,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:421
+#: sss-certmap.5.xml:423
 msgid ""
 "Example: (ipacertmapdata=X509:&lt;I&gt;{issuer_dn!nss_x500}&lt;S&gt;"
 "{subject_dn!nss_x500})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:426
+#: sss-certmap.5.xml:428
 msgid "{cert[!(bin|base64)]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:429
+#: sss-certmap.5.xml:431
 msgid ""
 "This template will add the whole DER encoded certificate as a string to the "
 "search filter. Depending on the conversion option the binary certificate is "
@@ -7972,17 +8016,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:437
+#: sss-certmap.5.xml:439
 msgid "Example: (userCertificate;binary={cert!bin})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:442
+#: sss-certmap.5.xml:444
 msgid "{subject_principal[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:445
+#: sss-certmap.5.xml:447
 msgid ""
 "This template will add the Kerberos principal which is taken either from the "
 "SAN used by pkinit or the one used by AD. The 'short_name' component "
@@ -7990,19 +8034,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:451 sss-certmap.5.xml:479
+#: sss-certmap.5.xml:453 sss-certmap.5.xml:481
 msgid ""
 "Example: (|(userPrincipal={subject_principal})"
 "(samAccountName={subject_principal.short_name}))"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:456
+#: sss-certmap.5.xml:458
 msgid "{subject_pkinit_principal[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:459
+#: sss-certmap.5.xml:461
 msgid ""
 "This template will add the Kerberos principal which is given by the SAN used "
 "by pkinit. The 'short_name' component represents the first part of the "
@@ -8010,19 +8054,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:465
+#: sss-certmap.5.xml:467
 msgid ""
 "Example: (|(userPrincipal={subject_pkinit_principal})"
 "(uid={subject_pkinit_principal.short_name}))"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:470
+#: sss-certmap.5.xml:472
 msgid "{subject_nt_principal[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:473
+#: sss-certmap.5.xml:475
 msgid ""
 "This template will add the Kerberos principal which is given by the SAN used "
 "by AD. The 'short_name' component represent the first part of the principal "
@@ -8030,12 +8074,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:484
+#: sss-certmap.5.xml:486
 msgid "{subject_rfc822_name[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:487
+#: sss-certmap.5.xml:489
 msgid ""
 "This template will add the string which is stored in the rfc822Name "
 "component of the SAN, typically an email address. The 'short_name' component "
@@ -8043,19 +8087,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:493
+#: sss-certmap.5.xml:495
 msgid ""
 "Example: (|(mail={subject_rfc822_name})(uid={subject_rfc822_name."
 "short_name}))"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:498
+#: sss-certmap.5.xml:500
 msgid "{subject_dns_name[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:501
+#: sss-certmap.5.xml:503
 msgid ""
 "This template will add the string which is stored in the dNSName component "
 "of the SAN, typically a fully-qualified host name.  The 'short_name' "
@@ -8063,116 +8107,116 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:507
+#: sss-certmap.5.xml:509
 msgid ""
 "Example: (|(fqdn={subject_dns_name})(host={subject_dns_name.short_name}))"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:512
+#: sss-certmap.5.xml:514
 msgid "{subject_uri}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:515
+#: sss-certmap.5.xml:517
 msgid ""
 "This template will add the string which is stored in the "
 "uniformResourceIdentifier component of the SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:519
+#: sss-certmap.5.xml:521
 msgid "Example: (uri={subject_uri})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:524
+#: sss-certmap.5.xml:526
 msgid "{subject_ip_address}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:527
+#: sss-certmap.5.xml:529
 msgid ""
 "This template will add the string which is stored in the iPAddress component "
 "of the SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:531
+#: sss-certmap.5.xml:533
 msgid "Example: (ip={subject_ip_address})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:536
+#: sss-certmap.5.xml:538
 msgid "{subject_x400_address}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:539
+#: sss-certmap.5.xml:541
 msgid ""
 "This template will add the value which is stored in the x400Address "
 "component of the SAN as escaped hex sequence."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:544
+#: sss-certmap.5.xml:546
 msgid "Example: (attr:binary={subject_x400_address})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:549
+#: sss-certmap.5.xml:551
 msgid ""
 "{subject_directory_name[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:552
+#: sss-certmap.5.xml:554
 msgid ""
 "This template will add the DN string of the value which is stored in the "
 "directoryName component of the SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:556
+#: sss-certmap.5.xml:558
 msgid "Example: (orig_dn={subject_directory_name})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:561
+#: sss-certmap.5.xml:563
 msgid "{subject_ediparty_name}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:564
+#: sss-certmap.5.xml:566
 msgid ""
 "This template will add the value which is stored in the ediPartyName "
 "component of the SAN as escaped hex sequence."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:569
+#: sss-certmap.5.xml:571
 msgid "Example: (attr:binary={subject_ediparty_name})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:574
+#: sss-certmap.5.xml:576
 msgid "{subject_registered_id}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:577
+#: sss-certmap.5.xml:579
 msgid ""
 "This template will add the OID which is stored in the registeredID component "
 "of the SAN as a dotted-decimal string."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:582
+#: sss-certmap.5.xml:584
 msgid "Example: (oid={subject_registered_id})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:367
+#: sss-certmap.5.xml:369
 msgid ""
 "The templates to add certificate data to the search filter are based on "
 "Python-style formatting strings. They consist of a keyword in curly braces "
@@ -8182,12 +8226,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sss-certmap.5.xml:590
+#: sss-certmap.5.xml:592
 msgid "DOMAIN LIST"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:592
+#: sss-certmap.5.xml:594
 msgid ""
 "If the domain list is not empty users mapped to a given certificate are not "
 "only searched in the local domain but in the listed domains as well as long "
@@ -8308,7 +8352,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:863
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:866
 msgid "dyndns_update (boolean)"
 msgstr ""
 
@@ -8323,7 +8367,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:140 sssd-ad.5.xml:877
+#: sssd-ipa.5.xml:140 sssd-ad.5.xml:880
 msgid ""
 "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
 "the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -8338,12 +8382,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:157 sssd-ad.5.xml:888
+#: sssd-ipa.5.xml:157 sssd-ad.5.xml:891
 msgid "dyndns_ttl (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:160 sssd-ad.5.xml:891
+#: sssd-ipa.5.xml:160 sssd-ad.5.xml:894
 msgid ""
 "The TTL to apply to the client DNS record when updating it.  If "
 "dyndns_update is false this has no effect. This will override the TTL "
@@ -8364,12 +8408,12 @@ msgid "Default: 1200 (seconds)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:177 sssd-ad.5.xml:902
+#: sssd-ipa.5.xml:177 sssd-ad.5.xml:905
 msgid "dyndns_iface (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:180 sssd-ad.5.xml:905
+#: sssd-ipa.5.xml:180 sssd-ad.5.xml:908
 msgid ""
 "Optional. Applicable only when dyndns_update is true. Choose the interface "
 "or a list of interfaces whose IP addresses should be used for dynamic DNS "
@@ -8393,17 +8437,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:197 sssd-ad.5.xml:916
+#: sssd-ipa.5.xml:197 sssd-ad.5.xml:919
 msgid "Example: dyndns_iface = em1, vnet1, vnet2"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:203 sssd-ad.5.xml:967
+#: sssd-ipa.5.xml:203 sssd-ad.5.xml:970
 msgid "dyndns_auth (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:206 sssd-ad.5.xml:970
+#: sssd-ipa.5.xml:206 sssd-ad.5.xml:973
 msgid ""
 "Whether the nsupdate utility should use GSS-TSIG authentication for secure "
 "updates with the DNS server, insecure updates can be sent by setting this "
@@ -8411,7 +8455,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:212 sssd-ad.5.xml:976
+#: sssd-ipa.5.xml:212 sssd-ad.5.xml:979
 msgid "Default: GSS-TSIG"
 msgstr ""
 
@@ -8421,7 +8465,7 @@ msgid "ipa_enable_dns_sites (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:221 sssd-ad.5.xml:210
+#: sssd-ipa.5.xml:221 sssd-ad.5.xml:213
 msgid "Enables DNS sites - location based service discovery."
 msgstr ""
 
@@ -8438,7 +8482,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:244 sssd-ad.5.xml:922
+#: sssd-ipa.5.xml:244 sssd-ad.5.xml:925
 msgid "dyndns_refresh_interval (integer)"
 msgstr ""
 
@@ -8451,12 +8495,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:940
+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:943
 msgid "dyndns_update_ptr (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:263 sssd-ad.5.xml:943
+#: sssd-ipa.5.xml:263 sssd-ad.5.xml:946
 msgid ""
 "Whether the PTR record should also be explicitly updated when updating the "
 "client's DNS records.  Applicable only when dyndns_update is true."
@@ -8475,50 +8519,50 @@ msgid "Default: False (disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:280 sssd-ad.5.xml:954
+#: sssd-ipa.5.xml:280 sssd-ad.5.xml:957
 msgid "dyndns_force_tcp (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:283 sssd-ad.5.xml:957
+#: sssd-ipa.5.xml:283 sssd-ad.5.xml:960
 msgid ""
 "Whether the nsupdate utility should default to using TCP for communicating "
 "with the DNS server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:287 sssd-ad.5.xml:961
+#: sssd-ipa.5.xml:287 sssd-ad.5.xml:964
 msgid "Default: False (let nsupdate choose the protocol)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:293 sssd-ad.5.xml:982
+#: sssd-ipa.5.xml:293 sssd-ad.5.xml:985
 msgid "dyndns_server (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:296 sssd-ad.5.xml:985
+#: sssd-ipa.5.xml:296 sssd-ad.5.xml:988
 msgid ""
 "The DNS server to use when performing a DNS update. In most setups, it's "
 "recommended to leave this option unset."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:301 sssd-ad.5.xml:990
+#: sssd-ipa.5.xml:301 sssd-ad.5.xml:993
 msgid ""
 "Setting this option makes sense for environments where the DNS server is "
 "different from the identity server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:306 sssd-ad.5.xml:995
+#: sssd-ipa.5.xml:306 sssd-ad.5.xml:998
 msgid ""
 "Please note that this option will be only used in fallback attempt when "
 "previous attempt using autodetected settings failed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1000
+#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1003
 msgid "Default: None (let nsupdate choose the server)"
 msgstr ""
 
@@ -8629,26 +8673,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:443 sssd-ad.5.xml:1009
+#: sssd-ipa.5.xml:443 sssd-ad.5.xml:1012
 msgid "krb5_confd_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:446 sssd-ad.5.xml:1012
+#: sssd-ipa.5.xml:446 sssd-ad.5.xml:1015
 msgid ""
 "Absolute path of a directory where SSSD should place Kerberos configuration "
 "snippets."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:450 sssd-ad.5.xml:1016
+#: sssd-ipa.5.xml:450 sssd-ad.5.xml:1019
 msgid ""
 "To disable the creation of the configuration snippets set the parameter to "
 "'none'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454 sssd-ad.5.xml:1020
+#: sssd-ipa.5.xml:454 sssd-ad.5.xml:1023
 msgid ""
 "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
 msgstr ""
@@ -8667,7 +8711,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471 sssd-ipa.5.xml:501 sssd-ipa.5.xml:517 sssd-ad.5.xml:428
+#: sssd-ipa.5.xml:471 sssd-ipa.5.xml:501 sssd-ipa.5.xml:517 sssd-ad.5.xml:431
 msgid "Default: 5 (seconds)"
 msgstr ""
 
@@ -8685,10 +8729,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:485
-#, fuzzy
-#| msgid "Default: 0 (unlimited)"
 msgid "Default: 60 (minutes)"
-msgstr "Noklusējuma: 0 (neierobežots)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:491
@@ -9089,11 +9131,13 @@ msgid ""
 "POSIX attributes are not replicated to the Global Catalog, SSSD must search "
 "all the domains in the forest sequentially. Please note that the "
 "<quote>cache_first</quote> option might be also helpful in speeding up "
-"domainless searches."
+"domainless searches.  Note that if only a subset of POSIX attributes is "
+"present in the Global Catalog, the non-replicated attributes are currently "
+"not read from the LDAP port."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:105
+#: sssd-ad.5.xml:108
 msgid ""
 "Users, groups and other entities served by SSSD are always treated as case-"
 "insensitive in the AD provider for compatibility with Active Directory's "
@@ -9101,38 +9145,38 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:120
+#: sssd-ad.5.xml:123
 msgid "ad_domain (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:123
+#: sssd-ad.5.xml:126
 msgid ""
 "Specifies the name of the Active Directory domain.  This is optional. If not "
 "provided, the configuration domain name is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:128
+#: sssd-ad.5.xml:131
 msgid ""
 "For proper operation, this option should be specified as the lower-case "
 "version of the long version of the Active Directory domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:133
+#: sssd-ad.5.xml:136
 msgid ""
 "The short domain name (also known as the NetBIOS or the flat name) is "
 "autodetected by the SSSD."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:140
+#: sssd-ad.5.xml:143
 msgid "ad_enabled_domains (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:143
+#: sssd-ad.5.xml:146
 msgid ""
 "A comma-separated list of enabled Active Directory domains.  If provided, "
 "SSSD will ignore any domains not listed in this option. If left unset, all "
@@ -9140,7 +9184,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:153
+#: sssd-ad.5.xml:156
 #, no-wrap
 msgid ""
 "ad_enabled_domains = sales.example.com, eng.example.com\n"
@@ -9148,7 +9192,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:149
+#: sssd-ad.5.xml:152
 msgid ""
 "For proper operation, this option must be specified in all lower-case and as "
 "the fully qualified domain name of the Active Directory domain. For example: "
@@ -9156,19 +9200,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:157
+#: sssd-ad.5.xml:160
 msgid ""
 "The short domain name (also known as the NetBIOS or the flat name) will be "
 "autodetected by SSSD."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:167
+#: sssd-ad.5.xml:170
 msgid "ad_server, ad_backup_server (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:170
+#: sssd-ad.5.xml:173
 msgid ""
 "The comma-separated list of hostnames of the AD servers to which SSSD should "
 "connect in order of preference. For more information on failover and server "
@@ -9176,26 +9220,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:177
+#: sssd-ad.5.xml:180
 msgid ""
 "This is optional if autodiscovery is enabled.  For more information on "
 "service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:182
+#: sssd-ad.5.xml:185
 msgid ""
 "Note: Trusted domains will always auto-discover servers even if the primary "
 "server is explicitly defined in the ad_server option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:190
+#: sssd-ad.5.xml:193
 msgid "ad_hostname (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:193
+#: sssd-ad.5.xml:196
 msgid ""
 "Optional. May be set on machines where the hostname(5) does not reflect the "
 "fully qualified name used in the Active Directory domain to identify this "
@@ -9203,19 +9247,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:199
+#: sssd-ad.5.xml:202
 msgid ""
 "This field is used to determine the host principal in use in the keytab. It "
 "must match the hostname for which the keytab was issued."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:207
+#: sssd-ad.5.xml:210
 msgid "ad_enable_dns_sites (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:214
+#: sssd-ad.5.xml:217
 msgid ""
 "If true and service discovery (see Service Discovery paragraph at the bottom "
 "of the man page)  is enabled, the SSSD will first attempt to discover the "
@@ -9226,12 +9270,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:230
+#: sssd-ad.5.xml:233
 msgid "ad_access_filter (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:233
+#: sssd-ad.5.xml:236
 msgid ""
 "This option specifies LDAP access control filter that the user must match in "
 "order to be allowed access. Please note that the <quote>access_provider</"
@@ -9240,7 +9284,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:241
+#: sssd-ad.5.xml:244
 msgid ""
 "The option also supports specifying different filters per domain or forest. "
 "This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>.  "
@@ -9249,7 +9293,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:249
+#: sssd-ad.5.xml:252
 msgid ""
 "If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</"
 "quote> specifies the domain or subdomain the filter applies to.  If the "
@@ -9258,14 +9302,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:257
+#: sssd-ad.5.xml:260
 msgid ""
 "Multiple filters can be separated with the <quote>?</quote> character, "
 "similarly to how search bases work."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:262
+#: sssd-ad.5.xml:265
 msgid ""
 "Nested group membership must be searched for using a special OID "
 "<quote>:1.2.840.113556.1.4.1941:</quote> in addition to the full DOM:domain."
@@ -9278,7 +9322,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:275
+#: sssd-ad.5.xml:278
 msgid ""
 "The most specific match is always used. For example, if the option specified "
 "filter for a domain the user is a member of and a global filter, the per-"
@@ -9287,7 +9331,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ad.5.xml:286
+#: sssd-ad.5.xml:289
 #, no-wrap
 msgid ""
 "# apply filter on domain called dom1 only:\n"
@@ -9305,24 +9349,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:305
+#: sssd-ad.5.xml:308
 msgid "ad_site (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:308
+#: sssd-ad.5.xml:311
 msgid ""
 "Specify AD site to which client should try to connect.  If this option is "
 "not provided, the AD site will be auto-discovered."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:319
+#: sssd-ad.5.xml:322
 msgid "ad_enable_gc (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:322
+#: sssd-ad.5.xml:325
 msgid ""
 "By default, the SSSD connects to the Global Catalog first to retrieve users "
 "from trusted domains and uses the LDAP port to retrieve group memberships or "
@@ -9331,7 +9375,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:330
+#: sssd-ad.5.xml:333
 msgid ""
 "Please note that disabling Global Catalog support does not disable "
 "retrieving users from trusted domains. The SSSD would connect to the LDAP "
@@ -9340,12 +9384,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:344
+#: sssd-ad.5.xml:347
 msgid "ad_gpo_access_control (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:347
+#: sssd-ad.5.xml:350
 msgid ""
 "This option specifies the operation mode for GPO-based access control "
 "functionality: whether it operates in disabled mode, enforcing mode, or "
@@ -9355,14 +9399,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:356
+#: sssd-ad.5.xml:359
 msgid ""
 "GPO-based access control functionality uses GPO policy settings to determine "
 "whether or not a particular user is allowed to logon to a particular host."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:362
+#: sssd-ad.5.xml:365
 msgid ""
 "NOTE: The current version of SSSD does not support host (computer) entries "
 "in the GPO 'Security Filtering' list. Only user and group entries are "
@@ -9370,7 +9414,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:369
+#: sssd-ad.5.xml:372
 msgid ""
 "NOTE: If the operation mode is set to enforcing, it is possible that users "
 "that were previously allowed logon access will now be denied logon access "
@@ -9383,23 +9427,23 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:382
+#: sssd-ad.5.xml:385
 msgid "There are three supported values for this option:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:386
+#: sssd-ad.5.xml:389
 msgid ""
 "disabled: GPO-based access control rules are neither evaluated nor enforced."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:392
+#: sssd-ad.5.xml:395
 msgid "enforcing: GPO-based access control rules are evaluated and enforced."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:398
+#: sssd-ad.5.xml:401
 msgid ""
 "permissive: GPO-based access control rules are evaluated, but not enforced.  "
 "Instead, a syslog message will be emitted indicating that the user would "
@@ -9407,22 +9451,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:409
+#: sssd-ad.5.xml:412
 msgid "Default: permissive"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:412
+#: sssd-ad.5.xml:415
 msgid "Default: enforcing"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:418
+#: sssd-ad.5.xml:421
 msgid "ad_gpo_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:421
+#: sssd-ad.5.xml:424
 msgid ""
 "The amount of time between lookups of GPO policy files against the AD "
 "server. This will reduce the latency and load on the AD server if there are "
@@ -9430,12 +9474,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:434
+#: sssd-ad.5.xml:437
 msgid "ad_gpo_map_interactive (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:437
+#: sssd-ad.5.xml:440
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the InteractiveLogonRight and "
@@ -9443,14 +9487,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:443
+#: sssd-ad.5.xml:446
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Allow "
 "log on locally\" and \"Deny log on locally\"."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:457
+#: sssd-ad.5.xml:460
 #, no-wrap
 msgid ""
 "ad_gpo_map_interactive = +my_pam_service, -login\n"
@@ -9458,7 +9502,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:448
+#: sssd-ad.5.xml:451
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -9470,78 +9514,78 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:461 sssd-ad.5.xml:557 sssd-ad.5.xml:603 sssd-ad.5.xml:648
-#: sssd-ad.5.xml:714
+#: sssd-ad.5.xml:464 sssd-ad.5.xml:560 sssd-ad.5.xml:606 sssd-ad.5.xml:651
+#: sssd-ad.5.xml:717
 msgid "Default: the default set of PAM service names includes:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:465
+#: sssd-ad.5.xml:468
 msgid "login"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:470
+#: sssd-ad.5.xml:473
 msgid "su"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:475
+#: sssd-ad.5.xml:478
 msgid "su-l"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:480
+#: sssd-ad.5.xml:483
 msgid "gdm-fingerprint"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:485
+#: sssd-ad.5.xml:488
 msgid "gdm-password"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:490
+#: sssd-ad.5.xml:493
 msgid "gdm-smartcard"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:495
+#: sssd-ad.5.xml:498
 msgid "kdm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:500
+#: sssd-ad.5.xml:503
 msgid "lightdm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:505
+#: sssd-ad.5.xml:508
 msgid "lxdm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:510
+#: sssd-ad.5.xml:513
 msgid "sddm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:515
+#: sssd-ad.5.xml:518
 msgid "unity"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:520
+#: sssd-ad.5.xml:523
 msgid "xdm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:529
+#: sssd-ad.5.xml:532
 msgid "ad_gpo_map_remote_interactive (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:532
+#: sssd-ad.5.xml:535
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the RemoteInteractiveLogonRight and "
@@ -9549,7 +9593,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:538
+#: sssd-ad.5.xml:541
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Allow "
 "log on through Remote Desktop Services\" and \"Deny log on through Remote "
@@ -9557,7 +9601,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:553
+#: sssd-ad.5.xml:556
 #, no-wrap
 msgid ""
 "ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n"
@@ -9565,7 +9609,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:544
+#: sssd-ad.5.xml:547
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -9577,22 +9621,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:561
+#: sssd-ad.5.xml:564
 msgid "sshd"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:566
+#: sssd-ad.5.xml:569
 msgid "cockpit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:575
+#: sssd-ad.5.xml:578
 msgid "ad_gpo_map_network (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:578
+#: sssd-ad.5.xml:581
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the NetworkLogonRight and "
@@ -9600,7 +9644,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:584
+#: sssd-ad.5.xml:587
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Access "
 "this computer from the network\" and \"Deny access to this computer from the "
@@ -9608,7 +9652,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:599
+#: sssd-ad.5.xml:602
 #, no-wrap
 msgid ""
 "ad_gpo_map_network = +my_pam_service, -ftp\n"
@@ -9616,7 +9660,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:590
+#: sssd-ad.5.xml:593
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -9628,22 +9672,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:607
+#: sssd-ad.5.xml:610
 msgid "ftp"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:612
+#: sssd-ad.5.xml:615
 msgid "samba"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:621
+#: sssd-ad.5.xml:624
 msgid "ad_gpo_map_batch (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:624
+#: sssd-ad.5.xml:627
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the BatchLogonRight and DenyBatchLogonRight "
@@ -9651,14 +9695,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:630
+#: sssd-ad.5.xml:633
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Allow "
 "log on as a batch job\" and \"Deny log on as a batch job\"."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:644
+#: sssd-ad.5.xml:647
 #, no-wrap
 msgid ""
 "ad_gpo_map_batch = +my_pam_service, -crond\n"
@@ -9666,7 +9710,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:635
+#: sssd-ad.5.xml:638
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -9678,17 +9722,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:652
+#: sssd-ad.5.xml:655
 msgid "crond"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:661
+#: sssd-ad.5.xml:664
 msgid "ad_gpo_map_service (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:664
+#: sssd-ad.5.xml:667
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the ServiceLogonRight and "
@@ -9696,14 +9740,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:670
+#: sssd-ad.5.xml:673
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Allow "
 "log on as a service\" and \"Deny log on as a service\"."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:683
+#: sssd-ad.5.xml:686
 #, no-wrap
 msgid ""
 "ad_gpo_map_service = +my_pam_service\n"
@@ -9711,7 +9755,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:675 sssd-ad.5.xml:750
+#: sssd-ad.5.xml:678 sssd-ad.5.xml:753
 msgid ""
 "It is possible to add a PAM service name to the default set by using <quote>"
 "+service_name</quote>.  Since the default set is empty, it is not possible "
@@ -9722,19 +9766,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:693
+#: sssd-ad.5.xml:696
 msgid "ad_gpo_map_permit (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:696
+#: sssd-ad.5.xml:699
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access is "
 "always granted, regardless of any GPO Logon Rights."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:710
+#: sssd-ad.5.xml:713
 #, no-wrap
 msgid ""
 "ad_gpo_map_permit = +my_pam_service, -sudo\n"
@@ -9742,7 +9786,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:701
+#: sssd-ad.5.xml:704
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -9754,39 +9798,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:718
+#: sssd-ad.5.xml:721
 msgid "polkit-1"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:723
+#: sssd-ad.5.xml:726
 msgid "sudo"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:728
+#: sssd-ad.5.xml:731
 msgid "sudo-i"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:733
+#: sssd-ad.5.xml:736
 msgid "systemd-user"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:742
+#: sssd-ad.5.xml:745
 msgid "ad_gpo_map_deny (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:745
+#: sssd-ad.5.xml:748
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access is "
 "always denied, regardless of any GPO Logon Rights."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:758
+#: sssd-ad.5.xml:761
 #, no-wrap
 msgid ""
 "ad_gpo_map_deny = +my_pam_service\n"
@@ -9794,12 +9838,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:768
+#: sssd-ad.5.xml:771
 msgid "ad_gpo_default_right (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:771
+#: sssd-ad.5.xml:774
 msgid ""
 "This option defines how access control is evaluated for PAM service names "
 "that are not explicitly listed in one of the ad_gpo_map_* options. This "
@@ -9812,57 +9856,57 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:784
+#: sssd-ad.5.xml:787
 msgid "Supported values for this option include:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:788
+#: sssd-ad.5.xml:791
 msgid "interactive"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:793
+#: sssd-ad.5.xml:796
 msgid "remote_interactive"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:798
+#: sssd-ad.5.xml:801
 msgid "network"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:803
+#: sssd-ad.5.xml:806
 msgid "batch"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:808
+#: sssd-ad.5.xml:811
 msgid "service"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:813
+#: sssd-ad.5.xml:816
 msgid "permit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:818
+#: sssd-ad.5.xml:821
 msgid "deny"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:824
+#: sssd-ad.5.xml:827
 msgid "Default: deny"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:830
+#: sssd-ad.5.xml:833
 msgid "ad_maximum_machine_account_password_age (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:833
+#: sssd-ad.5.xml:836
 msgid ""
 "SSSD will check once a day if the machine account password is older than the "
 "given age in days and try to renew it. A value of 0 will disable the renewal "
@@ -9870,17 +9914,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:839
+#: sssd-ad.5.xml:842
 msgid "Default: 30 days"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:845
+#: sssd-ad.5.xml:848
 msgid "ad_machine_account_password_renewal_opts (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:848
+#: sssd-ad.5.xml:851
 msgid ""
 "This option should only be used to test the machine account renewal task. "
 "The option expects 2 integers separated by a colon (':'). The first integer "
@@ -9890,12 +9934,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:857
+#: sssd-ad.5.xml:860
 msgid "Default: 86400:750 (24h and 15m)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:866
+#: sssd-ad.5.xml:869
 msgid ""
 "Optional. This option tells SSSD to automatically update the Active "
 "Directory DNS server with the IP address of this client. The update is "
@@ -9906,19 +9950,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:896
+#: sssd-ad.5.xml:899
 msgid "Default: 3600 (seconds)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:912
+#: sssd-ad.5.xml:915
 msgid ""
 "Default: Use the IP addresses of the interface which is used for AD LDAP "
 "connection"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:925
+#: sssd-ad.5.xml:928
 msgid ""
 "How often should the back end perform periodic DNS update in addition to the "
 "automatic update performed when the back end goes online.  This option is "
@@ -9928,12 +9972,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:948 sss_rpcidmapd.5.xml:76
+#: sssd-ad.5.xml:951 sss_rpcidmapd.5.xml:76
 msgid "Default: True"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:1040
+#: sssd-ad.5.xml:1043
 msgid ""
 "The following example assumes that SSSD is correctly configured and example."
 "com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -9941,7 +9985,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:1047
+#: sssd-ad.5.xml:1050
 #, no-wrap
 msgid ""
 "[domain/EXAMPLE]\n"
@@ -9956,7 +10000,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:1067
+#: sssd-ad.5.xml:1070
 #, no-wrap
 msgid ""
 "access_provider = ldap\n"
@@ -9965,7 +10009,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:1063
+#: sssd-ad.5.xml:1066
 msgid ""
 "The AD access control provider checks if the account is expired.  It has the "
 "same effect as the following configuration of the LDAP provider: "
@@ -9973,7 +10017,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:1073
+#: sssd-ad.5.xml:1076
 msgid ""
 "However, unless the <quote>ad</quote> access control provider is explicitly "
 "configured, the default access provider is <quote>permit</quote>. Please "
@@ -9983,15 +10027,15 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:1081
+#: sssd-ad.5.xml:1084
 msgid ""
 "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
 "attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
 "are included in the default Active Directory schema."
 msgstr ""
 
-#. type: Content of: <reference><refentry><refmeta><refentrytitle>
-#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 sssd-session-recording.5.xml:10
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16
 msgid "sssd-sudo"
 msgstr ""
 
@@ -10500,7 +10544,7 @@ msgid "The password to obfuscate will be read from standard input."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:70
+#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:127
 #: sss_ssh_knownhostsproxy.1.xml:78
 msgid ""
 "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
@@ -12517,19 +12561,99 @@ msgid ""
 "\" id=\"0\"/>"
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sss_ssh_authorizedkeys.1.xml:65
+msgid "KEYS FROM CERTIFICATES"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:67
+msgid ""
+"In addition to the public SSH keys for user <replaceable>USER</replaceable> "
+"<command>sss_ssh_authorizedkeys</command> can return public SSH keys derived "
+"from the public key of a X.509 certificate as well."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:73
+msgid ""
+"To enable this the <quote>ssh_use_certificate_keys</quote> option must be "
+"set to true (default) in the [ssh] section of <filename>sssd.conf</"
+"filename>. If the user entry contains certificates (see "
+"<quote>ldap_user_certificate</quote> in <citerefentry><refentrytitle>sssd-"
+"ldap</refentrytitle> <manvolnum>5</manvolnum></citerefentry> for details) or "
+"there is a certificate in an override entry for the user (see "
+"<citerefentry><refentrytitle>sss_override</refentrytitle> <manvolnum>8</"
+"manvolnum></citerefentry> or <citerefentry><refentrytitle>sssd-ipa</"
+"refentrytitle> <manvolnum>5</manvolnum></citerefentry> for details) and the "
+"certificate is valid SSSD will extract the public key from the certificate "
+"and convert it into the format expected by sshd."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:90
+msgid "Besides <quote>ssh_use_certificate_keys</quote> the options"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+#: sss_ssh_authorizedkeys.1.xml:92
+msgid "ca_db"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+#: sss_ssh_authorizedkeys.1.xml:93
+msgid "p11_child_timeout"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+#: sss_ssh_authorizedkeys.1.xml:94
+msgid "certificate_verification"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:96
+msgid ""
+"can be used to control how the certificates are validated (see "
+"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry> for details)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:101
+msgid ""
+"The validation is the benefit of using X.509 certificates instead of SSH "
+"keys directly because e.g. it gives a better control of the lifetime of the "
+"keys. When the ssh client is configured to use the private keys from a "
+"Smartcard with the help of a PKCS#11 shared library (see "
+"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></"
+"citerefentry> for details) it might be irritating that authentication is "
+"still working even if the related X.509 certificate on the Smartcard is "
+"already expired because neither <command>ssh</command> nor <command>sshd</"
+"command> will look at the certificate at all."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:114
+msgid ""
+"It has to be noted that the derived public SSH key can still be added to the "
+"<filename>authorized_keys</filename> file of the user to bypass the "
+"certificate validation if the <command>sshd</command> configuration permits "
+"this."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_authorizedkeys.1.xml:75
+#: sss_ssh_authorizedkeys.1.xml:132
 msgid ""
 "Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_authorizedkeys.1.xml:84 sss_ssh_knownhostsproxy.1.xml:92
+#: sss_ssh_authorizedkeys.1.xml:141 sss_ssh_knownhostsproxy.1.xml:92
 msgid "EXIT STATUS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:86 sss_ssh_knownhostsproxy.1.xml:94
+#: sss_ssh_authorizedkeys.1.xml:143 sss_ssh_knownhostsproxy.1.xml:94
 msgid ""
 "In case of success, an exit value of 0 is returned. Otherwise, 1 is returned."
 msgstr ""
@@ -12730,25 +12854,65 @@ msgid ""
 "manvolnum> </citerefentry>."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-files.5.xml:69
+msgid "passwd_files (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:72
+msgid ""
+"Comma-separated list of one or multiple password filenames to be read and "
+"enumerated by the files provider, inotify monitor watches will be set on "
+"each file to detect changes dynamically."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:78
+#, fuzzy
+#| msgid "Default: /tmp"
+msgid "Default: /etc/passwd"
+msgstr "Noklusējuma: / tmp"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-files.5.xml:84
+msgid "group_files (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:87
+msgid ""
+"Comma-separated list of one or multiple group filenames to be read and "
+"enumerated by the files provider, inotify monitor watches will be set on "
+"each file to detect changes dynamically."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:93
+#, fuzzy
+#| msgid "Default: /tmp"
+msgid "Default: /etc/group"
+msgstr "Noklusējuma: / tmp"
+
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-files.5.xml:59
 msgid ""
-"The files provider has no specific options of its own, however, generic SSSD "
-"domain options can be set where applicable.  Refer to the section "
-"<quote>DOMAIN SECTIONS</quote> of the <citerefentry> <refentrytitle>sssd."
-"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page "
-"for details on the configuration of an SSSD domain."
+"In addition to the options listed below, generic SSSD domain options can be "
+"set where applicable.  Refer to the section <quote>DOMAIN SECTIONS</quote> "
+"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> manual page for details on the configuration of "
+"an SSSD domain.  <placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-files.5.xml:73
+#: sssd-files.5.xml:105
 msgid ""
 "The following example assumes that SSSD is correctly configured and files is "
 "one of the domains in the <replaceable>[sssd]</replaceable> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-files.5.xml:79
+#: sssd-files.5.xml:111
 #, no-wrap
 msgid ""
 "[domain/files]\n"
@@ -12987,10 +13151,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sssd-secrets.5.xml:216
-#, fuzzy
-#| msgid "timeout (integer)"
 msgid "max_uid_secrets (integer)"
-msgstr "noildze (vesels skaitlis)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd-secrets.5.xml:219
@@ -13519,7 +13681,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-session-recording.5.xml:16
+#: sssd-session-recording.5.xml:10 sssd-session-recording.5.xml:16
 msgid "sssd-session-recording"
 msgstr ""
 
@@ -13788,10 +13950,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sssd-systemtap.5.xml:10 sssd-systemtap.5.xml:16
-#, fuzzy
-#| msgid "sssd-simple"
 msgid "sssd-systemtap"
-msgstr "sssd-simple"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sssd-systemtap.5.xml:17
@@ -14372,7 +14532,7 @@ msgstr ""
 #: include/failover.xml:100
 msgid ""
 "For LDAP-based providers, the resolve operation is performed as part of an "
-"LDAP connection operation. Thefore, also the <quote>ldap_opt_timeout></"
+"LDAP connection operation. Therefore, also the <quote>ldap_opt_timeout></"
 "quote> timeout should be set to a larger value than "
 "<quote>dns_resolver_timeout</quote> which in turn should be set to a larger "
 "value than <quote>dns_resolver_op_timeout</quote>."
@@ -15210,6 +15370,23 @@ msgstr ""
 msgid "ldap_use_tokengroups = true"
 msgstr ""
 
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ad_modified_defaults.xml:63
+msgid "ldap_sasl_authid = sAMAccountName@REALM (typically SHORTNAME$@REALM)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ad_modified_defaults.xml:66
+msgid ""
+"The AD provider looks for a different principal than the LDAP provider by "
+"default, because in an Active Directory environment the principals are "
+"divided into two groups - User Principals and Service Principals. Only User "
+"Principal can be used to obtain a TGT and by default, computer object's "
+"principal is constructed from its sAMAccountName and the AD realm. The well-"
+"known host/hostname@REALM principal is a Service Principal and thus cannot "
+"be used to get a TGT with."
+msgstr ""
+
 #. type: Content of: <refsect1><para>
 #: include/ipa_modified_defaults.xml:4
 msgid ""
diff --git a/src/man/po/nl.po b/src/man/po/nl.po
index 1d36ca9..2dd7ca8 100644
--- a/src/man/po/nl.po
+++ b/src/man/po/nl.po
@@ -6,10 +6,10 @@
 # Wijnand Modderman-Lenstra <accounts-transifex@maze.io>, 2011
 msgid ""
 msgstr ""
-"Project-Id-Version: sssd-docs 1.15.3\n"
+"Project-Id-Version: sssd-docs 1.16.1\n"
 "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2018-03-09 12:30+0100\n"
-"PO-Revision-Date: 2014-12-15 12:02-0500\n"
+"POT-Creation-Date: 2018-06-08 21:00+0200\n"
+"PO-Revision-Date: 2014-12-15 12:02+0000\n"
 "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
 "Language-Team: Dutch (http://www.transifex.com/projects/p/sssd/language/"
 "nl/)\n"
@@ -18,7 +18,7 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
-"X-Generator: Zanata 3.9.6\n"
+"X-Generator: Zanata 4.4.5\n"
 
 #. type: Content of: <reference><title>
 #: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
@@ -94,7 +94,7 @@ msgstr ""
 #: sss_groupmod.8.xml:39 pam_sss.8.xml:64 sssd.8.xml:42 sss_obfuscate.8.xml:58
 #: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
 #: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
-#: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:66
+#: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:123
 #: sss_ssh_knownhostsproxy.1.xml:62
 msgid "OPTIONS"
 msgstr "OPTIES"
@@ -206,7 +206,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd.conf.5.xml:41
 msgid ""
-"A line comment starts with a hash sign (<quote>#</quote>) or a semicolon "
+"A comment line starts with a hash sign (<quote>#</quote>) or a semicolon "
 "(<quote>;</quote>).  Inline comments are not supported."
 msgstr ""
 
@@ -318,11 +318,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:133 sssd.conf.5.xml:543 sssd.conf.5.xml:837
-#: sssd.conf.5.xml:1474 sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1937
-#: sssd-ldap.5.xml:1999 sssd-ldap.5.xml:2565 sssd-ldap.5.xml:2630
-#: sssd-ldap.5.xml:2648 sssd-ad.5.xml:224 sssd-ad.5.xml:338 sssd-ad.5.xml:882
-#: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
+#: sssd.conf.5.xml:133 sssd.conf.5.xml:543 sssd.conf.5.xml:839
+#: sssd.conf.5.xml:1491 sssd.conf.5.xml:1521 sssd-ldap.5.xml:1840
+#: sssd-ldap.5.xml:1937 sssd-ldap.5.xml:1999 sssd-ldap.5.xml:2565
+#: sssd-ldap.5.xml:2630 sssd-ldap.5.xml:2648 sssd-ad.5.xml:227
+#: sssd-ad.5.xml:341 sssd-ad.5.xml:885 sssd-krb5.5.xml:499
+#: sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
 msgid "Default: true"
 msgstr "Standaard: true"
 
@@ -339,8 +340,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:146 sssd.conf.5.xml:540 sssd.conf.5.xml:721
-#: sssd.conf.5.xml:1407 sssd.conf.5.xml:2925 sssd-ldap.5.xml:708
+#: sssd.conf.5.xml:146 sssd.conf.5.xml:540 sssd.conf.5.xml:722
+#: sssd.conf.5.xml:1424 sssd.conf.5.xml:2983 sssd-ldap.5.xml:708
 #: sssd-ldap.5.xml:1714 sssd-ldap.5.xml:1733 sssd-ldap.5.xml:1909
 #: sssd-ldap.5.xml:2335 sssd-ipa.5.xml:151 sssd-ipa.5.xml:238
 #: sssd-ipa.5.xml:559 sssd-krb5.5.xml:266 sssd-krb5.5.xml:300
@@ -374,7 +375,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:169 sssd.conf.5.xml:1359 sssd.conf.5.xml:2941
+#: sssd.conf.5.xml:169 sssd.conf.5.xml:1376 sssd.conf.5.xml:2999
 #: sssd-ldap.5.xml:1585 include/ldap_id_mapping.xml:264
 msgid "Default: 10"
 msgstr ""
@@ -390,7 +391,7 @@ msgid "The [sssd] section"
 msgstr "De [sssd] sectie"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:191 sssd.conf.5.xml:3030
+#: sssd.conf.5.xml:191 sssd.conf.5.xml:3088
 msgid "Section parameters"
 msgstr "Sectie parameters"
 
@@ -440,12 +441,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231 sssd.conf.5.xml:613
+#: sssd.conf.5.xml:231 sssd.conf.5.xml:614
 msgid "reconnection_retries (integer)"
 msgstr "reconnection_retries (numeriek)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:234 sssd.conf.5.xml:616
+#: sssd.conf.5.xml:234 sssd.conf.5.xml:617
 msgid ""
 "Number of times services should attempt to reconnect in the event of a Data "
 "Provider crash or restart before they give up"
@@ -454,7 +455,7 @@ msgstr ""
 "Data Aanbieder crashed of opnieuw start voordat dit opgegeven wordt"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:239 sssd.conf.5.xml:621
+#: sssd.conf.5.xml:239 sssd.conf.5.xml:622
 msgid "Default: 3"
 msgstr "Standaard: 3"
 
@@ -474,7 +475,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:259 sssd.conf.5.xml:2539
+#: sssd.conf.5.xml:259 sssd.conf.5.xml:2597
 msgid "re_expression (string)"
 msgstr "re_expression (tekst)"
 
@@ -494,12 +495,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:276 sssd.conf.5.xml:2590
+#: sssd.conf.5.xml:276 sssd.conf.5.xml:2648
 msgid "full_name_format (string)"
 msgstr "full_name_format (tekst)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:279 sssd.conf.5.xml:2593
+#: sssd.conf.5.xml:279 sssd.conf.5.xml:2651
 msgid ""
 "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
 "manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -507,39 +508,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:290 sssd.conf.5.xml:2604
+#: sssd.conf.5.xml:290 sssd.conf.5.xml:2662
 msgid "%1$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:291 sssd.conf.5.xml:2605
+#: sssd.conf.5.xml:291 sssd.conf.5.xml:2663
 msgid "user name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:294 sssd.conf.5.xml:2608
+#: sssd.conf.5.xml:294 sssd.conf.5.xml:2666
 msgid "%2$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:297 sssd.conf.5.xml:2611
+#: sssd.conf.5.xml:297 sssd.conf.5.xml:2669
 msgid "domain name as specified in the SSSD config file."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:303 sssd.conf.5.xml:2617
+#: sssd.conf.5.xml:303 sssd.conf.5.xml:2675
 msgid "%3$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:306 sssd.conf.5.xml:2620
+#: sssd.conf.5.xml:306 sssd.conf.5.xml:2678
 msgid ""
 "domain flat name. Mostly usable for Active Directory domains, both directly "
 "configured or discovered via IPA trusts."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:287 sssd.conf.5.xml:2601
+#: sssd.conf.5.xml:287 sssd.conf.5.xml:2659
 msgid ""
 "The following expansions are supported: <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
@@ -677,9 +678,9 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:418 sssd.conf.5.xml:1163 sssd-ldap.5.xml:679
+#: sssd.conf.5.xml:418 sssd.conf.5.xml:1165 sssd-ldap.5.xml:679
 #: sssd-ldap.5.xml:1319 sssd-ldap.5.xml:1673 sssd-ldap.5.xml:1685
-#: sssd-ldap.5.xml:1767 sssd-ad.5.xml:687 sssd-ad.5.xml:762 sssd.8.xml:126
+#: sssd-ldap.5.xml:1767 sssd-ad.5.xml:690 sssd-ad.5.xml:765 sssd.8.xml:126
 #: sssd-krb5.5.xml:410 sssd-krb5.5.xml:556 sssd-secrets.5.xml:339
 #: sssd-secrets.5.xml:377 sssd-secrets.5.xml:390 sssd-secrets.5.xml:404
 #: sssd-secrets.5.xml:415 include/ldap_id_mapping.xml:205
@@ -857,21 +858,22 @@ msgstr ""
 #: sssd.conf.5.xml:563
 msgid ""
 "Please, note that when this option is set the output format of all commands "
-"is always fully-qualified even when using short names for input.  In case "
-"the administrator wants the output not fully-qualified, the full_name_format "
-"option can be used as shown below: <quote>full_name_format=%1$s</quote> "
-"However, keep in mind that during login, login applications often "
-"canonicalize the username by calling <citerefentry> <refentrytitle>getpwnam</"
-"refentrytitle> <manvolnum>3</manvolnum> </citerefentry> which, if a "
-"shortname is returned for a qualified input (while trying to reach a user "
-"which exists in multiple domains) might re-route the login attempt into the "
-"domain which users shortnames, making this workaround totally not "
-"recommended in cases where usernames may overlap between domains."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587 sssd.conf.5.xml:1371 sssd.conf.5.xml:2991
-#: sssd-ad.5.xml:161 sssd-ad.5.xml:299 sssd-ad.5.xml:313
+"is always fully-qualified even when using short names for input, for all "
+"users but the ones managed by the files provider.  In case the administrator "
+"wants the output not fully-qualified, the full_name_format option can be "
+"used as shown below: <quote>full_name_format=%1$s</quote> However, keep in "
+"mind that during login, login applications often canonicalize the username "
+"by calling <citerefentry> <refentrytitle>getpwnam</refentrytitle> "
+"<manvolnum>3</manvolnum> </citerefentry> which, if a shortname is returned "
+"for a qualified input (while trying to reach a user which exists in multiple "
+"domains) might re-route the login attempt into the domain which uses "
+"shortnames, making this workaround totally not recommended in cases where "
+"usernames may overlap between domains."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:588 sssd.conf.5.xml:1388 sssd.conf.5.xml:3049
+#: sssd-ad.5.xml:164 sssd-ad.5.xml:302 sssd-ad.5.xml:316
 msgid "Default: Not set"
 msgstr ""
 
@@ -887,12 +889,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:598
+#: sssd.conf.5.xml:599
 msgid "SERVICES SECTIONS"
 msgstr "SERVICES SECTIE"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:600
+#: sssd.conf.5.xml:601
 msgid ""
 "Settings that can be used to configure different services are described in "
 "this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -901,22 +903,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:607
+#: sssd.conf.5.xml:608
 msgid "General service configuration options"
 msgstr "Algemene service configuratie-opties"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:609
+#: sssd.conf.5.xml:610
 msgid "These options can be used to configure any service."
 msgstr "Deze opties kunnen gebruikt worden om services te configureren."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:626
+#: sssd.conf.5.xml:627
 msgid "fd_limit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:629
+#: sssd.conf.5.xml:630
 msgid ""
 "This option specifies the maximum number of file descriptors that may be "
 "opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -926,17 +928,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:638
+#: sssd.conf.5.xml:639
 msgid "Default: 8192 (or limits.conf \"hard\" limit)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:643
+#: sssd.conf.5.xml:644
 msgid "client_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:646
+#: sssd.conf.5.xml:647
 msgid ""
 "This option specifies the number of seconds that a client of an SSSD process "
 "can hold onto a file descriptor without communicating on it. This value is "
@@ -946,18 +948,18 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:655 sssd.conf.5.xml:687 sssd.conf.5.xml:968
-#: sssd.conf.5.xml:1229 sssd-ldap.5.xml:1412
+#: sssd.conf.5.xml:656 sssd.conf.5.xml:688 sssd.conf.5.xml:970
+#: sssd.conf.5.xml:1231 sssd-ldap.5.xml:1412
 msgid "Default: 60"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:660
+#: sssd.conf.5.xml:661
 msgid "offline_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:663
+#: sssd.conf.5.xml:664
 msgid ""
 "When SSSD switches to offline mode the amount of time before it tries to go "
 "back online will increase based upon the time spent disconnected.  This "
@@ -965,24 +967,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:670
+#: sssd.conf.5.xml:671
 msgid "offline_timeout + random_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:673
+#: sssd.conf.5.xml:674
 msgid ""
 "The random offset can increment up to 30 seconds.  After each unsuccessful "
 "attempt to go online, the new interval is recalculated by the following:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:678
+#: sssd.conf.5.xml:679
 msgid "new_interval = old_interval*2 + random_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:681
+#: sssd.conf.5.xml:682
 msgid ""
 "Note that the maximum length of each interval is currently limited to one "
 "hour. If the calculated length of new_interval is greater than an hour, it "
@@ -990,12 +992,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:692
+#: sssd.conf.5.xml:693
 msgid "responder_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:695
+#: sssd.conf.5.xml:696
 msgid ""
 "This option specifies the number of seconds that an SSSD responder process "
 "can be up without being used. This value is limited in order to avoid "
@@ -1007,30 +1009,30 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:709 sssd.conf.5.xml:981 sssd.conf.5.xml:1566
+#: sssd.conf.5.xml:710 sssd.conf.5.xml:983 sssd.conf.5.xml:1616
 #: sssd-ldap.5.xml:722
 msgid "Default: 300"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:714
+#: sssd.conf.5.xml:715
 msgid "cache_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:717
+#: sssd.conf.5.xml:718
 msgid ""
 "This option specifies whether the responder should query all caches before "
 "querying the Data Providers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:729
+#: sssd.conf.5.xml:730
 msgid "NSS configuration options"
 msgstr "NSS configuratie-opties"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:731
+#: sssd.conf.5.xml:732
 msgid ""
 "These options can be used to configure the Name Service Switch (NSS) service."
 msgstr ""
@@ -1038,12 +1040,12 @@ msgstr ""
 "configurere."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:736
+#: sssd.conf.5.xml:737
 msgid "enum_cache_timeout (integer)"
 msgstr "enum_cache_timeout (numeriek)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:739
+#: sssd.conf.5.xml:740
 msgid ""
 "How many seconds should nss_sss cache enumerations (requests for info about "
 "all users)"
@@ -1052,17 +1054,17 @@ msgstr ""
 "over alle gebruikers)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:743
+#: sssd.conf.5.xml:744
 msgid "Default: 120"
 msgstr "Standaard: 120"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:748
+#: sssd.conf.5.xml:749
 msgid "entry_cache_nowait_percentage (integer)"
 msgstr "entry_cache_nowait_percentage (numeriek)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:751
+#: sssd.conf.5.xml:752
 msgid ""
 "The entry cache can be set to automatically update entries in the background "
 "if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -1070,7 +1072,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:757
+#: sssd.conf.5.xml:758
 msgid ""
 "For example, if the domain's entry_cache_timeout is set to 30s and "
 "entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -1080,7 +1082,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:767
+#: sssd.conf.5.xml:768
 msgid ""
 "Valid values for this option are 0-99 and represent a percentage of the "
 "entry_cache_timeout for each domain. For performance reasons, this "
@@ -1089,17 +1091,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:775 sssd.conf.5.xml:1428
+#: sssd.conf.5.xml:776 sssd.conf.5.xml:1445
 msgid "Default: 50"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:780
+#: sssd.conf.5.xml:781
 msgid "entry_negative_timeout (integer)"
 msgstr "entry_negative_timeout (numeriek)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:784
 msgid ""
 "Specifies for how many seconds nss_sss should cache negative cache hits "
 "(that is, queries for invalid database entries, like nonexistent ones)  "
@@ -1107,34 +1109,37 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:789 sssd.conf.5.xml:1452
+#: sssd.conf.5.xml:790 sssd.conf.5.xml:1469
 msgid "Default: 15"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:794
+#: sssd.conf.5.xml:795
 msgid "local_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:797
+#: sssd.conf.5.xml:798
 msgid ""
 "Specifies for how many seconds nss_sss should keep local users and groups in "
-"negative cache before trying to look it up in the back end again."
+"negative cache before trying to look it up in the back end again. Setting "
+"the option to 0 disables this feature."
 msgstr ""
 
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:802 sssd.conf.5.xml:1217 sssd.conf.5.xml:2846 sssd.8.xml:79
-msgid "Default: 0"
-msgstr "Standaard: 0"
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:804
+#, fuzzy
+#| msgid "Default: 120"
+msgid "Default: 14400 (4 hours)"
+msgstr "Standaard: 120"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:807
+#: sssd.conf.5.xml:809
 msgid "filter_users, filter_groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:810
+#: sssd.conf.5.xml:812
 msgid ""
 "Exclude certain users or groups from being fetched from the sss NSS "
 "database. This is particularly useful for system accounts. This option can "
@@ -1143,7 +1148,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:817
+#: sssd.conf.5.xml:819
 msgid ""
 "NOTE: The filter_groups option doesn't affect inheritance of nested group "
 "members, since filtering happens after they are propagated for returning via "
@@ -1152,41 +1157,41 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:825
+#: sssd.conf.5.xml:827
 msgid "Default: root"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:830
+#: sssd.conf.5.xml:832
 msgid "filter_users_in_groups (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:833
+#: sssd.conf.5.xml:835
 msgid ""
 "If you want filtered user still be group members set this option to false."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:844
+#: sssd.conf.5.xml:846
 msgid "fallback_homedir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:849
 msgid ""
 "Set a default template for a user's home directory if one is not specified "
 "explicitly by the domain's data provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:852
+#: sssd.conf.5.xml:854
 msgid ""
 "The available values for this option are the same as for override_homedir."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:858
+#: sssd.conf.5.xml:860
 #, no-wrap
 msgid ""
 "fallback_homedir = /home/%u\n"
@@ -1194,23 +1199,23 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:856 sssd.conf.5.xml:1296 sssd.conf.5.xml:1315
+#: sssd.conf.5.xml:858 sssd.conf.5.xml:1298 sssd.conf.5.xml:1317
 #: sssd-krb5.5.xml:539 include/override_homedir.xml:59
 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:862
+#: sssd.conf.5.xml:864
 msgid "Default: not set (no substitution for unset home directories)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:870
 msgid "override_shell (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:873
 msgid ""
 "Override the login shell for all users. This option supersedes any other "
 "shell options if it takes effect and can be set either in the [nss] section "
@@ -1218,47 +1223,47 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:877
+#: sssd.conf.5.xml:879
 msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:883
+#: sssd.conf.5.xml:885
 msgid "allowed_shells (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:886
+#: sssd.conf.5.xml:888
 msgid ""
 "Restrict user shell to one of the listed values. The order of evaluation is:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:889
+#: sssd.conf.5.xml:891
 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:895
 msgid ""
 "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
 "quote>, use the value of the shell_fallback parameter."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:898
+#: sssd.conf.5.xml:900
 msgid ""
 "3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
 "shells</quote>, a nologin shell is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:903
+#: sssd.conf.5.xml:905
 msgid "The wildcard (*) can be used to allow any shell."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:906
+#: sssd.conf.5.xml:908
 msgid ""
 "The (*) is useful if you want to use shell_fallback in case that user's "
 "shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -1266,112 +1271,112 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:913
+#: sssd.conf.5.xml:915
 msgid "An empty string for shell is passed as-is to libc."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:918
 msgid ""
 "The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
 "that a restart of the SSSD is required in case a new shell is installed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:920
+#: sssd.conf.5.xml:922
 msgid "Default: Not set. The user shell is automatically used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:925
+#: sssd.conf.5.xml:927
 msgid "vetoed_shells (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:928
+#: sssd.conf.5.xml:930
 msgid "Replace any instance of these shells with the shell_fallback"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:933
+#: sssd.conf.5.xml:935
 msgid "shell_fallback (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:936
+#: sssd.conf.5.xml:938
 msgid ""
 "The default shell to use if an allowed shell is not installed on the machine."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
+#: sssd.conf.5.xml:942
 msgid "Default: /bin/sh"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:945
+#: sssd.conf.5.xml:947
 msgid "default_shell"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:950
 msgid ""
 "The default shell to use if the provider does not return one during lookup. "
 "This option can be specified globally in the [nss] section or per-domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:956
 msgid ""
 "Default: not set (Return NULL if no shell is specified and rely on libc to "
 "substitute something sensible when necessary, usually /bin/sh)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:961 sssd.conf.5.xml:1222
+#: sssd.conf.5.xml:963 sssd.conf.5.xml:1224
 msgid "get_domains_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:964 sssd.conf.5.xml:1225
+#: sssd.conf.5.xml:966 sssd.conf.5.xml:1227
 msgid ""
 "Specifies time in seconds for which the list of subdomains will be "
 "considered valid."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:973
+#: sssd.conf.5.xml:975
 msgid "memcache_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:976
+#: sssd.conf.5.xml:978
 msgid ""
 "Specifies time in seconds for which records in the in-memory cache will be "
 "valid. Setting this option to zero will disable the in-memory cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:984
+#: sssd.conf.5.xml:986
 msgid ""
 "WARNING: Disabling the in-memory cache will have significant negative impact "
 "on SSSD's performance and should only be used for testing."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:990
+#: sssd.conf.5.xml:992
 msgid ""
 "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
 "client applications will not use the fast in-memory cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:998 sssd-ifp.5.xml:74
+#: sssd.conf.5.xml:1000 sssd-ifp.5.xml:74
 msgid "user_attributes (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1001
+#: sssd.conf.5.xml:1003
 msgid ""
 "Some of the additional NSS responder requests can return more attributes "
 "than just the POSIX ones defined by the NSS interface. The list of "
@@ -1382,96 +1387,96 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1014
+#: sssd.conf.5.xml:1016
 msgid ""
 "To make configuration more easy the NSS responder will check the InfoPipe "
 "option if it is not set for the NSS responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1019
+#: sssd.conf.5.xml:1021
 msgid "Default: not set, fallback to InfoPipe option"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1026
 msgid "pwfield (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1029
 msgid ""
 "The value that NSS operations that return users or groups will return for "
 "the <quote>password</quote> field."
 msgstr ""
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:1032 include/override_homedir.xml:56
+#: sssd.conf.5.xml:1034 include/override_homedir.xml:56
 msgid "This option can also be set per-domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1035
+#: sssd.conf.5.xml:1037
 msgid ""
 "Default: <quote>*</quote> (remote domains)  or <quote>x</quote> (the files "
 "domain)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1043
+#: sssd.conf.5.xml:1045
 msgid "PAM configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1047
 msgid ""
 "These options can be used to configure the Pluggable Authentication Module "
 "(PAM) service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1050
+#: sssd.conf.5.xml:1052
 msgid "offline_credentials_expiration (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1053
+#: sssd.conf.5.xml:1055
 msgid ""
 "If the authentication provider is offline, how long should we allow cached "
 "logins (in days since the last successful online login)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1058 sssd.conf.5.xml:1071
+#: sssd.conf.5.xml:1060 sssd.conf.5.xml:1073
 msgid "Default: 0 (No limit)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1064
+#: sssd.conf.5.xml:1066
 msgid "offline_failed_login_attempts (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1067
+#: sssd.conf.5.xml:1069
 msgid ""
 "If the authentication provider is offline, how many failed login attempts "
 "are allowed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1077
+#: sssd.conf.5.xml:1079
 msgid "offline_failed_login_delay (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1080
+#: sssd.conf.5.xml:1082
 msgid ""
 "The time in minutes which has to pass after offline_failed_login_attempts "
 "has been reached before a new login attempt is possible."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1085
+#: sssd.conf.5.xml:1087
 msgid ""
 "If set to 0 the user cannot authenticate offline if "
 "offline_failed_login_attempts has been reached. Only a successful online "
@@ -1479,59 +1484,59 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1091 sssd.conf.5.xml:1189
+#: sssd.conf.5.xml:1093 sssd.conf.5.xml:1191
 msgid "Default: 5"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1097
+#: sssd.conf.5.xml:1099
 msgid "pam_verbosity (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1100
+#: sssd.conf.5.xml:1102
 msgid ""
 "Controls what kind of messages are shown to the user during authentication. "
 "The higher the number to more messages are displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1105
+#: sssd.conf.5.xml:1107
 msgid "Currently sssd supports the following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1108
+#: sssd.conf.5.xml:1110
 msgid "<emphasis>0</emphasis>: do not show any message"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1111
+#: sssd.conf.5.xml:1113
 msgid "<emphasis>1</emphasis>: show only important messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1115
+#: sssd.conf.5.xml:1117
 msgid "<emphasis>2</emphasis>: show informational messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1118
+#: sssd.conf.5.xml:1120
 msgid "<emphasis>3</emphasis>: show all messages and debug information"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1122 sssd.8.xml:63
+#: sssd.conf.5.xml:1124 sssd.8.xml:63
 msgid "Default: 1"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1128
+#: sssd.conf.5.xml:1130
 msgid "pam_response_filter (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1131
+#: sssd.conf.5.xml:1133
 msgid ""
 "A comma separated list of strings which allows to remove (filter) data sent "
 "by the PAM responder to pam_sss PAM module. There are different kind of "
@@ -1540,61 +1545,61 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1139
+#: sssd.conf.5.xml:1141
 msgid ""
 "While messages already can be controlled with the help of the pam_verbosity "
 "option this option allows to filter out other kind of responses as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1148
 msgid "ENV"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1147
+#: sssd.conf.5.xml:1149
 msgid "Do not send any environment variables to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1150
+#: sssd.conf.5.xml:1152
 msgid "ENV:var_name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1151
+#: sssd.conf.5.xml:1153
 msgid "Do not send environment variable var_name to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1155
+#: sssd.conf.5.xml:1157
 msgid "ENV:var_name:service"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1156
+#: sssd.conf.5.xml:1158
 msgid "Do not send environment variable var_name to service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1144
+#: sssd.conf.5.xml:1146
 msgid ""
 "Currently the following filters are supported: <placeholder type="
 "\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1166
+#: sssd.conf.5.xml:1168
 msgid "Example: ENV:KRB5CCNAME:sudo-i"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1174
 msgid "pam_id_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1175
+#: sssd.conf.5.xml:1177
 msgid ""
 "For any PAM request while SSSD is online, the SSSD will attempt to "
 "immediately update the cached identity information for the user in order to "
@@ -1602,7 +1607,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1181
+#: sssd.conf.5.xml:1183
 msgid ""
 "A complete PAM conversation may perform multiple PAM requests, such as "
 "account management and session opening. This option controls (on a per-"
@@ -1611,17 +1616,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1195
+#: sssd.conf.5.xml:1197
 msgid "pam_pwd_expiration_warning (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1198 sssd.conf.5.xml:2028
+#: sssd.conf.5.xml:1200 sssd.conf.5.xml:2078
 msgid "Display a warning N days before the password expires."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1201
+#: sssd.conf.5.xml:1203
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -1629,26 +1634,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1207 sssd.conf.5.xml:2031
+#: sssd.conf.5.xml:1209 sssd.conf.5.xml:2081
 msgid ""
 "If zero is set, then this filter is not applied, i.e. if the expiration "
 "warning was received from backend server, it will automatically be displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1212
+#: sssd.conf.5.xml:1214
 msgid ""
 "This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
 "emphasis> for a particular domain."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1219 sssd.conf.5.xml:2904 sssd.8.xml:79
+msgid "Default: 0"
+msgstr "Standaard: 0"
+
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1234
+#: sssd.conf.5.xml:1236
 msgid "pam_trusted_users (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1237
+#: sssd.conf.5.xml:1239
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to run PAM conversations against trusted domains.  Users not "
@@ -1658,74 +1668,74 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1247
+#: sssd.conf.5.xml:1249
 msgid "Default: All users are considered trusted by default"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1251
+#: sssd.conf.5.xml:1253
 msgid ""
 "Please note that UID 0 is always allowed to access the PAM responder even in "
 "case it is not in the pam_trusted_users list."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1258
+#: sssd.conf.5.xml:1260
 msgid "pam_public_domains (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1261
+#: sssd.conf.5.xml:1263
 msgid ""
 "Specifies the comma-separated list of domain names that are accessible even "
 "to untrusted users."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1265
+#: sssd.conf.5.xml:1267
 msgid "Two special values for pam_public_domains option are defined:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1269
+#: sssd.conf.5.xml:1271
 msgid ""
 "all (Untrusted users are allowed to access all domains in PAM responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1273
+#: sssd.conf.5.xml:1275
 msgid ""
 "none (Untrusted users are not allowed to access any domains PAM in "
 "responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1277 sssd.conf.5.xml:1302 sssd.conf.5.xml:1321
-#: sssd.conf.5.xml:1825 sssd.conf.5.xml:2782 sssd-ldap.5.xml:1968
+#: sssd.conf.5.xml:1279 sssd.conf.5.xml:1304 sssd.conf.5.xml:1323
+#: sssd.conf.5.xml:1875 sssd.conf.5.xml:2840 sssd-ldap.5.xml:1968
 msgid "Default: none"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1282
+#: sssd.conf.5.xml:1284
 msgid "pam_account_expired_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1285
+#: sssd.conf.5.xml:1287
 msgid ""
 "Allows a custom expiration message to be set, replacing the default "
 "'Permission denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1290
+#: sssd.conf.5.xml:1292
 msgid ""
 "Note: Please be aware that message is only printed for the SSH service "
 "unless pam_verbosity is set to 3 (show all messages and debug information)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1298
+#: sssd.conf.5.xml:1300
 #, no-wrap
 msgid ""
 "pam_account_expired_message = Account expired, please contact help desk.\n"
@@ -1733,19 +1743,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1307
+#: sssd.conf.5.xml:1309
 msgid "pam_account_locked_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1310
+#: sssd.conf.5.xml:1312
 msgid ""
 "Allows a custom lockout message to be set, replacing the default 'Permission "
 "denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1317
+#: sssd.conf.5.xml:1319
 #, no-wrap
 msgid ""
 "pam_account_locked_message = Account locked, please contact help desk.\n"
@@ -1753,12 +1763,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1326
+#: sssd.conf.5.xml:1328
 msgid "pam_cert_auth (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1329
+#: sssd.conf.5.xml:1331
 msgid ""
 "Enable certificate based Smartcard authentication.  Since this requires "
 "additional communication with the Smartcard which will delay the "
@@ -1766,58 +1776,82 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1335 sssd.conf.5.xml:2875 sssd-ldap.5.xml:1087
+#: sssd.conf.5.xml:1337 sssd.conf.5.xml:2933 sssd-ldap.5.xml:1087
 #: sssd-ldap.5.xml:1114 sssd-ldap.5.xml:1514 sssd-ldap.5.xml:1535
 #: sssd-ldap.5.xml:2041 include/ldap_id_mapping.xml:244
 msgid "Default: False"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1340
+#: sssd.conf.5.xml:1342
 msgid "pam_cert_db_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1343
+#: sssd.conf.5.xml:1345
 msgid ""
 "The path to the certificate database which contain the PKCS#11 modules to "
 "access the Smartcard."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1347
-msgid "Default: /etc/pki/nssdb (NSS version)"
+#: sssd.conf.5.xml:1349 sssd.conf.5.xml:1534
+#, fuzzy
+#| msgid "Default: 3"
+msgid "Default:"
+msgstr "Standaard: 3"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:1351 sssd.conf.5.xml:1536
+msgid "/etc/pki/nssdb (NSS version, path to a NSS database)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:1354 sssd.conf.5.xml:1539
+msgid ""
+"/etc/sssd/pki/sssd_auth_ca_db.pem (OpenSSL version, path to a file with "
+"trusted CA certificates in PEM format)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1361 sssd.conf.5.xml:1546
+msgid "This man page was generated for the NSS version."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1364 sssd.conf.5.xml:1549
+msgid "This man page was generated for the OpenSSL version."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1352
+#: sssd.conf.5.xml:1369
 msgid "p11_child_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1355
+#: sssd.conf.5.xml:1372
 msgid "How many seconds will pam_sss wait for p11_child to finish."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1364
+#: sssd.conf.5.xml:1381
 msgid "pam_app_services (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1367
+#: sssd.conf.5.xml:1384
 msgid ""
 "Which PAM services are permitted to contact domains of type "
 "<quote>application</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1380
+#: sssd.conf.5.xml:1397
 msgid "SUDO configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1382
+#: sssd.conf.5.xml:1399
 msgid ""
 "These options can be used to configure the sudo service.  The detailed "
 "instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -1828,26 +1862,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1399
+#: sssd.conf.5.xml:1416
 msgid "sudo_timed (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1402
+#: sssd.conf.5.xml:1419
 msgid ""
 "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
 "that implement time-dependent sudoers entries."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1414
-#, fuzzy
-#| msgid "debug_level (integer)"
+#: sssd.conf.5.xml:1431
 msgid "sudo_threshold (integer)"
-msgstr "debug_level (numeriek)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1417
+#: sssd.conf.5.xml:1434
 msgid ""
 "Maximum number of expired rules that can be refreshed at once. If number of "
 "expired rules is below threshold, those rules are refreshed with "
@@ -1857,22 +1889,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1436
+#: sssd.conf.5.xml:1453
 msgid "AUTOFS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1438
+#: sssd.conf.5.xml:1455
 msgid "These options can be used to configure the autofs service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1442
+#: sssd.conf.5.xml:1459
 msgid "autofs_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1445
+#: sssd.conf.5.xml:1462
 msgid ""
 "Specifies for how many seconds should the autofs responder negative cache "
 "hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1880,68 +1912,77 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1461
+#: sssd.conf.5.xml:1478
 msgid "SSH configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1463
+#: sssd.conf.5.xml:1480
 msgid "These options can be used to configure the SSH service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1467
+#: sssd.conf.5.xml:1484
 msgid "ssh_hash_known_hosts (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1470
+#: sssd.conf.5.xml:1487
 msgid ""
 "Whether or not to hash host names and addresses in the managed known_hosts "
 "file."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1479
+#: sssd.conf.5.xml:1496
 msgid "ssh_known_hosts_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1482
+#: sssd.conf.5.xml:1499
 msgid ""
 "How many seconds to keep a host in the managed known_hosts file after its "
 "host keys were requested."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1486
+#: sssd.conf.5.xml:1503
 msgid "Default: 180"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1491
-msgid "ca_db (string)"
+#: sssd.conf.5.xml:1508
+msgid "ssh_use_certificate_keys (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1494
+#: sssd.conf.5.xml:1511
 msgid ""
-"Path to a storage of trusted CA certificates. The option is used to validate "
-"user certificates before deriving public ssh keys from them."
+"If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh "
+"keys derived from the public key of X.509 certificates stored in the user "
+"entry as well. See <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</"
+"refentrytitle> <manvolnum>1</manvolnum> </citerefentry> for details."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1526
+msgid "ca_db (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1499
-msgid "Default: /etc/pki/nssdb"
+#: sssd.conf.5.xml:1529
+msgid ""
+"Path to a storage of trusted CA certificates. The option is used to validate "
+"user certificates before deriving public ssh keys from them."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1507
+#: sssd.conf.5.xml:1557
 msgid "PAC responder configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1509
+#: sssd.conf.5.xml:1559
 msgid ""
 "The PAC responder works together with the authorization data plugin for MIT "
 "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -1952,7 +1993,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1518
+#: sssd.conf.5.xml:1568
 msgid ""
 "If the remote user does not exist in the cache, it is created. The UID is "
 "determined with the help of the SID, trusted domains will have UPGs and the "
@@ -1963,24 +2004,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1526
+#: sssd.conf.5.xml:1576
 msgid ""
 "If there are SIDs of groups from domains sssd knows about, the user will be "
 "added to those groups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1532
+#: sssd.conf.5.xml:1582
 msgid "These options can be used to configure the PAC responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1536 sssd-ifp.5.xml:50
+#: sssd.conf.5.xml:1586 sssd-ifp.5.xml:50
 msgid "allowed_uids (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1539
+#: sssd.conf.5.xml:1589
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -1988,12 +2029,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1545
+#: sssd.conf.5.xml:1595
 msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1549
+#: sssd.conf.5.xml:1599
 msgid ""
 "Please note that although the UID 0 is used as the default it will be "
 "overwritten with this option. If you still want to allow the root user to "
@@ -2002,26 +2043,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1558
+#: sssd.conf.5.xml:1608
 msgid "pac_lifetime (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1561
+#: sssd.conf.5.xml:1611
 msgid ""
 "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
 "data can be used to determine the group memberships of a user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1574
-#, fuzzy
-#| msgid "General service configuration options"
+#: sssd.conf.5.xml:1624
 msgid "Session recording configuration options"
-msgstr "Algemene service configuratie-opties"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1576
+#: sssd.conf.5.xml:1626
 msgid ""
 "Session recording works in conjunction with <citerefentry> "
 "<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </"
@@ -2031,82 +2070,66 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1589
-#, fuzzy
-#| msgid "These options can be used to configure any service."
+#: sssd.conf.5.xml:1639
 msgid "These options can be used to configure session recording."
-msgstr "Deze opties kunnen gebruikt worden om services te configureren."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1593 sssd-session-recording.5.xml:64
-#, fuzzy
-#| msgid "re_expression (string)"
+#: sssd.conf.5.xml:1643 sssd-session-recording.5.xml:64
 msgid "scope (string)"
-msgstr "re_expression (tekst)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1600 sssd-session-recording.5.xml:71
+#: sssd.conf.5.xml:1650 sssd-session-recording.5.xml:71
 msgid "\"none\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1603 sssd-session-recording.5.xml:74
+#: sssd.conf.5.xml:1653 sssd-session-recording.5.xml:74
 msgid "No users are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1608 sssd-session-recording.5.xml:79
+#: sssd.conf.5.xml:1658 sssd-session-recording.5.xml:79
 msgid "\"some\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1611 sssd-session-recording.5.xml:82
-#, fuzzy
-#| msgid ""
-#| "Append this group to groups specified by the <replaceable>GROUPS</"
-#| "replaceable> parameter.  The <replaceable>GROUPS</replaceable> parameter "
-#| "is a comma separated list of group names."
+#: sssd.conf.5.xml:1661 sssd-session-recording.5.xml:82
 msgid ""
 "Users/groups specified by <replaceable>users</replaceable> and "
 "<replaceable>groups</replaceable> options are recorded."
 msgstr ""
-"Voeg deze groep toe aan de groepen opgegeven met de  <replaceable>GROEPEN</"
-"replaceable> parameter.  De <replaceable>GROEPEN</replaceable> parameter is "
-"een kommagescheiden lijst van groepnamen."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1620 sssd-session-recording.5.xml:91
+#: sssd.conf.5.xml:1670 sssd-session-recording.5.xml:91
 msgid "\"all\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1623 sssd-session-recording.5.xml:94
+#: sssd.conf.5.xml:1673 sssd-session-recording.5.xml:94
 msgid "All users are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1596 sssd-session-recording.5.xml:67
+#: sssd.conf.5.xml:1646 sssd-session-recording.5.xml:67
 msgid ""
 "One of the following strings specifying the scope of session recording: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1630 sssd-session-recording.5.xml:101
-#, fuzzy
-#| msgid "Default: 3"
+#: sssd.conf.5.xml:1680 sssd-session-recording.5.xml:101
 msgid "Default: \"none\""
-msgstr "Standaard: 3"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1635 sssd-session-recording.5.xml:106
-#, fuzzy
-#| msgid "re_expression (string)"
+#: sssd.conf.5.xml:1685 sssd-session-recording.5.xml:106
 msgid "users (string)"
-msgstr "re_expression (tekst)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1638 sssd-session-recording.5.xml:109
+#: sssd.conf.5.xml:1688 sssd-session-recording.5.xml:109
 msgid ""
 "A comma-separated list of users which should have session recording enabled. "
 "Matches user names as returned by NSS. I.e. after the possible space "
@@ -2114,19 +2137,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1644 sssd-session-recording.5.xml:115
+#: sssd.conf.5.xml:1694 sssd-session-recording.5.xml:115
 msgid "Default: Empty. Matches no users."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1649 sssd-session-recording.5.xml:120
-#, fuzzy
-#| msgid "re_expression (string)"
+#: sssd.conf.5.xml:1699 sssd-session-recording.5.xml:120
 msgid "groups (string)"
-msgstr "re_expression (tekst)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1652 sssd-session-recording.5.xml:123
+#: sssd.conf.5.xml:1702 sssd-session-recording.5.xml:123
 msgid ""
 "A comma-separated list of groups, members of which should have session "
 "recording enabled. Matches group names as returned by NSS. I.e. after the "
@@ -2134,7 +2155,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1658 sssd-session-recording.5.xml:129
+#: sssd.conf.5.xml:1708 sssd-session-recording.5.xml:129
 msgid ""
 "NOTE: using this option (having it set to anything) has a considerable "
 "performance cost, because each uncached request for a user requires "
@@ -2142,22 +2163,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1665 sssd-session-recording.5.xml:136
+#: sssd.conf.5.xml:1715 sssd-session-recording.5.xml:136
 msgid "Default: Empty. Matches no groups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1675
+#: sssd.conf.5.xml:1725
 msgid "DOMAIN SECTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1682
+#: sssd.conf.5.xml:1732
 msgid "domain_type (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1685
+#: sssd.conf.5.xml:1735
 msgid ""
 "Specifies whether the domain is meant to be used by POSIX-aware clients such "
 "as the Name Service Switch or by applications that do not need POSIX data to "
@@ -2166,14 +2187,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1693
+#: sssd.conf.5.xml:1743
 msgid ""
 "Allowed values for this option are <quote>posix</quote> and "
 "<quote>application</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1697
+#: sssd.conf.5.xml:1747
 msgid ""
 "POSIX domains are reachable by all services. Application domains are only "
 "reachable from the InfoPipe responder (see <citerefentry> "
@@ -2182,38 +2203,38 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1705
+#: sssd.conf.5.xml:1755
 msgid ""
 "NOTE: The application domains are currently well tested with "
 "<quote>id_provider=ldap</quote> only."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1709
+#: sssd.conf.5.xml:1759
 msgid ""
 "For an easy way to configure a non-POSIX domains, please see the "
 "<quote>Application domains</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1713
+#: sssd.conf.5.xml:1763
 msgid "Default: posix"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1719
+#: sssd.conf.5.xml:1769
 msgid "min_id,max_id (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1722
+#: sssd.conf.5.xml:1772
 msgid ""
 "UID and GID limits for the domain. If a domain contains an entry that is "
 "outside these limits, it is ignored."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1727
+#: sssd.conf.5.xml:1777
 msgid ""
 "For users, this affects the primary GID limit. The user will not be returned "
 "to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -2222,24 +2243,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1734
+#: sssd.conf.5.xml:1784
 msgid ""
 "These ID limits affect even saving entries to cache, not only returning them "
 "by name or ID."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1738
+#: sssd.conf.5.xml:1788
 msgid "Default: 1 for min_id, 0 (no limit) for max_id"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1744
+#: sssd.conf.5.xml:1794
 msgid "enumerate (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1747
+#: sssd.conf.5.xml:1797
 msgid ""
 "Determines if a domain can be enumerated, that is, whether the domain can "
 "list all the users and group it contains. Note that it is not required to "
@@ -2248,29 +2269,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1755
+#: sssd.conf.5.xml:1805
 msgid "TRUE = Users and groups are enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1758
+#: sssd.conf.5.xml:1808
 msgid "FALSE = No enumerations for this domain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1761 sssd.conf.5.xml:1983 sssd.conf.5.xml:2150
+#: sssd.conf.5.xml:1811 sssd.conf.5.xml:2033 sssd.conf.5.xml:2208
 msgid "Default: FALSE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1764
+#: sssd.conf.5.xml:1814
 msgid ""
 "Enumerating a domain requires SSSD to download and store ALL user and group "
 "entries from the remote server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1769
+#: sssd.conf.5.xml:1819
 msgid ""
 "Note: Enabling enumeration has a moderate performance impact on SSSD while "
 "enumeration is running. It may take up to several minutes after SSSD startup "
@@ -2284,14 +2305,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1784
+#: sssd.conf.5.xml:1834
 msgid ""
 "While the first enumeration is running, requests for the complete user or "
 "group lists may return no results until it completes."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1789
+#: sssd.conf.5.xml:1839
 msgid ""
 "Further, enabling enumeration may increase the time necessary to detect "
 "network disconnection, as longer timeouts are required to ensure that "
@@ -2300,39 +2321,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1797
+#: sssd.conf.5.xml:1847
 msgid ""
 "For the reasons cited above, enabling enumeration is not recommended, "
 "especially in large environments."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1805
+#: sssd.conf.5.xml:1855
 msgid "subdomain_enumerate (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1812
+#: sssd.conf.5.xml:1862
 msgid "all"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1813
+#: sssd.conf.5.xml:1863
 msgid "All discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1816
+#: sssd.conf.5.xml:1866
 msgid "none"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1817
+#: sssd.conf.5.xml:1867
 msgid "No discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1808
+#: sssd.conf.5.xml:1858
 msgid ""
 "Whether any of autodetected trusted domains should be enumerated. The "
 "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -2341,19 +2362,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1831
+#: sssd.conf.5.xml:1881
 msgid "entry_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1834
+#: sssd.conf.5.xml:1884
 msgid ""
 "How many seconds should nss_sss consider entries valid before asking the "
 "backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1838
+#: sssd.conf.5.xml:1888
 msgid ""
 "The cache expiration timestamps are stored as attributes of individual "
 "objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -2364,151 +2385,151 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1851
+#: sssd.conf.5.xml:1901
 msgid "Default: 5400"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1857
+#: sssd.conf.5.xml:1907
 msgid "entry_cache_user_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1860
+#: sssd.conf.5.xml:1910
 msgid ""
 "How many seconds should nss_sss consider user entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1864 sssd.conf.5.xml:1877 sssd.conf.5.xml:1890
-#: sssd.conf.5.xml:1903 sssd.conf.5.xml:1916 sssd.conf.5.xml:1930
-#: sssd.conf.5.xml:1944
+#: sssd.conf.5.xml:1914 sssd.conf.5.xml:1927 sssd.conf.5.xml:1940
+#: sssd.conf.5.xml:1953 sssd.conf.5.xml:1966 sssd.conf.5.xml:1980
+#: sssd.conf.5.xml:1994
 msgid "Default: entry_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1870
+#: sssd.conf.5.xml:1920
 msgid "entry_cache_group_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1873
+#: sssd.conf.5.xml:1923
 msgid ""
 "How many seconds should nss_sss consider group entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1883
+#: sssd.conf.5.xml:1933
 msgid "entry_cache_netgroup_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1886
+#: sssd.conf.5.xml:1936
 msgid ""
 "How many seconds should nss_sss consider netgroup entries valid before "
 "asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1896
+#: sssd.conf.5.xml:1946
 msgid "entry_cache_service_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1899
+#: sssd.conf.5.xml:1949
 msgid ""
 "How many seconds should nss_sss consider service entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1909
+#: sssd.conf.5.xml:1959
 msgid "entry_cache_sudo_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:1962
 msgid ""
 "How many seconds should sudo consider rules valid before asking the backend "
 "again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1922
+#: sssd.conf.5.xml:1972
 msgid "entry_cache_autofs_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1925
+#: sssd.conf.5.xml:1975
 msgid ""
 "How many seconds should the autofs service consider automounter maps valid "
 "before asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1936
+#: sssd.conf.5.xml:1986
 msgid "entry_cache_ssh_host_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1939
+#: sssd.conf.5.xml:1989
 msgid ""
 "How many seconds to keep a host ssh key after refresh. IE how long to cache "
 "the host key for."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1950
+#: sssd.conf.5.xml:2000
 msgid "refresh_expired_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1953
+#: sssd.conf.5.xml:2003
 msgid ""
 "Specifies how many seconds SSSD has to wait before triggering a background "
 "refresh task which will refresh all expired or nearly expired records."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1958
+#: sssd.conf.5.xml:2008
 msgid ""
 "The background refresh will process users, groups and netgroups in the cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1962
+#: sssd.conf.5.xml:2012
 msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1966 sssd-ldap.5.xml:746 sssd-ipa.5.xml:254
+#: sssd.conf.5.xml:2016 sssd-ldap.5.xml:746 sssd-ipa.5.xml:254
 msgid "Default: 0 (disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1972
+#: sssd.conf.5.xml:2022
 msgid "cache_credentials (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1975
+#: sssd.conf.5.xml:2025
 msgid "Determines if user credentials are also cached in the local LDB cache"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1979
+#: sssd.conf.5.xml:2029
 msgid "User credentials are stored in a SHA512 hash, not in plaintext"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1989
+#: sssd.conf.5.xml:2039
 msgid "cache_credentials_minimal_first_factor_length (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1992
+#: sssd.conf.5.xml:2042
 msgid ""
 "If 2-Factor-Authentication (2FA) is used and credentials should be saved "
 "this value determines the minimal length the first authentication factor "
@@ -2516,24 +2537,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1999
+#: sssd.conf.5.xml:2049
 msgid ""
 "This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
 "the cache which would make them easy targets for brute-force attacks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2004
+#: sssd.conf.5.xml:2054
 msgid "Default: 8"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2010
+#: sssd.conf.5.xml:2060
 msgid "account_cache_expiration (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2013
+#: sssd.conf.5.xml:2063
 msgid ""
 "Number of days entries are left in cache after last successful login before "
 "being removed during a cleanup of the cache. 0 means keep forever.  The "
@@ -2542,17 +2563,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2020
+#: sssd.conf.5.xml:2070
 msgid "Default: 0 (unlimited)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2025
+#: sssd.conf.5.xml:2075
 msgid "pwd_expiration_warning (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2036
+#: sssd.conf.5.xml:2086
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -2561,33 +2582,42 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2043
+#: sssd.conf.5.xml:2093
 msgid "Default: 7 (Kerberos), 0 (LDAP)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2049
+#: sssd.conf.5.xml:2099
 msgid "id_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2052
+#: sssd.conf.5.xml:2102
 msgid ""
 "The identification provider used for the domain.  Supported ID providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2056
-msgid "<quote>proxy</quote>: Support a legacy NSS provider"
+#: sssd.conf.5.xml:2106
+msgid "<quote>proxy</quote>: Support a legacy NSS provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2059 sssd.conf.5.xml:2196
-msgid "<quote>local</quote>: SSSD internal provider for local users"
+#: sssd.conf.5.xml:2109
+msgid ""
+"<quote>local</quote>: SSSD internal provider for local users (DEPRECATED)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2063
+#: sssd.conf.5.xml:2113
+msgid ""
+"<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-"
+"files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
+"information on how to mirror local users and groups into SSSD."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2121
 msgid ""
 "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
 "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -2595,8 +2625,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2071 sssd.conf.5.xml:2176 sssd.conf.5.xml:2231
-#: sssd.conf.5.xml:2294
+#: sssd.conf.5.xml:2129 sssd.conf.5.xml:2234 sssd.conf.5.xml:2289
+#: sssd.conf.5.xml:2352
 msgid ""
 "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
 "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -2605,8 +2635,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2080 sssd.conf.5.xml:2185 sssd.conf.5.xml:2240
-#: sssd.conf.5.xml:2303
+#: sssd.conf.5.xml:2138 sssd.conf.5.xml:2243 sssd.conf.5.xml:2298
+#: sssd.conf.5.xml:2361
 msgid ""
 "<quote>ad</quote>: Active Directory provider. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2614,19 +2644,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2091
+#: sssd.conf.5.xml:2149
 msgid "use_fully_qualified_names (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2094
+#: sssd.conf.5.xml:2152
 msgid ""
 "Use the full name and domain (as formatted by the domain's full_name_format) "
 "as the user's login name reported to NSS."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2099
+#: sssd.conf.5.xml:2157
 msgid ""
 "If set to TRUE, all requests to this domain must use fully qualified names. "
 "For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -2635,7 +2665,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2107
+#: sssd.conf.5.xml:2165
 msgid ""
 "NOTE: This option has no effect on netgroup lookups due to their tendency to "
 "include nested netgroups without qualified names. For netgroups, all domains "
@@ -2643,22 +2673,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2114
+#: sssd.conf.5.xml:2172
 msgid "Default: FALSE (TRUE if default_domain_suffix is used)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2120
+#: sssd.conf.5.xml:2178
 msgid "ignore_group_members (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2123
+#: sssd.conf.5.xml:2181
 msgid "Do not return group members for group lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2126
+#: sssd.conf.5.xml:2184
 msgid ""
 "If set to TRUE, the group membership attribute is not requested from the "
 "ldap server, and group members are not returned when processing group lookup "
@@ -2670,7 +2700,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2144
+#: sssd.conf.5.xml:2202
 msgid ""
 "Enabling this option can also make access provider checks for group "
 "membership significantly faster, especially for groups containing many "
@@ -2678,19 +2708,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2155
+#: sssd.conf.5.xml:2213
 msgid "auth_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2158
+#: sssd.conf.5.xml:2216
 msgid ""
 "The authentication provider used for the domain.  Supported auth providers "
 "are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2162 sssd.conf.5.xml:2224
+#: sssd.conf.5.xml:2220 sssd.conf.5.xml:2282
 msgid ""
 "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2698,7 +2728,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2169
+#: sssd.conf.5.xml:2227
 msgid ""
 "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2706,30 +2736,35 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2193
+#: sssd.conf.5.xml:2251
 msgid ""
 "<quote>proxy</quote> for relaying authentication to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2200
+#: sssd.conf.5.xml:2254
+msgid "<quote>local</quote>: SSSD internal provider for local users"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2258
 msgid "<quote>none</quote> disables authentication explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2203
+#: sssd.conf.5.xml:2261
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "authentication requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2209
+#: sssd.conf.5.xml:2267
 msgid "access_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2212
+#: sssd.conf.5.xml:2270
 msgid ""
 "The access control provider used for the domain.  There are two built-in "
 "access providers (in addition to any included in installed backends)  "
@@ -2737,19 +2772,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2218
+#: sssd.conf.5.xml:2276
 msgid ""
 "<quote>permit</quote> always allow access. It's the only permitted access "
 "provider for a local domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2221
+#: sssd.conf.5.xml:2279
 msgid "<quote>deny</quote> always deny access."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2248
+#: sssd.conf.5.xml:2306
 msgid ""
 "<quote>simple</quote> access control based on access or deny lists. See "
 "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -2758,7 +2793,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2255
+#: sssd.conf.5.xml:2313
 msgid ""
 "<quote>krb5</quote>: .k5login based access control.  See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
@@ -2766,29 +2801,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2262
+#: sssd.conf.5.xml:2320
 msgid "<quote>proxy</quote> for relaying access control to another PAM module."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2265
+#: sssd.conf.5.xml:2323
 msgid "Default: <quote>permit</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2270
+#: sssd.conf.5.xml:2328
 msgid "chpass_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2273
+#: sssd.conf.5.xml:2331
 msgid ""
 "The provider which should handle change password operations for the domain.  "
 "Supported change password providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2278
+#: sssd.conf.5.xml:2336
 msgid ""
 "<quote>ldap</quote> to change a password stored in a LDAP server. See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -2796,7 +2831,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2286
+#: sssd.conf.5.xml:2344
 msgid ""
 "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2804,35 +2839,35 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2311
+#: sssd.conf.5.xml:2369
 msgid ""
 "<quote>proxy</quote> for relaying password changes to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2315
+#: sssd.conf.5.xml:2373
 msgid "<quote>none</quote> disallows password changes explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2318
+#: sssd.conf.5.xml:2376
 msgid ""
 "Default: <quote>auth_provider</quote> is used if it is set and can handle "
 "change password requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2325
+#: sssd.conf.5.xml:2383
 msgid "sudo_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2328
+#: sssd.conf.5.xml:2386
 msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2332
+#: sssd.conf.5.xml:2390
 msgid ""
 "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2840,32 +2875,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2340
+#: sssd.conf.5.xml:2398
 msgid ""
 "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2344
+#: sssd.conf.5.xml:2402
 msgid ""
 "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2348
+#: sssd.conf.5.xml:2406
 msgid "<quote>none</quote> disables SUDO explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2351 sssd.conf.5.xml:2437 sssd.conf.5.xml:2507
-#: sssd.conf.5.xml:2532
+#: sssd.conf.5.xml:2409 sssd.conf.5.xml:2495 sssd.conf.5.xml:2565
+#: sssd.conf.5.xml:2590
 msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2355
+#: sssd.conf.5.xml:2413
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -2876,7 +2911,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2370
+#: sssd.conf.5.xml:2428
 msgid ""
 "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the "
 "background unless the sudo provider is explicitly disabled. Set "
@@ -2885,12 +2920,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2380
+#: sssd.conf.5.xml:2438
 msgid "selinux_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2383
+#: sssd.conf.5.xml:2441
 msgid ""
 "The provider which should handle loading of selinux settings. Note that this "
 "provider will be called right after access provider ends.  Supported selinux "
@@ -2898,7 +2933,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2389
+#: sssd.conf.5.xml:2447
 msgid ""
 "<quote>ipa</quote> to load selinux settings from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2906,31 +2941,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2397
+#: sssd.conf.5.xml:2455
 msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2400
+#: sssd.conf.5.xml:2458
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "selinux loading requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2406
+#: sssd.conf.5.xml:2464
 msgid "subdomains_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2409
+#: sssd.conf.5.xml:2467
 msgid ""
 "The provider which should handle fetching of subdomains. This value should "
 "be always the same as id_provider.  Supported subdomain providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2415
+#: sssd.conf.5.xml:2473
 msgid ""
 "<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2938,7 +2973,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2424
+#: sssd.conf.5.xml:2482
 msgid ""
 "<quote>ad</quote> to load a list of subdomains from an Active Directory "
 "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -2947,19 +2982,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2433
+#: sssd.conf.5.xml:2491
 msgid "<quote>none</quote> disallows fetching subdomains explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2443
-#, fuzzy
-#| msgid "re_expression (string)"
+#: sssd.conf.5.xml:2501
 msgid "session_provider (string)"
-msgstr "re_expression (tekst)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2446
+#: sssd.conf.5.xml:2504
 msgid ""
 "The provider which configures and manages user session related tasks. The "
 "only user session task currently provided is the integration with Fleet "
@@ -2967,43 +3000,43 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2453
+#: sssd.conf.5.xml:2511
 msgid "<quote>ipa</quote> to allow performing user session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2457
+#: sssd.conf.5.xml:2515
 msgid ""
 "<quote>none</quote> does not perform any kind of user session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2461
+#: sssd.conf.5.xml:2519
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can perform "
 "session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2465
+#: sssd.conf.5.xml:2523
 msgid ""
 "<emphasis>NOTE:</emphasis> In order to have this feature working as expected "
 "SSSD must be running as \"root\" and not as the unprivileged user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2473
+#: sssd.conf.5.xml:2531
 msgid "autofs_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2476
+#: sssd.conf.5.xml:2534
 msgid ""
 "The autofs provider used for the domain.  Supported autofs providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2480
+#: sssd.conf.5.xml:2538
 msgid ""
 "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3011,7 +3044,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2487
+#: sssd.conf.5.xml:2545
 msgid ""
 "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
 "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3019,7 +3052,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2495
+#: sssd.conf.5.xml:2553
 msgid ""
 "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3027,24 +3060,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2504
+#: sssd.conf.5.xml:2562
 msgid "<quote>none</quote> disables autofs explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2514
+#: sssd.conf.5.xml:2572
 msgid "hostid_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2517
+#: sssd.conf.5.xml:2575
 msgid ""
 "The provider used for retrieving host identity information.  Supported "
 "hostid providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2521
+#: sssd.conf.5.xml:2579
 msgid ""
 "<quote>ipa</quote> to load host identity stored in an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -3052,12 +3085,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2529
+#: sssd.conf.5.xml:2587
 msgid "<quote>none</quote> disables hostid explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2542
+#: sssd.conf.5.xml:2600
 msgid ""
 "Regular expression for this domain that describes how to parse the string "
 "containing user name and domain into these components.  The \"domain\" can "
@@ -3067,7 +3100,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2551
+#: sssd.conf.5.xml:2609
 msgid ""
 "Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
 "\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -3076,29 +3109,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2556
+#: sssd.conf.5.xml:2614
 msgid "username"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2559
+#: sssd.conf.5.xml:2617
 msgid "username@domain.name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2562
+#: sssd.conf.5.xml:2620
 msgid "domain\\username"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2565
+#: sssd.conf.5.xml:2623
 msgid ""
 "While the first two correspond to the general default the third one is "
 "introduced to allow easy integration of users from Windows domains."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2570
+#: sssd.conf.5.xml:2628
 msgid ""
 "Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
 "which translates to \"the name is everything up to the <quote>@</quote> "
@@ -3109,7 +3142,7 @@ msgstr ""
 "het domein alles daarna\""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2576
+#: sssd.conf.5.xml:2634
 msgid ""
 "PLEASE NOTE: the support for non-unique named subpatterns is not available "
 "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -3117,7 +3150,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2583
+#: sssd.conf.5.xml:2641
 msgid ""
 "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
 "P&lt;name&gt;) to label subpatterns."
@@ -3126,59 +3159,59 @@ msgstr ""
 "(?P&lt;name&gt;) om subpatronen aan te geven."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2630
+#: sssd.conf.5.xml:2688
 msgid "Default: <quote>%1$s@%2$s</quote>."
 msgstr "Standaard: <quote>%1$s@%2$s</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2636
+#: sssd.conf.5.xml:2694
 msgid "lookup_family_order (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2639
+#: sssd.conf.5.xml:2697
 msgid ""
 "Provides the ability to select preferred address family to use when "
 "performing DNS lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2643
+#: sssd.conf.5.xml:2701
 msgid "Supported values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2646
+#: sssd.conf.5.xml:2704
 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2649
+#: sssd.conf.5.xml:2707
 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2652
+#: sssd.conf.5.xml:2710
 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2655
+#: sssd.conf.5.xml:2713
 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2658
+#: sssd.conf.5.xml:2716
 msgid "Default: ipv4_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2664
+#: sssd.conf.5.xml:2722
 msgid "dns_resolver_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2667
+#: sssd.conf.5.xml:2725
 msgid ""
 "Defines the amount of time (in seconds) to wait for a reply from the "
 "internal fail over service before assuming that the service is unreachable. "
@@ -3187,77 +3220,77 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2674
+#: sssd.conf.5.xml:2732
 msgid ""
 "Please see the section <quote>FAILOVER</quote> for more information about "
 "the service resolution."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2679 sssd-ldap.5.xml:1396 sssd-ldap.5.xml:1438
+#: sssd.conf.5.xml:2737 sssd-ldap.5.xml:1396 sssd-ldap.5.xml:1438
 #: sssd-ldap.5.xml:1456 sssd-krb5.5.xml:248
 msgid "Default: 6"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2685
+#: sssd.conf.5.xml:2743
 msgid "dns_discovery_domain (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2688
+#: sssd.conf.5.xml:2746
 msgid ""
 "If service discovery is used in the back end, specifies the domain part of "
 "the service discovery DNS query."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2692
+#: sssd.conf.5.xml:2750
 msgid "Default: Use the domain part of machine's hostname"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2698
+#: sssd.conf.5.xml:2756
 msgid "override_gid (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2701
+#: sssd.conf.5.xml:2759
 msgid "Override the primary GID value with the one specified."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2707
+#: sssd.conf.5.xml:2765
 msgid "case_sensitive (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2715
+#: sssd.conf.5.xml:2773
 msgid "True"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2718
+#: sssd.conf.5.xml:2776
 msgid "Case sensitive. This value is invalid for AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2724
+#: sssd.conf.5.xml:2782
 msgid "False"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2726
+#: sssd.conf.5.xml:2784
 msgid "Case insensitive."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2730
+#: sssd.conf.5.xml:2788
 msgid "Preserving"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2733
+#: sssd.conf.5.xml:2791
 msgid ""
 "Same as False (case insensitive), but does not lowercase names in the result "
 "of NSS operations. Note that name aliases (and in case of services also "
@@ -3265,7 +3298,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2710
+#: sssd.conf.5.xml:2768
 msgid ""
 "Treat user and group names as case sensitive. At the moment, this option is "
 "not supported in the local provider. Possible option values are: "
@@ -3273,17 +3306,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2745
+#: sssd.conf.5.xml:2803
 msgid "Default: True (False for AD provider)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2751
+#: sssd.conf.5.xml:2809
 msgid "subdomain_inherit (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2754
+#: sssd.conf.5.xml:2812
 msgid ""
 "Specifies a list of configuration parameters that should be inherited by a "
 "subdomain. Please note that only selected parameters can be inherited.  "
@@ -3291,34 +3324,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2760
+#: sssd.conf.5.xml:2818
 msgid "ignore_group_members"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2763
+#: sssd.conf.5.xml:2821
 msgid "ldap_purge_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2766 sssd-ldap.5.xml:1120
+#: sssd.conf.5.xml:2824 sssd-ldap.5.xml:1120
 msgid "ldap_use_tokengroups"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2769
+#: sssd.conf.5.xml:2827
 msgid "ldap_user_principal"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2772
+#: sssd.conf.5.xml:2830
 msgid ""
 "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
 "is not set explicitly)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:2778
+#: sssd.conf.5.xml:2836
 #, no-wrap
 msgid ""
 "subdomain_inherit = ldap_purge_cache_timeout\n"
@@ -3326,32 +3359,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2776 sssd-secrets.5.xml:448
+#: sssd.conf.5.xml:2834 sssd-secrets.5.xml:448
 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2785
+#: sssd.conf.5.xml:2843
 msgid "Note: This option only works with the IPA and AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2792
+#: sssd.conf.5.xml:2850
 msgid "subdomain_homedir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2803
+#: sssd.conf.5.xml:2861
 msgid "%F"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2804
+#: sssd.conf.5.xml:2862
 msgid "flat (NetBIOS) name of a subdomain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2795
+#: sssd.conf.5.xml:2853
 msgid ""
 "Use this homedir as default value for all subdomains within this domain in "
 "IPA AD trust.  See <emphasis>override_homedir</emphasis> for info about "
@@ -3361,34 +3394,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2809
+#: sssd.conf.5.xml:2867
 msgid ""
 "The value can be overridden by <emphasis>override_homedir</emphasis> option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2813
+#: sssd.conf.5.xml:2871
 msgid "Default: <filename>/home/%d/%u</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2818
+#: sssd.conf.5.xml:2876
 msgid "realmd_tags (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2821
+#: sssd.conf.5.xml:2879
 msgid ""
 "Various tags stored by the realmd configuration service for this domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2827
+#: sssd.conf.5.xml:2885
 msgid "cached_auth_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2830
+#: sssd.conf.5.xml:2888
 msgid ""
 "Specifies time in seconds since last successful online authentication for "
 "which user will be authenticated using cached credentials while SSSD is in "
@@ -3396,12 +3429,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2836
+#: sssd.conf.5.xml:2894
 msgid "Special value 0 implies that this feature is disabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2840
+#: sssd.conf.5.xml:2898
 msgid ""
 "Please note that if <quote>cached_auth_timeout</quote> is longer than "
 "<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -3409,26 +3442,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2851
+#: sssd.conf.5.xml:2909
 msgid "auto_private_groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2854
+#: sssd.conf.5.xml:2912
 msgid ""
 "If this option is enabled, SSSD will automatically create user private "
 "groups based on user's UID number. The GID number is ignored in this case."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2859
+#: sssd.conf.5.xml:2917
 msgid ""
 "For POSIX subdomains, setting the option in the main domain is inherited in "
 "the subdomain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2863
+#: sssd.conf.5.xml:2921
 msgid ""
 "For ID-mapping subdomains, auto_private_groups is already enabled for the "
 "subdomains and setting it to false will not have any effect for the "
@@ -3436,7 +3469,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2868
+#: sssd.conf.5.xml:2926
 msgid ""
 "NOTE: Because the GID number and the user private group are inferred from "
 "the UID number, it is not supported to have multiple entries with the same "
@@ -3445,7 +3478,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1677
+#: sssd.conf.5.xml:1727
 msgid ""
 "These configuration options can be present in a domain configuration "
 "section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -3453,29 +3486,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2887
+#: sssd.conf.5.xml:2945
 msgid "proxy_pam_target (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2890
+#: sssd.conf.5.xml:2948
 msgid "The proxy target PAM proxies to."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2893
+#: sssd.conf.5.xml:2951
 msgid ""
 "Default: not set by default, you have to take an existing pam configuration "
 "or create a new one and add the service name here."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2901
+#: sssd.conf.5.xml:2959
 msgid "proxy_lib_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2904
+#: sssd.conf.5.xml:2962
 msgid ""
 "The name of the NSS library to use in proxy domains. The NSS functions "
 "searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -3483,12 +3516,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2914
+#: sssd.conf.5.xml:2972
 msgid "proxy_fast_alias (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2917
+#: sssd.conf.5.xml:2975
 msgid ""
 "When a user or group is looked up by name in the proxy provider, a second "
 "lookup by ID is performed to \"canonicalize\" the name in case the requested "
@@ -3497,12 +3530,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2931
+#: sssd.conf.5.xml:2989
 msgid "proxy_max_children (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2934
+#: sssd.conf.5.xml:2992
 msgid ""
 "This option specifies the number of pre-forked proxy children. It is useful "
 "for high-load SSSD environments where sssd may run out of available child "
@@ -3510,19 +3543,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2883
+#: sssd.conf.5.xml:2941
 msgid ""
 "Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
 "\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2950
+#: sssd.conf.5.xml:3008
 msgid "Application domains"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2952
+#: sssd.conf.5.xml:3010
 msgid ""
 "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</"
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to "
@@ -3539,7 +3572,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2972
+#: sssd.conf.5.xml:3030
 msgid ""
 "Please note that the application domain must still be explicitly enabled in "
 "the <quote>domains</quote> parameter so that the lookup order between the "
@@ -3547,17 +3580,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:2978
+#: sssd.conf.5.xml:3036
 msgid "Application domain parameters"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2980
+#: sssd.conf.5.xml:3038
 msgid "inherit_from (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2983
+#: sssd.conf.5.xml:3041
 msgid ""
 "The SSSD POSIX-type domain the application domain inherits all settings "
 "from. The application domain can moreover add its own settings to the "
@@ -3566,7 +3599,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2997
+#: sssd.conf.5.xml:3055
 msgid ""
 "The following example illustrates the use of an application domain. In this "
 "setup, the POSIX domain is connected to an LDAP server and is used by the OS "
@@ -3576,7 +3609,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting>
-#: sssd.conf.5.xml:3005
+#: sssd.conf.5.xml:3063
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -3596,12 +3629,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:3023
+#: sssd.conf.5.xml:3081
 msgid "The local domain section"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:3025
+#: sssd.conf.5.xml:3083
 msgid ""
 "This section contains settings for domain that stores users and groups in "
 "SSSD native database, that is, a domain that uses "
@@ -3609,73 +3642,73 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3032
+#: sssd.conf.5.xml:3090
 msgid "default_shell (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3035
+#: sssd.conf.5.xml:3093
 msgid "The default shell for users created with SSSD userspace tools."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3039
+#: sssd.conf.5.xml:3097
 msgid "Default: <filename>/bin/bash</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3044
+#: sssd.conf.5.xml:3102
 msgid "base_directory (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3047
+#: sssd.conf.5.xml:3105
 msgid ""
 "The tools append the login name to <replaceable>base_directory</replaceable> "
 "and use that as the home directory."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3052
+#: sssd.conf.5.xml:3110
 msgid "Default: <filename>/home</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3057
+#: sssd.conf.5.xml:3115
 msgid "create_homedir (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3060
+#: sssd.conf.5.xml:3118
 msgid ""
 "Indicate if a home directory should be created by default for new users.  "
 "Can be overridden on command line."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3064 sssd.conf.5.xml:3076
+#: sssd.conf.5.xml:3122 sssd.conf.5.xml:3134
 msgid "Default: TRUE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3069
+#: sssd.conf.5.xml:3127
 msgid "remove_homedir (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3072
+#: sssd.conf.5.xml:3130
 msgid ""
 "Indicate if a home directory should be removed by default for deleted "
 "users.  Can be overridden on command line."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3081
+#: sssd.conf.5.xml:3139
 msgid "homedir_umask (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3084
+#: sssd.conf.5.xml:3142
 msgid ""
 "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
 "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -3683,17 +3716,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3092
+#: sssd.conf.5.xml:3150
 msgid "Default: 077"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3097
+#: sssd.conf.5.xml:3155
 msgid "skel_dir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3100
+#: sssd.conf.5.xml:3158
 msgid ""
 "The skeleton directory, which contains files and directories to be copied in "
 "the user's home directory, when the home directory is created by "
@@ -3702,17 +3735,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3110
+#: sssd.conf.5.xml:3168
 msgid "Default: <filename>/etc/skel</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3115
+#: sssd.conf.5.xml:3173
 msgid "mail_dir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3118
+#: sssd.conf.5.xml:3176
 msgid ""
 "The mail spool directory. This is needed to manipulate the mailbox when its "
 "corresponding user account is modified or deleted.  If not specified, a "
@@ -3720,17 +3753,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3125
+#: sssd.conf.5.xml:3183
 msgid "Default: <filename>/var/mail</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3130
+#: sssd.conf.5.xml:3188
 msgid "userdel_cmd (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3133
+#: sssd.conf.5.xml:3191
 msgid ""
 "The command that is run after a user is removed.  The command us passed the "
 "username of the user being removed as the first and only parameter. The "
@@ -3738,17 +3771,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3139
+#: sssd.conf.5.xml:3197
 msgid "Default: None, no command is run"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:3149
+#: sssd.conf.5.xml:3207
 msgid "TRUSTED DOMAIN SECTION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3151
+#: sssd.conf.5.xml:3209
 msgid ""
 "Some options used in the domain section can also be used in the trusted "
 "domain section, that is, in a section called <quote>[domain/"
@@ -3759,64 +3792,64 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3158
+#: sssd.conf.5.xml:3216
 msgid "ldap_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3159
+#: sssd.conf.5.xml:3217
 msgid "ldap_user_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3160
+#: sssd.conf.5.xml:3218
 msgid "ldap_group_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3161
+#: sssd.conf.5.xml:3219
 msgid "ldap_netgroup_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3162
+#: sssd.conf.5.xml:3220
 msgid "ldap_service_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3163
+#: sssd.conf.5.xml:3221
 msgid "ad_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3164
+#: sssd.conf.5.xml:3222
 msgid "ad_backup_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3165
+#: sssd.conf.5.xml:3223
 msgid "ad_site,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3166
+#: sssd.conf.5.xml:3224
 msgid "use_fully_qualified_names"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3168
+#: sssd.conf.5.xml:3226
 msgid ""
 "For more details about these options see their individual description in the "
 "manual page."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:3174 idmap_sss.8.xml:43
+#: sssd.conf.5.xml:3232 idmap_sss.8.xml:43
 msgid "EXAMPLES"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:3180
+#: sssd.conf.5.xml:3238
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -3846,7 +3879,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3176
+#: sssd.conf.5.xml:3234
 msgid ""
 "1. The following example shows a typical SSSD config. It does not describe "
 "configuration of the domains themselves - refer to documentation on "
@@ -3855,7 +3888,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:3213
+#: sssd.conf.5.xml:3271
 #, no-wrap
 msgid ""
 "[domain/ipa.com/child.ad.com]\n"
@@ -3863,7 +3896,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3207
+#: sssd.conf.5.xml:3265
 msgid ""
 "2. The following example shows configuration of IPA AD trust where the AD "
 "forest consists of two domains in a parent-child structure.  Suppose IPA "
@@ -3911,7 +3944,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:81 sssd-ad.5.xml:112
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:81 sssd-ad.5.xml:115
 #: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44 sssd-files.5.xml:57
 #: sssd-secrets.5.xml:120 sssd-session-recording.5.xml:58 sssd-kcm.8.xml:139
 msgid "CONFIGURATION OPTIONS"
@@ -4012,7 +4045,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:662 sssd-ad.5.xml:283
+#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:662 sssd-ad.5.xml:286
 #: sss_override.8.xml:137 sss_override.8.xml:234
 msgid "Examples:"
 msgstr ""
@@ -4838,10 +4871,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:855
-#, fuzzy
-#| msgid "Default: 3"
 msgid "Default: rhost"
-msgstr "Standaard: 3"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:861
@@ -5205,10 +5236,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1228
-#, fuzzy
-#| msgid "full_name_format (string)"
 msgid "ldap_host_name (string)"
-msgstr "full_name_format (tekst)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1257
@@ -5229,10 +5258,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1248
-#, fuzzy
-#| msgid "Default: 3"
 msgid "Default: fqdn"
-msgstr "Standaard: 3"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1254
@@ -5241,10 +5268,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1261
-#, fuzzy
-#| msgid "Default: true"
 msgid "Default: serverHostname"
-msgstr "Standaard: true"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1267
@@ -5834,7 +5859,7 @@ msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1853 sssd-ad.5.xml:934
+#: sssd-ldap.5.xml:1853 sssd-ad.5.xml:937
 msgid "Default: 86400 (24 hours)"
 msgstr ""
 
@@ -6378,10 +6403,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:2341 sssd-ifp.5.xml:136
-#, fuzzy
-#| msgid "enum_cache_timeout (integer)"
 msgid "wildcard_limit (integer)"
-msgstr "enum_cache_timeout (numeriek)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:2344
@@ -6908,8 +6931,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd-ldap.5.xml:2816 sssd-simple.5.xml:131 sssd-ipa.5.xml:736
-#: sssd-ad.5.xml:1038 sssd-krb5.5.xml:570 sss_rpcidmapd.5.xml:98
-#: sssd-files.5.xml:71 sssd-session-recording.5.xml:144
+#: sssd-ad.5.xml:1041 sssd-krb5.5.xml:570 sss_rpcidmapd.5.xml:98
+#: sssd-files.5.xml:103 sssd-session-recording.5.xml:144
 msgid "EXAMPLE"
 msgstr ""
 
@@ -6936,8 +6959,8 @@ msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para>
 #: sssd-ldap.5.xml:2823 sssd-ldap.5.xml:2841 sssd-simple.5.xml:139
-#: sssd-ipa.5.xml:744 sssd-ad.5.xml:1046 sssd-sudo.5.xml:56 sssd-krb5.5.xml:579
-#: sssd-files.5.xml:78 sssd-session-recording.5.xml:150
+#: sssd-ipa.5.xml:744 sssd-ad.5.xml:1049 sssd-sudo.5.xml:56 sssd-krb5.5.xml:579
+#: sssd-files.5.xml:110 sssd-session-recording.5.xml:150
 #: include/ldap_id_mapping.xml:105
 msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
@@ -6972,7 +6995,7 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd-ldap.5.xml:2857 sssd_krb5_locator_plugin.8.xml:61 sssd-simple.5.xml:148
-#: sssd-ad.5.xml:1061 sssd.8.xml:230 sss_seed.8.xml:163
+#: sssd-ad.5.xml:1064 sssd.8.xml:230 sss_seed.8.xml:163
 msgid "NOTES"
 msgstr ""
 
@@ -7383,7 +7406,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:82 sssd-ad.5.xml:113
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:82 sssd-ad.5.xml:116
 msgid ""
 "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
 "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -7480,23 +7503,24 @@ msgstr ""
 msgid ""
 "The rules are processed by priority while the number '0' (zero)  indicates "
 "the highest priority. The higher the number the lower is the priority. A "
-"missing value indicates the lowest priority."
+"missing value indicates the lowest priority. The rules processing is stopped "
+"when a matched rule is found and no further rules are checked."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:50
+#: sss-certmap.5.xml:52
 msgid ""
 "Internally the priority is treated as unsigned 32bit integer, using a "
 "priority value larger than 4294967295 will cause an error."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sss-certmap.5.xml:55
+#: sss-certmap.5.xml:57
 msgid "MATCHING RULE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:57
+#: sss-certmap.5.xml:59
 msgid ""
 "The matching rule is used to select a certificate to which the mapping rule "
 "should be applied. It uses a system similar to the one used by "
@@ -7508,12 +7532,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:69
+#: sss-certmap.5.xml:71
 msgid "&lt;SUBJECT&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:72
+#: sss-certmap.5.xml:74
 msgid ""
 "With this a part or the whole subject name of the certificate can be "
 "matched. For the matching POSIX Extended Regular Expression syntax is used, "
@@ -7521,7 +7545,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:78
+#: sss-certmap.5.xml:80
 msgid ""
 "For the matching the subject name stored in the certificate in DER encoded "
 "ASN.1 is converted into a string according to RFC 4514. This means the most "
@@ -7534,172 +7558,172 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:91
+#: sss-certmap.5.xml:93
 msgid "Example: &lt;SUBJECT&gt;.*,DC=MY,DC=DOMAIN"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:96
+#: sss-certmap.5.xml:98
 msgid "&lt;ISSUER&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:99
+#: sss-certmap.5.xml:101
 msgid ""
 "With this a part or the whole issuer name of the certificate can be matched. "
 "All comments for &lt;SUBJECT&gt; apply her as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:104
+#: sss-certmap.5.xml:106
 msgid "Example: &lt;ISSUER&gt;^CN=My-CA,DC=MY,DC=DOMAIN$"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:109
+#: sss-certmap.5.xml:111
 msgid "&lt;KU&gt;key-usage"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:112
+#: sss-certmap.5.xml:114
 msgid ""
 "This option can be used to specify which key usage values the certificate "
 "should have. The following values can be used in a comma separated list:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:116
+#: sss-certmap.5.xml:118
 msgid "digitalSignature"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:117
+#: sss-certmap.5.xml:119
 msgid "nonRepudiation"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:118
+#: sss-certmap.5.xml:120
 msgid "keyEncipherment"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:119
+#: sss-certmap.5.xml:121
 msgid "dataEncipherment"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:120
+#: sss-certmap.5.xml:122
 msgid "keyAgreement"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:121
+#: sss-certmap.5.xml:123
 msgid "keyCertSign"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:122
+#: sss-certmap.5.xml:124
 msgid "cRLSign"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:123
+#: sss-certmap.5.xml:125
 msgid "encipherOnly"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:124
+#: sss-certmap.5.xml:126
 msgid "decipherOnly"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:128
+#: sss-certmap.5.xml:130
 msgid ""
 "A numerical value in the range of a 32bit unsigned integer can be used as "
 "well to cover special use cases."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:132
+#: sss-certmap.5.xml:134
 msgid "Example: &lt;KU&gt;digitalSignature,keyEncipherment"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:137
+#: sss-certmap.5.xml:139
 msgid "&lt;EKU&gt;extended-key-usage"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:140
+#: sss-certmap.5.xml:142
 msgid ""
 "This option can be used to specify which extended key usage the certificate "
 "should have. The following value can be used in a comma separated list:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:144
+#: sss-certmap.5.xml:146
 msgid "serverAuth"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:145
+#: sss-certmap.5.xml:147
 msgid "clientAuth"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:146
+#: sss-certmap.5.xml:148
 msgid "codeSigning"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:147
+#: sss-certmap.5.xml:149
 msgid "emailProtection"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:148
+#: sss-certmap.5.xml:150
 msgid "timeStamping"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:149
+#: sss-certmap.5.xml:151
 msgid "OCSPSigning"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:150
+#: sss-certmap.5.xml:152
 msgid "KPClientAuth"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:151
+#: sss-certmap.5.xml:153
 msgid "pkinit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:152
+#: sss-certmap.5.xml:154
 msgid "msScLogin"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:156
+#: sss-certmap.5.xml:158
 msgid ""
 "Extended key usages which are not listed above can be specified with their "
 "OID in dotted-decimal notation."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:160
+#: sss-certmap.5.xml:162
 msgid "Example: &lt;EKU&gt;clientAuth,1.3.6.1.5.2.3.4"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:165
+#: sss-certmap.5.xml:167
 msgid "&lt;SAN&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:168
+#: sss-certmap.5.xml:170
 msgid ""
 "To be compatible with the usage of MIT Kerberos this option will match the "
 "Kerberos principals in the PKINIT or AD NT Principal SAN as &lt;SAN:"
@@ -7707,62 +7731,62 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:173
+#: sss-certmap.5.xml:175
 msgid "Example: &lt;SAN&gt;.*@MY\\.REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:178
+#: sss-certmap.5.xml:180
 msgid "&lt;SAN:Principal&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:181
+#: sss-certmap.5.xml:183
 msgid "Match the Kerberos principals in the PKINIT or AD NT Principal SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:185
+#: sss-certmap.5.xml:187
 msgid "Example: &lt;SAN:Principal&gt;.*@MY\\.REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:190
+#: sss-certmap.5.xml:192
 msgid "&lt;SAN:ntPrincipalName&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:193
+#: sss-certmap.5.xml:195
 msgid "Match the Kerberos principals from the AD NT Principal SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:197
+#: sss-certmap.5.xml:199
 msgid "Example: &lt;SAN:ntPrincipalName&gt;.*@MY.AD.REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:202
+#: sss-certmap.5.xml:204
 msgid "&lt;SAN:pkinit&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:205
+#: sss-certmap.5.xml:207
 msgid "Match the Kerberos principals from the PKINIT SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:208
+#: sss-certmap.5.xml:210
 msgid "Example: &lt;SAN:ntPrincipalName&gt;.*@MY\\.PKINIT\\.REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:213
+#: sss-certmap.5.xml:215
 msgid "&lt;SAN:dotted-decimal-oid&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:216
+#: sss-certmap.5.xml:218
 msgid ""
 "Take the value of the otherName SAN component given by the OID in dotted-"
 "decimal notation, interpret it as string and try to match it against the "
@@ -7770,17 +7794,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:222
+#: sss-certmap.5.xml:224
 msgid "Example: &lt;SAN:1.2.3.4&gt;test"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:227
+#: sss-certmap.5.xml:229
 msgid "&lt;SAN:otherName&gt;base64-string"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:230
+#: sss-certmap.5.xml:232
 msgid ""
 "Do a binary match with the base64 encoded blob against all otherName SAN "
 "components. With this option it is possible to match against custom "
@@ -7789,145 +7813,145 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:237
+#: sss-certmap.5.xml:239
 msgid "Example: &lt;SAN:otherName&gt;MTIz"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:242
+#: sss-certmap.5.xml:244
 msgid "&lt;SAN:rfc822Name&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:245
+#: sss-certmap.5.xml:247
 msgid "Match the value of the rfc822Name SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:248
+#: sss-certmap.5.xml:250
 msgid "Example: &lt;SAN:rfc822Name&gt;.*@email\\.domain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:253
+#: sss-certmap.5.xml:255
 msgid "&lt;SAN:dNSName&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:256
+#: sss-certmap.5.xml:258
 msgid "Match the value of the dNSName SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:259
+#: sss-certmap.5.xml:261
 msgid "Example: &lt;SAN:dNSName&gt;.*\\.my\\.dns\\.domain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:264
+#: sss-certmap.5.xml:266
 msgid "&lt;SAN:x400Address&gt;base64-string"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:267
+#: sss-certmap.5.xml:269
 msgid "Binary match the value of the x400Address SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:270
+#: sss-certmap.5.xml:272
 msgid "Example: &lt;SAN:x400Address&gt;MTIz"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:275
+#: sss-certmap.5.xml:277
 msgid "&lt;SAN:directoryName&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:278
+#: sss-certmap.5.xml:280
 msgid ""
 "Match the value of the directoryName SAN. The same comments as given for &lt;"
 "ISSUER&gt; and &lt;SUBJECT&gt; apply here as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:283
+#: sss-certmap.5.xml:285
 msgid "Example: &lt;SAN:directoryName&gt;.*,DC=com"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:288
+#: sss-certmap.5.xml:290
 msgid "&lt;SAN:ediPartyName&gt;base64-string"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:291
+#: sss-certmap.5.xml:293
 msgid "Binary match the value of the ediPartyName SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:294
+#: sss-certmap.5.xml:296
 msgid "Example: &lt;SAN:ediPartyName&gt;MTIz"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:299
+#: sss-certmap.5.xml:301
 msgid "&lt;SAN:uniformResourceIdentifier&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:302
+#: sss-certmap.5.xml:304
 msgid "Match the value of the uniformResourceIdentifier SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:305
+#: sss-certmap.5.xml:307
 msgid "Example: &lt;SAN:uniformResourceIdentifier&gt;URN:.*"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:310
+#: sss-certmap.5.xml:312
 msgid "&lt;SAN:iPAddress&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:313
+#: sss-certmap.5.xml:315
 msgid "Match the value of the iPAddress SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:316
+#: sss-certmap.5.xml:318
 msgid "Example: &lt;SAN:iPAddress&gt;192\\.168\\..*"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:321
+#: sss-certmap.5.xml:323
 msgid "&lt;SAN:registeredID&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:324
+#: sss-certmap.5.xml:326
 msgid "Match the value of the registeredID SAN as dotted-decimal string."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:328
+#: sss-certmap.5.xml:330
 msgid "Example: &lt;SAN:registeredID&gt;1\\.2\\.3\\..*"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:66
+#: sss-certmap.5.xml:68
 msgid ""
 "The available options are: <placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sss-certmap.5.xml:336
+#: sss-certmap.5.xml:338
 msgid "MAPPING RULE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:338
+#: sss-certmap.5.xml:340
 msgid ""
 "The mapping rule is used to associate a certificate with one or more "
 "accounts. A Smartcard with the certificate and the matching private key can "
@@ -7935,7 +7959,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:343
+#: sss-certmap.5.xml:345
 msgid ""
 "Currently SSSD basically only supports LDAP to lookup user information (the "
 "exception is the proxy provider which is not of relevance here). Because of "
@@ -7947,7 +7971,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:353
+#: sss-certmap.5.xml:355
 msgid ""
 "In general it is recommended to use attributes from the certificate and add "
 "them to special attributes to the LDAP user object. E.g. the "
@@ -7956,7 +7980,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:359
+#: sss-certmap.5.xml:361
 msgid ""
 "This should be preferred to read user specific data from the certificate "
 "like e.g. an email address and search for it in the LDAP server. The reason "
@@ -7966,12 +7990,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:374
+#: sss-certmap.5.xml:376
 msgid "{issuer_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:377
+#: sss-certmap.5.xml:379
 msgid ""
 "This template will add the full issuer DN converted to a string according to "
 "RFC 4514. If X.500 ordering (most specific RDN comes last) an option with "
@@ -7979,40 +8003,40 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:383 sss-certmap.5.xml:409
+#: sss-certmap.5.xml:385 sss-certmap.5.xml:411
 msgid ""
 "The conversion options starting with 'ad_' will use attribute names as used "
 "by AD, e.g. 'S' instead of 'ST'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:387 sss-certmap.5.xml:413
+#: sss-certmap.5.xml:389 sss-certmap.5.xml:415
 msgid ""
 "The conversion options starting with 'nss_' will use attribute names as used "
 "by NSS."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:391 sss-certmap.5.xml:417
+#: sss-certmap.5.xml:393 sss-certmap.5.xml:419
 msgid ""
 "The default conversion option is 'nss', i.e. attribute names according to "
 "NSS and LDAP/RFC 4514 ordering."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:395
+#: sss-certmap.5.xml:397
 msgid ""
 "Example: (ipacertmapdata=X509:&lt;I&gt;{issuer_dn!ad}&lt;S&gt;{subject_dn!"
 "ad})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:400
+#: sss-certmap.5.xml:402
 msgid "{subject_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:403
+#: sss-certmap.5.xml:405
 msgid ""
 "This template will add the full subject DN converted to string according to "
 "RFC 4514. If X.500 ordering (most specific RDN comes last) an option with "
@@ -8020,19 +8044,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:421
+#: sss-certmap.5.xml:423
 msgid ""
 "Example: (ipacertmapdata=X509:&lt;I&gt;{issuer_dn!nss_x500}&lt;S&gt;"
 "{subject_dn!nss_x500})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:426
+#: sss-certmap.5.xml:428
 msgid "{cert[!(bin|base64)]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:429
+#: sss-certmap.5.xml:431
 msgid ""
 "This template will add the whole DER encoded certificate as a string to the "
 "search filter. Depending on the conversion option the binary certificate is "
@@ -8042,17 +8066,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:437
+#: sss-certmap.5.xml:439
 msgid "Example: (userCertificate;binary={cert!bin})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:442
+#: sss-certmap.5.xml:444
 msgid "{subject_principal[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:445
+#: sss-certmap.5.xml:447
 msgid ""
 "This template will add the Kerberos principal which is taken either from the "
 "SAN used by pkinit or the one used by AD. The 'short_name' component "
@@ -8060,19 +8084,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:451 sss-certmap.5.xml:479
+#: sss-certmap.5.xml:453 sss-certmap.5.xml:481
 msgid ""
 "Example: (|(userPrincipal={subject_principal})"
 "(samAccountName={subject_principal.short_name}))"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:456
+#: sss-certmap.5.xml:458
 msgid "{subject_pkinit_principal[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:459
+#: sss-certmap.5.xml:461
 msgid ""
 "This template will add the Kerberos principal which is given by the SAN used "
 "by pkinit. The 'short_name' component represents the first part of the "
@@ -8080,19 +8104,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:465
+#: sss-certmap.5.xml:467
 msgid ""
 "Example: (|(userPrincipal={subject_pkinit_principal})"
 "(uid={subject_pkinit_principal.short_name}))"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:470
+#: sss-certmap.5.xml:472
 msgid "{subject_nt_principal[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:473
+#: sss-certmap.5.xml:475
 msgid ""
 "This template will add the Kerberos principal which is given by the SAN used "
 "by AD. The 'short_name' component represent the first part of the principal "
@@ -8100,12 +8124,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:484
+#: sss-certmap.5.xml:486
 msgid "{subject_rfc822_name[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:487
+#: sss-certmap.5.xml:489
 msgid ""
 "This template will add the string which is stored in the rfc822Name "
 "component of the SAN, typically an email address. The 'short_name' component "
@@ -8113,19 +8137,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:493
+#: sss-certmap.5.xml:495
 msgid ""
 "Example: (|(mail={subject_rfc822_name})(uid={subject_rfc822_name."
 "short_name}))"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:498
+#: sss-certmap.5.xml:500
 msgid "{subject_dns_name[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:501
+#: sss-certmap.5.xml:503
 msgid ""
 "This template will add the string which is stored in the dNSName component "
 "of the SAN, typically a fully-qualified host name.  The 'short_name' "
@@ -8133,116 +8157,116 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:507
+#: sss-certmap.5.xml:509
 msgid ""
 "Example: (|(fqdn={subject_dns_name})(host={subject_dns_name.short_name}))"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:512
+#: sss-certmap.5.xml:514
 msgid "{subject_uri}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:515
+#: sss-certmap.5.xml:517
 msgid ""
 "This template will add the string which is stored in the "
 "uniformResourceIdentifier component of the SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:519
+#: sss-certmap.5.xml:521
 msgid "Example: (uri={subject_uri})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:524
+#: sss-certmap.5.xml:526
 msgid "{subject_ip_address}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:527
+#: sss-certmap.5.xml:529
 msgid ""
 "This template will add the string which is stored in the iPAddress component "
 "of the SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:531
+#: sss-certmap.5.xml:533
 msgid "Example: (ip={subject_ip_address})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:536
+#: sss-certmap.5.xml:538
 msgid "{subject_x400_address}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:539
+#: sss-certmap.5.xml:541
 msgid ""
 "This template will add the value which is stored in the x400Address "
 "component of the SAN as escaped hex sequence."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:544
+#: sss-certmap.5.xml:546
 msgid "Example: (attr:binary={subject_x400_address})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:549
+#: sss-certmap.5.xml:551
 msgid ""
 "{subject_directory_name[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:552
+#: sss-certmap.5.xml:554
 msgid ""
 "This template will add the DN string of the value which is stored in the "
 "directoryName component of the SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:556
+#: sss-certmap.5.xml:558
 msgid "Example: (orig_dn={subject_directory_name})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:561
+#: sss-certmap.5.xml:563
 msgid "{subject_ediparty_name}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:564
+#: sss-certmap.5.xml:566
 msgid ""
 "This template will add the value which is stored in the ediPartyName "
 "component of the SAN as escaped hex sequence."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:569
+#: sss-certmap.5.xml:571
 msgid "Example: (attr:binary={subject_ediparty_name})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:574
+#: sss-certmap.5.xml:576
 msgid "{subject_registered_id}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:577
+#: sss-certmap.5.xml:579
 msgid ""
 "This template will add the OID which is stored in the registeredID component "
 "of the SAN as a dotted-decimal string."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:582
+#: sss-certmap.5.xml:584
 msgid "Example: (oid={subject_registered_id})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:367
+#: sss-certmap.5.xml:369
 msgid ""
 "The templates to add certificate data to the search filter are based on "
 "Python-style formatting strings. They consist of a keyword in curly braces "
@@ -8252,12 +8276,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sss-certmap.5.xml:590
+#: sss-certmap.5.xml:592
 msgid "DOMAIN LIST"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:592
+#: sss-certmap.5.xml:594
 msgid ""
 "If the domain list is not empty users mapped to a given certificate are not "
 "only searched in the local domain but in the listed domains as well as long "
@@ -8378,7 +8402,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:863
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:866
 msgid "dyndns_update (boolean)"
 msgstr ""
 
@@ -8393,7 +8417,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:140 sssd-ad.5.xml:877
+#: sssd-ipa.5.xml:140 sssd-ad.5.xml:880
 msgid ""
 "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
 "the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -8408,12 +8432,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:157 sssd-ad.5.xml:888
+#: sssd-ipa.5.xml:157 sssd-ad.5.xml:891
 msgid "dyndns_ttl (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:160 sssd-ad.5.xml:891
+#: sssd-ipa.5.xml:160 sssd-ad.5.xml:894
 msgid ""
 "The TTL to apply to the client DNS record when updating it.  If "
 "dyndns_update is false this has no effect. This will override the TTL "
@@ -8434,12 +8458,12 @@ msgid "Default: 1200 (seconds)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:177 sssd-ad.5.xml:902
+#: sssd-ipa.5.xml:177 sssd-ad.5.xml:905
 msgid "dyndns_iface (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:180 sssd-ad.5.xml:905
+#: sssd-ipa.5.xml:180 sssd-ad.5.xml:908
 msgid ""
 "Optional. Applicable only when dyndns_update is true. Choose the interface "
 "or a list of interfaces whose IP addresses should be used for dynamic DNS "
@@ -8463,17 +8487,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:197 sssd-ad.5.xml:916
+#: sssd-ipa.5.xml:197 sssd-ad.5.xml:919
 msgid "Example: dyndns_iface = em1, vnet1, vnet2"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:203 sssd-ad.5.xml:967
+#: sssd-ipa.5.xml:203 sssd-ad.5.xml:970
 msgid "dyndns_auth (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:206 sssd-ad.5.xml:970
+#: sssd-ipa.5.xml:206 sssd-ad.5.xml:973
 msgid ""
 "Whether the nsupdate utility should use GSS-TSIG authentication for secure "
 "updates with the DNS server, insecure updates can be sent by setting this "
@@ -8481,7 +8505,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:212 sssd-ad.5.xml:976
+#: sssd-ipa.5.xml:212 sssd-ad.5.xml:979
 msgid "Default: GSS-TSIG"
 msgstr ""
 
@@ -8491,7 +8515,7 @@ msgid "ipa_enable_dns_sites (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:221 sssd-ad.5.xml:210
+#: sssd-ipa.5.xml:221 sssd-ad.5.xml:213
 msgid "Enables DNS sites - location based service discovery."
 msgstr ""
 
@@ -8508,7 +8532,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:244 sssd-ad.5.xml:922
+#: sssd-ipa.5.xml:244 sssd-ad.5.xml:925
 msgid "dyndns_refresh_interval (integer)"
 msgstr ""
 
@@ -8521,12 +8545,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:940
+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:943
 msgid "dyndns_update_ptr (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:263 sssd-ad.5.xml:943
+#: sssd-ipa.5.xml:263 sssd-ad.5.xml:946
 msgid ""
 "Whether the PTR record should also be explicitly updated when updating the "
 "client's DNS records.  Applicable only when dyndns_update is true."
@@ -8545,50 +8569,50 @@ msgid "Default: False (disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:280 sssd-ad.5.xml:954
+#: sssd-ipa.5.xml:280 sssd-ad.5.xml:957
 msgid "dyndns_force_tcp (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:283 sssd-ad.5.xml:957
+#: sssd-ipa.5.xml:283 sssd-ad.5.xml:960
 msgid ""
 "Whether the nsupdate utility should default to using TCP for communicating "
 "with the DNS server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:287 sssd-ad.5.xml:961
+#: sssd-ipa.5.xml:287 sssd-ad.5.xml:964
 msgid "Default: False (let nsupdate choose the protocol)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:293 sssd-ad.5.xml:982
+#: sssd-ipa.5.xml:293 sssd-ad.5.xml:985
 msgid "dyndns_server (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:296 sssd-ad.5.xml:985
+#: sssd-ipa.5.xml:296 sssd-ad.5.xml:988
 msgid ""
 "The DNS server to use when performing a DNS update. In most setups, it's "
 "recommended to leave this option unset."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:301 sssd-ad.5.xml:990
+#: sssd-ipa.5.xml:301 sssd-ad.5.xml:993
 msgid ""
 "Setting this option makes sense for environments where the DNS server is "
 "different from the identity server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:306 sssd-ad.5.xml:995
+#: sssd-ipa.5.xml:306 sssd-ad.5.xml:998
 msgid ""
 "Please note that this option will be only used in fallback attempt when "
 "previous attempt using autodetected settings failed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1000
+#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1003
 msgid "Default: None (let nsupdate choose the server)"
 msgstr ""
 
@@ -8699,36 +8723,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:443 sssd-ad.5.xml:1009
+#: sssd-ipa.5.xml:443 sssd-ad.5.xml:1012
 msgid "krb5_confd_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:446 sssd-ad.5.xml:1012
+#: sssd-ipa.5.xml:446 sssd-ad.5.xml:1015
 msgid ""
 "Absolute path of a directory where SSSD should place Kerberos configuration "
 "snippets."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:450 sssd-ad.5.xml:1016
+#: sssd-ipa.5.xml:450 sssd-ad.5.xml:1019
 msgid ""
 "To disable the creation of the configuration snippets set the parameter to "
 "'none'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454 sssd-ad.5.xml:1020
+#: sssd-ipa.5.xml:454 sssd-ad.5.xml:1023
 msgid ""
 "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:461
-#, fuzzy
-#| msgid "config_file_version (integer)"
 msgid "ipa_deskprofile_refresh (integer)"
-msgstr "config_file_version (numeriek)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:464
@@ -8739,7 +8761,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471 sssd-ipa.5.xml:501 sssd-ipa.5.xml:517 sssd-ad.5.xml:428
+#: sssd-ipa.5.xml:471 sssd-ipa.5.xml:501 sssd-ipa.5.xml:517 sssd-ad.5.xml:431
 msgid "Default: 5 (seconds)"
 msgstr ""
 
@@ -8757,10 +8779,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:485
-#, fuzzy
-#| msgid "Default: true"
 msgid "Default: 60 (minutes)"
-msgstr "Standaard: true"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:491
@@ -9161,11 +9181,13 @@ msgid ""
 "POSIX attributes are not replicated to the Global Catalog, SSSD must search "
 "all the domains in the forest sequentially. Please note that the "
 "<quote>cache_first</quote> option might be also helpful in speeding up "
-"domainless searches."
+"domainless searches.  Note that if only a subset of POSIX attributes is "
+"present in the Global Catalog, the non-replicated attributes are currently "
+"not read from the LDAP port."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:105
+#: sssd-ad.5.xml:108
 msgid ""
 "Users, groups and other entities served by SSSD are always treated as case-"
 "insensitive in the AD provider for compatibility with Active Directory's "
@@ -9173,38 +9195,38 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:120
+#: sssd-ad.5.xml:123
 msgid "ad_domain (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:123
+#: sssd-ad.5.xml:126
 msgid ""
 "Specifies the name of the Active Directory domain.  This is optional. If not "
 "provided, the configuration domain name is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:128
+#: sssd-ad.5.xml:131
 msgid ""
 "For proper operation, this option should be specified as the lower-case "
 "version of the long version of the Active Directory domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:133
+#: sssd-ad.5.xml:136
 msgid ""
 "The short domain name (also known as the NetBIOS or the flat name) is "
 "autodetected by the SSSD."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:140
+#: sssd-ad.5.xml:143
 msgid "ad_enabled_domains (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:143
+#: sssd-ad.5.xml:146
 msgid ""
 "A comma-separated list of enabled Active Directory domains.  If provided, "
 "SSSD will ignore any domains not listed in this option. If left unset, all "
@@ -9212,7 +9234,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:153
+#: sssd-ad.5.xml:156
 #, no-wrap
 msgid ""
 "ad_enabled_domains = sales.example.com, eng.example.com\n"
@@ -9220,7 +9242,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:149
+#: sssd-ad.5.xml:152
 msgid ""
 "For proper operation, this option must be specified in all lower-case and as "
 "the fully qualified domain name of the Active Directory domain. For example: "
@@ -9228,19 +9250,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:157
+#: sssd-ad.5.xml:160
 msgid ""
 "The short domain name (also known as the NetBIOS or the flat name) will be "
 "autodetected by SSSD."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:167
+#: sssd-ad.5.xml:170
 msgid "ad_server, ad_backup_server (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:170
+#: sssd-ad.5.xml:173
 msgid ""
 "The comma-separated list of hostnames of the AD servers to which SSSD should "
 "connect in order of preference. For more information on failover and server "
@@ -9248,26 +9270,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:177
+#: sssd-ad.5.xml:180
 msgid ""
 "This is optional if autodiscovery is enabled.  For more information on "
 "service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:182
+#: sssd-ad.5.xml:185
 msgid ""
 "Note: Trusted domains will always auto-discover servers even if the primary "
 "server is explicitly defined in the ad_server option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:190
+#: sssd-ad.5.xml:193
 msgid "ad_hostname (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:193
+#: sssd-ad.5.xml:196
 msgid ""
 "Optional. May be set on machines where the hostname(5) does not reflect the "
 "fully qualified name used in the Active Directory domain to identify this "
@@ -9275,19 +9297,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:199
+#: sssd-ad.5.xml:202
 msgid ""
 "This field is used to determine the host principal in use in the keytab. It "
 "must match the hostname for which the keytab was issued."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:207
+#: sssd-ad.5.xml:210
 msgid "ad_enable_dns_sites (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:214
+#: sssd-ad.5.xml:217
 msgid ""
 "If true and service discovery (see Service Discovery paragraph at the bottom "
 "of the man page)  is enabled, the SSSD will first attempt to discover the "
@@ -9298,12 +9320,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:230
+#: sssd-ad.5.xml:233
 msgid "ad_access_filter (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:233
+#: sssd-ad.5.xml:236
 msgid ""
 "This option specifies LDAP access control filter that the user must match in "
 "order to be allowed access. Please note that the <quote>access_provider</"
@@ -9312,7 +9334,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:241
+#: sssd-ad.5.xml:244
 msgid ""
 "The option also supports specifying different filters per domain or forest. "
 "This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>.  "
@@ -9321,7 +9343,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:249
+#: sssd-ad.5.xml:252
 msgid ""
 "If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</"
 "quote> specifies the domain or subdomain the filter applies to.  If the "
@@ -9330,14 +9352,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:257
+#: sssd-ad.5.xml:260
 msgid ""
 "Multiple filters can be separated with the <quote>?</quote> character, "
 "similarly to how search bases work."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:262
+#: sssd-ad.5.xml:265
 msgid ""
 "Nested group membership must be searched for using a special OID "
 "<quote>:1.2.840.113556.1.4.1941:</quote> in addition to the full DOM:domain."
@@ -9350,7 +9372,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:275
+#: sssd-ad.5.xml:278
 msgid ""
 "The most specific match is always used. For example, if the option specified "
 "filter for a domain the user is a member of and a global filter, the per-"
@@ -9359,7 +9381,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ad.5.xml:286
+#: sssd-ad.5.xml:289
 #, no-wrap
 msgid ""
 "# apply filter on domain called dom1 only:\n"
@@ -9377,24 +9399,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:305
+#: sssd-ad.5.xml:308
 msgid "ad_site (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:308
+#: sssd-ad.5.xml:311
 msgid ""
 "Specify AD site to which client should try to connect.  If this option is "
 "not provided, the AD site will be auto-discovered."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:319
+#: sssd-ad.5.xml:322
 msgid "ad_enable_gc (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:322
+#: sssd-ad.5.xml:325
 msgid ""
 "By default, the SSSD connects to the Global Catalog first to retrieve users "
 "from trusted domains and uses the LDAP port to retrieve group memberships or "
@@ -9403,7 +9425,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:330
+#: sssd-ad.5.xml:333
 msgid ""
 "Please note that disabling Global Catalog support does not disable "
 "retrieving users from trusted domains. The SSSD would connect to the LDAP "
@@ -9412,12 +9434,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:344
+#: sssd-ad.5.xml:347
 msgid "ad_gpo_access_control (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:347
+#: sssd-ad.5.xml:350
 msgid ""
 "This option specifies the operation mode for GPO-based access control "
 "functionality: whether it operates in disabled mode, enforcing mode, or "
@@ -9427,14 +9449,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:356
+#: sssd-ad.5.xml:359
 msgid ""
 "GPO-based access control functionality uses GPO policy settings to determine "
 "whether or not a particular user is allowed to logon to a particular host."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:362
+#: sssd-ad.5.xml:365
 msgid ""
 "NOTE: The current version of SSSD does not support host (computer) entries "
 "in the GPO 'Security Filtering' list. Only user and group entries are "
@@ -9442,7 +9464,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:369
+#: sssd-ad.5.xml:372
 msgid ""
 "NOTE: If the operation mode is set to enforcing, it is possible that users "
 "that were previously allowed logon access will now be denied logon access "
@@ -9455,23 +9477,23 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:382
+#: sssd-ad.5.xml:385
 msgid "There are three supported values for this option:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:386
+#: sssd-ad.5.xml:389
 msgid ""
 "disabled: GPO-based access control rules are neither evaluated nor enforced."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:392
+#: sssd-ad.5.xml:395
 msgid "enforcing: GPO-based access control rules are evaluated and enforced."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:398
+#: sssd-ad.5.xml:401
 msgid ""
 "permissive: GPO-based access control rules are evaluated, but not enforced.  "
 "Instead, a syslog message will be emitted indicating that the user would "
@@ -9479,22 +9501,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:409
+#: sssd-ad.5.xml:412
 msgid "Default: permissive"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:412
+#: sssd-ad.5.xml:415
 msgid "Default: enforcing"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:418
+#: sssd-ad.5.xml:421
 msgid "ad_gpo_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:421
+#: sssd-ad.5.xml:424
 msgid ""
 "The amount of time between lookups of GPO policy files against the AD "
 "server. This will reduce the latency and load on the AD server if there are "
@@ -9502,12 +9524,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:434
+#: sssd-ad.5.xml:437
 msgid "ad_gpo_map_interactive (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:437
+#: sssd-ad.5.xml:440
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the InteractiveLogonRight and "
@@ -9515,14 +9537,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:443
+#: sssd-ad.5.xml:446
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Allow "
 "log on locally\" and \"Deny log on locally\"."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:457
+#: sssd-ad.5.xml:460
 #, no-wrap
 msgid ""
 "ad_gpo_map_interactive = +my_pam_service, -login\n"
@@ -9530,7 +9552,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:448
+#: sssd-ad.5.xml:451
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -9542,78 +9564,78 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:461 sssd-ad.5.xml:557 sssd-ad.5.xml:603 sssd-ad.5.xml:648
-#: sssd-ad.5.xml:714
+#: sssd-ad.5.xml:464 sssd-ad.5.xml:560 sssd-ad.5.xml:606 sssd-ad.5.xml:651
+#: sssd-ad.5.xml:717
 msgid "Default: the default set of PAM service names includes:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:465
+#: sssd-ad.5.xml:468
 msgid "login"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:470
+#: sssd-ad.5.xml:473
 msgid "su"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:475
+#: sssd-ad.5.xml:478
 msgid "su-l"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:480
+#: sssd-ad.5.xml:483
 msgid "gdm-fingerprint"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:485
+#: sssd-ad.5.xml:488
 msgid "gdm-password"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:490
+#: sssd-ad.5.xml:493
 msgid "gdm-smartcard"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:495
+#: sssd-ad.5.xml:498
 msgid "kdm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:500
+#: sssd-ad.5.xml:503
 msgid "lightdm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:505
+#: sssd-ad.5.xml:508
 msgid "lxdm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:510
+#: sssd-ad.5.xml:513
 msgid "sddm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:515
+#: sssd-ad.5.xml:518
 msgid "unity"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:520
+#: sssd-ad.5.xml:523
 msgid "xdm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:529
+#: sssd-ad.5.xml:532
 msgid "ad_gpo_map_remote_interactive (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:532
+#: sssd-ad.5.xml:535
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the RemoteInteractiveLogonRight and "
@@ -9621,7 +9643,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:538
+#: sssd-ad.5.xml:541
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Allow "
 "log on through Remote Desktop Services\" and \"Deny log on through Remote "
@@ -9629,7 +9651,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:553
+#: sssd-ad.5.xml:556
 #, no-wrap
 msgid ""
 "ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n"
@@ -9637,7 +9659,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:544
+#: sssd-ad.5.xml:547
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -9649,22 +9671,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:561
+#: sssd-ad.5.xml:564
 msgid "sshd"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:566
+#: sssd-ad.5.xml:569
 msgid "cockpit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:575
+#: sssd-ad.5.xml:578
 msgid "ad_gpo_map_network (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:578
+#: sssd-ad.5.xml:581
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the NetworkLogonRight and "
@@ -9672,7 +9694,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:584
+#: sssd-ad.5.xml:587
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Access "
 "this computer from the network\" and \"Deny access to this computer from the "
@@ -9680,7 +9702,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:599
+#: sssd-ad.5.xml:602
 #, no-wrap
 msgid ""
 "ad_gpo_map_network = +my_pam_service, -ftp\n"
@@ -9688,7 +9710,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:590
+#: sssd-ad.5.xml:593
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -9700,22 +9722,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:607
+#: sssd-ad.5.xml:610
 msgid "ftp"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:612
+#: sssd-ad.5.xml:615
 msgid "samba"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:621
+#: sssd-ad.5.xml:624
 msgid "ad_gpo_map_batch (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:624
+#: sssd-ad.5.xml:627
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the BatchLogonRight and DenyBatchLogonRight "
@@ -9723,14 +9745,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:630
+#: sssd-ad.5.xml:633
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Allow "
 "log on as a batch job\" and \"Deny log on as a batch job\"."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:644
+#: sssd-ad.5.xml:647
 #, no-wrap
 msgid ""
 "ad_gpo_map_batch = +my_pam_service, -crond\n"
@@ -9738,7 +9760,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:635
+#: sssd-ad.5.xml:638
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -9750,17 +9772,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:652
+#: sssd-ad.5.xml:655
 msgid "crond"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:661
+#: sssd-ad.5.xml:664
 msgid "ad_gpo_map_service (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:664
+#: sssd-ad.5.xml:667
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the ServiceLogonRight and "
@@ -9768,14 +9790,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:670
+#: sssd-ad.5.xml:673
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Allow "
 "log on as a service\" and \"Deny log on as a service\"."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:683
+#: sssd-ad.5.xml:686
 #, no-wrap
 msgid ""
 "ad_gpo_map_service = +my_pam_service\n"
@@ -9783,7 +9805,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:675 sssd-ad.5.xml:750
+#: sssd-ad.5.xml:678 sssd-ad.5.xml:753
 msgid ""
 "It is possible to add a PAM service name to the default set by using <quote>"
 "+service_name</quote>.  Since the default set is empty, it is not possible "
@@ -9794,19 +9816,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:693
+#: sssd-ad.5.xml:696
 msgid "ad_gpo_map_permit (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:696
+#: sssd-ad.5.xml:699
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access is "
 "always granted, regardless of any GPO Logon Rights."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:710
+#: sssd-ad.5.xml:713
 #, no-wrap
 msgid ""
 "ad_gpo_map_permit = +my_pam_service, -sudo\n"
@@ -9814,7 +9836,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:701
+#: sssd-ad.5.xml:704
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -9826,39 +9848,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:718
+#: sssd-ad.5.xml:721
 msgid "polkit-1"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:723
+#: sssd-ad.5.xml:726
 msgid "sudo"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:728
+#: sssd-ad.5.xml:731
 msgid "sudo-i"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:733
+#: sssd-ad.5.xml:736
 msgid "systemd-user"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:742
+#: sssd-ad.5.xml:745
 msgid "ad_gpo_map_deny (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:745
+#: sssd-ad.5.xml:748
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access is "
 "always denied, regardless of any GPO Logon Rights."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:758
+#: sssd-ad.5.xml:761
 #, no-wrap
 msgid ""
 "ad_gpo_map_deny = +my_pam_service\n"
@@ -9866,12 +9888,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:768
+#: sssd-ad.5.xml:771
 msgid "ad_gpo_default_right (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:771
+#: sssd-ad.5.xml:774
 msgid ""
 "This option defines how access control is evaluated for PAM service names "
 "that are not explicitly listed in one of the ad_gpo_map_* options. This "
@@ -9884,57 +9906,57 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:784
+#: sssd-ad.5.xml:787
 msgid "Supported values for this option include:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:788
+#: sssd-ad.5.xml:791
 msgid "interactive"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:793
+#: sssd-ad.5.xml:796
 msgid "remote_interactive"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:798
+#: sssd-ad.5.xml:801
 msgid "network"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:803
+#: sssd-ad.5.xml:806
 msgid "batch"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:808
+#: sssd-ad.5.xml:811
 msgid "service"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:813
+#: sssd-ad.5.xml:816
 msgid "permit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:818
+#: sssd-ad.5.xml:821
 msgid "deny"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:824
+#: sssd-ad.5.xml:827
 msgid "Default: deny"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:830
+#: sssd-ad.5.xml:833
 msgid "ad_maximum_machine_account_password_age (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:833
+#: sssd-ad.5.xml:836
 msgid ""
 "SSSD will check once a day if the machine account password is older than the "
 "given age in days and try to renew it. A value of 0 will disable the renewal "
@@ -9942,17 +9964,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:839
+#: sssd-ad.5.xml:842
 msgid "Default: 30 days"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:845
+#: sssd-ad.5.xml:848
 msgid "ad_machine_account_password_renewal_opts (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:848
+#: sssd-ad.5.xml:851
 msgid ""
 "This option should only be used to test the machine account renewal task. "
 "The option expects 2 integers separated by a colon (':'). The first integer "
@@ -9962,12 +9984,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:857
+#: sssd-ad.5.xml:860
 msgid "Default: 86400:750 (24h and 15m)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:866
+#: sssd-ad.5.xml:869
 msgid ""
 "Optional. This option tells SSSD to automatically update the Active "
 "Directory DNS server with the IP address of this client. The update is "
@@ -9978,19 +10000,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:896
+#: sssd-ad.5.xml:899
 msgid "Default: 3600 (seconds)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:912
+#: sssd-ad.5.xml:915
 msgid ""
 "Default: Use the IP addresses of the interface which is used for AD LDAP "
 "connection"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:925
+#: sssd-ad.5.xml:928
 msgid ""
 "How often should the back end perform periodic DNS update in addition to the "
 "automatic update performed when the back end goes online.  This option is "
@@ -10000,12 +10022,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:948 sss_rpcidmapd.5.xml:76
+#: sssd-ad.5.xml:951 sss_rpcidmapd.5.xml:76
 msgid "Default: True"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:1040
+#: sssd-ad.5.xml:1043
 msgid ""
 "The following example assumes that SSSD is correctly configured and example."
 "com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -10013,7 +10035,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:1047
+#: sssd-ad.5.xml:1050
 #, no-wrap
 msgid ""
 "[domain/EXAMPLE]\n"
@@ -10028,7 +10050,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:1067
+#: sssd-ad.5.xml:1070
 #, no-wrap
 msgid ""
 "access_provider = ldap\n"
@@ -10037,7 +10059,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:1063
+#: sssd-ad.5.xml:1066
 msgid ""
 "The AD access control provider checks if the account is expired.  It has the "
 "same effect as the following configuration of the LDAP provider: "
@@ -10045,7 +10067,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:1073
+#: sssd-ad.5.xml:1076
 msgid ""
 "However, unless the <quote>ad</quote> access control provider is explicitly "
 "configured, the default access provider is <quote>permit</quote>. Please "
@@ -10055,15 +10077,15 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:1081
+#: sssd-ad.5.xml:1084
 msgid ""
 "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
 "attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
 "are included in the default Active Directory schema."
 msgstr ""
 
-#. type: Content of: <reference><refentry><refmeta><refentrytitle>
-#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 sssd-session-recording.5.xml:10
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16
 msgid "sssd-sudo"
 msgstr ""
 
@@ -10373,14 +10395,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sssd.8.xml:101
-#, fuzzy
-#| msgid ""
-#| "<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</"
-#| "replaceable>"
 msgid "<option>--logger=</option><replaceable>value</replaceable>"
 msgstr ""
-"<option>-r</option>,<option>--remove-group</option> <replaceable>GROEPEN</"
-"replaceable>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd.8.xml:105
@@ -10578,7 +10594,7 @@ msgid "The password to obfuscate will be read from standard input."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:70
+#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:127
 #: sss_ssh_knownhostsproxy.1.xml:78
 msgid ""
 "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
@@ -12595,19 +12611,99 @@ msgid ""
 "\" id=\"0\"/>"
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sss_ssh_authorizedkeys.1.xml:65
+msgid "KEYS FROM CERTIFICATES"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:67
+msgid ""
+"In addition to the public SSH keys for user <replaceable>USER</replaceable> "
+"<command>sss_ssh_authorizedkeys</command> can return public SSH keys derived "
+"from the public key of a X.509 certificate as well."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:73
+msgid ""
+"To enable this the <quote>ssh_use_certificate_keys</quote> option must be "
+"set to true (default) in the [ssh] section of <filename>sssd.conf</"
+"filename>. If the user entry contains certificates (see "
+"<quote>ldap_user_certificate</quote> in <citerefentry><refentrytitle>sssd-"
+"ldap</refentrytitle> <manvolnum>5</manvolnum></citerefentry> for details) or "
+"there is a certificate in an override entry for the user (see "
+"<citerefentry><refentrytitle>sss_override</refentrytitle> <manvolnum>8</"
+"manvolnum></citerefentry> or <citerefentry><refentrytitle>sssd-ipa</"
+"refentrytitle> <manvolnum>5</manvolnum></citerefentry> for details) and the "
+"certificate is valid SSSD will extract the public key from the certificate "
+"and convert it into the format expected by sshd."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:90
+msgid "Besides <quote>ssh_use_certificate_keys</quote> the options"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+#: sss_ssh_authorizedkeys.1.xml:92
+msgid "ca_db"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+#: sss_ssh_authorizedkeys.1.xml:93
+msgid "p11_child_timeout"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+#: sss_ssh_authorizedkeys.1.xml:94
+msgid "certificate_verification"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:96
+msgid ""
+"can be used to control how the certificates are validated (see "
+"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry> for details)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:101
+msgid ""
+"The validation is the benefit of using X.509 certificates instead of SSH "
+"keys directly because e.g. it gives a better control of the lifetime of the "
+"keys. When the ssh client is configured to use the private keys from a "
+"Smartcard with the help of a PKCS#11 shared library (see "
+"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></"
+"citerefentry> for details) it might be irritating that authentication is "
+"still working even if the related X.509 certificate on the Smartcard is "
+"already expired because neither <command>ssh</command> nor <command>sshd</"
+"command> will look at the certificate at all."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:114
+msgid ""
+"It has to be noted that the derived public SSH key can still be added to the "
+"<filename>authorized_keys</filename> file of the user to bypass the "
+"certificate validation if the <command>sshd</command> configuration permits "
+"this."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_authorizedkeys.1.xml:75
+#: sss_ssh_authorizedkeys.1.xml:132
 msgid ""
 "Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_authorizedkeys.1.xml:84 sss_ssh_knownhostsproxy.1.xml:92
+#: sss_ssh_authorizedkeys.1.xml:141 sss_ssh_knownhostsproxy.1.xml:92
 msgid "EXIT STATUS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:86 sss_ssh_knownhostsproxy.1.xml:94
+#: sss_ssh_authorizedkeys.1.xml:143 sss_ssh_knownhostsproxy.1.xml:94
 msgid ""
 "In case of success, an exit value of 0 is returned. Otherwise, 1 is returned."
 msgstr ""
@@ -12808,25 +12904,69 @@ msgid ""
 "manvolnum> </citerefentry>."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-files.5.xml:69
+#, fuzzy
+#| msgid "re_expression (string)"
+msgid "passwd_files (string)"
+msgstr "re_expression (tekst)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:72
+msgid ""
+"Comma-separated list of one or multiple password filenames to be read and "
+"enumerated by the files provider, inotify monitor watches will be set on "
+"each file to detect changes dynamically."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:78
+#, fuzzy
+#| msgid "Default: true"
+msgid "Default: /etc/passwd"
+msgstr "Standaard: true"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-files.5.xml:84
+#, fuzzy
+#| msgid "re_expression (string)"
+msgid "group_files (string)"
+msgstr "re_expression (tekst)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:87
+msgid ""
+"Comma-separated list of one or multiple group filenames to be read and "
+"enumerated by the files provider, inotify monitor watches will be set on "
+"each file to detect changes dynamically."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:93
+#, fuzzy
+#| msgid "Default: true"
+msgid "Default: /etc/group"
+msgstr "Standaard: true"
+
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-files.5.xml:59
 msgid ""
-"The files provider has no specific options of its own, however, generic SSSD "
-"domain options can be set where applicable.  Refer to the section "
-"<quote>DOMAIN SECTIONS</quote> of the <citerefentry> <refentrytitle>sssd."
-"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page "
-"for details on the configuration of an SSSD domain."
+"In addition to the options listed below, generic SSSD domain options can be "
+"set where applicable.  Refer to the section <quote>DOMAIN SECTIONS</quote> "
+"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> manual page for details on the configuration of "
+"an SSSD domain.  <placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-files.5.xml:73
+#: sssd-files.5.xml:105
 msgid ""
 "The following example assumes that SSSD is correctly configured and files is "
 "one of the domains in the <replaceable>[sssd]</replaceable> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-files.5.xml:79
+#: sssd-files.5.xml:111
 #, no-wrap
 msgid ""
 "[domain/files]\n"
@@ -13065,10 +13205,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sssd-secrets.5.xml:216
-#, fuzzy
-#| msgid "debug_level (integer)"
 msgid "max_uid_secrets (integer)"
-msgstr "debug_level (numeriek)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd-secrets.5.xml:219
@@ -13597,7 +13735,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-session-recording.5.xml:16
+#: sssd-session-recording.5.xml:10 sssd-session-recording.5.xml:16
 msgid "sssd-session-recording"
 msgstr ""
 
@@ -13641,10 +13779,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-session-recording.5.xml:60
-#, fuzzy
-#| msgid "These options can be used to configure any service."
 msgid "These options can be used to configure the session recording."
-msgstr "Deze opties kunnen gebruikt worden om services te configureren."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-session-recording.5.xml:146
@@ -14450,7 +14586,7 @@ msgstr ""
 #: include/failover.xml:100
 msgid ""
 "For LDAP-based providers, the resolve operation is performed as part of an "
-"LDAP connection operation. Thefore, also the <quote>ldap_opt_timeout></"
+"LDAP connection operation. Therefore, also the <quote>ldap_opt_timeout></"
 "quote> timeout should be set to a larger value than "
 "<quote>dns_resolver_timeout</quote> which in turn should be set to a larger "
 "value than <quote>dns_resolver_op_timeout</quote>."
@@ -15288,6 +15424,23 @@ msgstr ""
 msgid "ldap_use_tokengroups = true"
 msgstr ""
 
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ad_modified_defaults.xml:63
+msgid "ldap_sasl_authid = sAMAccountName@REALM (typically SHORTNAME$@REALM)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ad_modified_defaults.xml:66
+msgid ""
+"The AD provider looks for a different principal than the LDAP provider by "
+"default, because in an Active Directory environment the principals are "
+"divided into two groups - User Principals and Service Principals. Only User "
+"Principal can be used to obtain a TGT and by default, computer object's "
+"principal is constructed from its sAMAccountName and the AD realm. The well-"
+"known host/hostname@REALM principal is a Service Principal and thus cannot "
+"be used to get a TGT with."
+msgstr ""
+
 #. type: Content of: <refsect1><para>
 #: include/ipa_modified_defaults.xml:4
 msgid ""
diff --git a/src/man/po/po4a.cfg b/src/man/po/po4a.cfg
index 7fd4e38..a3ab241 100644
--- a/src/man/po/po4a.cfg
+++ b/src/man/po/po4a.cfg
@@ -1,4 +1,4 @@
-[po4a_langs] br ca cs de eu es fi fr ja lv nl pt pt_BR ru tg uk zh_CN
+[po4a_langs] br ca cs de eu es fi fr ja lv nl pt pt_BR ru sv tg uk zh_CN
 [po4a_paths] po/sssd-docs.pot $lang:po/$lang.po
 [type:docbook] sss_groupmod.8.xml $lang:$(builddir)/$lang/sss_groupmod.8.xml
 [type:docbook] sssd.conf.5.xml $lang:$(builddir)/$lang/sssd.conf.5.xml
diff --git a/src/man/po/pt.po b/src/man/po/pt.po
index 41f2e52..d18875e 100644
--- a/src/man/po/pt.po
+++ b/src/man/po/pt.po
@@ -6,10 +6,10 @@
 # Miguel Sousa <migueljorgesousa@sapo.pt>, 2011
 msgid ""
 msgstr ""
-"Project-Id-Version: sssd-docs 1.15.3\n"
+"Project-Id-Version: sssd-docs 1.16.1\n"
 "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2018-03-09 12:30+0100\n"
-"PO-Revision-Date: 2014-12-15 12:05-0500\n"
+"POT-Creation-Date: 2018-06-08 21:00+0200\n"
+"PO-Revision-Date: 2014-12-15 12:05+0000\n"
 "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
 "Language-Team: Portuguese (http://www.transifex.com/projects/p/sssd/language/"
 "pt/)\n"
@@ -18,7 +18,7 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
-"X-Generator: Zanata 3.9.6\n"
+"X-Generator: Zanata 4.4.5\n"
 
 #. type: Content of: <reference><title>
 #: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
@@ -94,7 +94,7 @@ msgstr ""
 #: sss_groupmod.8.xml:39 pam_sss.8.xml:64 sssd.8.xml:42 sss_obfuscate.8.xml:58
 #: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
 #: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
-#: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:66
+#: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:123
 #: sss_ssh_knownhostsproxy.1.xml:62
 msgid "OPTIONS"
 msgstr "Opções"
@@ -201,7 +201,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd.conf.5.xml:41
 msgid ""
-"A line comment starts with a hash sign (<quote>#</quote>) or a semicolon "
+"A comment line starts with a hash sign (<quote>#</quote>) or a semicolon "
 "(<quote>;</quote>).  Inline comments are not supported."
 msgstr ""
 
@@ -313,11 +313,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:133 sssd.conf.5.xml:543 sssd.conf.5.xml:837
-#: sssd.conf.5.xml:1474 sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1937
-#: sssd-ldap.5.xml:1999 sssd-ldap.5.xml:2565 sssd-ldap.5.xml:2630
-#: sssd-ldap.5.xml:2648 sssd-ad.5.xml:224 sssd-ad.5.xml:338 sssd-ad.5.xml:882
-#: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
+#: sssd.conf.5.xml:133 sssd.conf.5.xml:543 sssd.conf.5.xml:839
+#: sssd.conf.5.xml:1491 sssd.conf.5.xml:1521 sssd-ldap.5.xml:1840
+#: sssd-ldap.5.xml:1937 sssd-ldap.5.xml:1999 sssd-ldap.5.xml:2565
+#: sssd-ldap.5.xml:2630 sssd-ldap.5.xml:2648 sssd-ad.5.xml:227
+#: sssd-ad.5.xml:341 sssd-ad.5.xml:885 sssd-krb5.5.xml:499
+#: sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
 msgid "Default: true"
 msgstr ""
 
@@ -334,8 +335,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:146 sssd.conf.5.xml:540 sssd.conf.5.xml:721
-#: sssd.conf.5.xml:1407 sssd.conf.5.xml:2925 sssd-ldap.5.xml:708
+#: sssd.conf.5.xml:146 sssd.conf.5.xml:540 sssd.conf.5.xml:722
+#: sssd.conf.5.xml:1424 sssd.conf.5.xml:2983 sssd-ldap.5.xml:708
 #: sssd-ldap.5.xml:1714 sssd-ldap.5.xml:1733 sssd-ldap.5.xml:1909
 #: sssd-ldap.5.xml:2335 sssd-ipa.5.xml:151 sssd-ipa.5.xml:238
 #: sssd-ipa.5.xml:559 sssd-krb5.5.xml:266 sssd-krb5.5.xml:300
@@ -369,7 +370,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:169 sssd.conf.5.xml:1359 sssd.conf.5.xml:2941
+#: sssd.conf.5.xml:169 sssd.conf.5.xml:1376 sssd.conf.5.xml:2999
 #: sssd-ldap.5.xml:1585 include/ldap_id_mapping.xml:264
 msgid "Default: 10"
 msgstr "Padrão: 10"
@@ -385,7 +386,7 @@ msgid "The [sssd] section"
 msgstr "A seção [SSSD]"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:191 sssd.conf.5.xml:3030
+#: sssd.conf.5.xml:191 sssd.conf.5.xml:3088
 msgid "Section parameters"
 msgstr "Parâmetros de secção"
 
@@ -435,12 +436,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231 sssd.conf.5.xml:613
+#: sssd.conf.5.xml:231 sssd.conf.5.xml:614
 msgid "reconnection_retries (integer)"
 msgstr "reconnection_retries (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:234 sssd.conf.5.xml:616
+#: sssd.conf.5.xml:234 sssd.conf.5.xml:617
 msgid ""
 "Number of times services should attempt to reconnect in the event of a Data "
 "Provider crash or restart before they give up"
@@ -449,7 +450,7 @@ msgstr ""
 "falha do provedor de dados ou reiniciar antes de eles desistirem"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:239 sssd.conf.5.xml:621
+#: sssd.conf.5.xml:239 sssd.conf.5.xml:622
 msgid "Default: 3"
 msgstr "Padrão: 3"
 
@@ -469,7 +470,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:259 sssd.conf.5.xml:2539
+#: sssd.conf.5.xml:259 sssd.conf.5.xml:2597
 msgid "re_expression (string)"
 msgstr "re_expression (string)"
 
@@ -489,12 +490,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:276 sssd.conf.5.xml:2590
+#: sssd.conf.5.xml:276 sssd.conf.5.xml:2648
 msgid "full_name_format (string)"
 msgstr "full_name_format (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:279 sssd.conf.5.xml:2593
+#: sssd.conf.5.xml:279 sssd.conf.5.xml:2651
 msgid ""
 "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
 "manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -502,39 +503,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:290 sssd.conf.5.xml:2604
+#: sssd.conf.5.xml:290 sssd.conf.5.xml:2662
 msgid "%1$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:291 sssd.conf.5.xml:2605
+#: sssd.conf.5.xml:291 sssd.conf.5.xml:2663
 msgid "user name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:294 sssd.conf.5.xml:2608
+#: sssd.conf.5.xml:294 sssd.conf.5.xml:2666
 msgid "%2$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:297 sssd.conf.5.xml:2611
+#: sssd.conf.5.xml:297 sssd.conf.5.xml:2669
 msgid "domain name as specified in the SSSD config file."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:303 sssd.conf.5.xml:2617
+#: sssd.conf.5.xml:303 sssd.conf.5.xml:2675
 msgid "%3$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:306 sssd.conf.5.xml:2620
+#: sssd.conf.5.xml:306 sssd.conf.5.xml:2678
 msgid ""
 "domain flat name. Mostly usable for Active Directory domains, both directly "
 "configured or discovered via IPA trusts."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:287 sssd.conf.5.xml:2601
+#: sssd.conf.5.xml:287 sssd.conf.5.xml:2659
 msgid ""
 "The following expansions are supported: <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
@@ -658,9 +659,9 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:418 sssd.conf.5.xml:1163 sssd-ldap.5.xml:679
+#: sssd.conf.5.xml:418 sssd.conf.5.xml:1165 sssd-ldap.5.xml:679
 #: sssd-ldap.5.xml:1319 sssd-ldap.5.xml:1673 sssd-ldap.5.xml:1685
-#: sssd-ldap.5.xml:1767 sssd-ad.5.xml:687 sssd-ad.5.xml:762 sssd.8.xml:126
+#: sssd-ldap.5.xml:1767 sssd-ad.5.xml:690 sssd-ad.5.xml:765 sssd.8.xml:126
 #: sssd-krb5.5.xml:410 sssd-krb5.5.xml:556 sssd-secrets.5.xml:339
 #: sssd-secrets.5.xml:377 sssd-secrets.5.xml:390 sssd-secrets.5.xml:404
 #: sssd-secrets.5.xml:415 include/ldap_id_mapping.xml:205
@@ -838,21 +839,22 @@ msgstr ""
 #: sssd.conf.5.xml:563
 msgid ""
 "Please, note that when this option is set the output format of all commands "
-"is always fully-qualified even when using short names for input.  In case "
-"the administrator wants the output not fully-qualified, the full_name_format "
-"option can be used as shown below: <quote>full_name_format=%1$s</quote> "
-"However, keep in mind that during login, login applications often "
-"canonicalize the username by calling <citerefentry> <refentrytitle>getpwnam</"
-"refentrytitle> <manvolnum>3</manvolnum> </citerefentry> which, if a "
-"shortname is returned for a qualified input (while trying to reach a user "
-"which exists in multiple domains) might re-route the login attempt into the "
-"domain which users shortnames, making this workaround totally not "
-"recommended in cases where usernames may overlap between domains."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587 sssd.conf.5.xml:1371 sssd.conf.5.xml:2991
-#: sssd-ad.5.xml:161 sssd-ad.5.xml:299 sssd-ad.5.xml:313
+"is always fully-qualified even when using short names for input, for all "
+"users but the ones managed by the files provider.  In case the administrator "
+"wants the output not fully-qualified, the full_name_format option can be "
+"used as shown below: <quote>full_name_format=%1$s</quote> However, keep in "
+"mind that during login, login applications often canonicalize the username "
+"by calling <citerefentry> <refentrytitle>getpwnam</refentrytitle> "
+"<manvolnum>3</manvolnum> </citerefentry> which, if a shortname is returned "
+"for a qualified input (while trying to reach a user which exists in multiple "
+"domains) might re-route the login attempt into the domain which uses "
+"shortnames, making this workaround totally not recommended in cases where "
+"usernames may overlap between domains."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:588 sssd.conf.5.xml:1388 sssd.conf.5.xml:3049
+#: sssd-ad.5.xml:164 sssd-ad.5.xml:302 sssd-ad.5.xml:316
 msgid "Default: Not set"
 msgstr ""
 
@@ -868,12 +870,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:598
+#: sssd.conf.5.xml:599
 msgid "SERVICES SECTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:600
+#: sssd.conf.5.xml:601
 msgid ""
 "Settings that can be used to configure different services are described in "
 "this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -882,22 +884,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:607
+#: sssd.conf.5.xml:608
 msgid "General service configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:609
+#: sssd.conf.5.xml:610
 msgid "These options can be used to configure any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:626
+#: sssd.conf.5.xml:627
 msgid "fd_limit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:629
+#: sssd.conf.5.xml:630
 msgid ""
 "This option specifies the maximum number of file descriptors that may be "
 "opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -907,17 +909,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:638
+#: sssd.conf.5.xml:639
 msgid "Default: 8192 (or limits.conf \"hard\" limit)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:643
+#: sssd.conf.5.xml:644
 msgid "client_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:646
+#: sssd.conf.5.xml:647
 msgid ""
 "This option specifies the number of seconds that a client of an SSSD process "
 "can hold onto a file descriptor without communicating on it. This value is "
@@ -927,18 +929,18 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:655 sssd.conf.5.xml:687 sssd.conf.5.xml:968
-#: sssd.conf.5.xml:1229 sssd-ldap.5.xml:1412
+#: sssd.conf.5.xml:656 sssd.conf.5.xml:688 sssd.conf.5.xml:970
+#: sssd.conf.5.xml:1231 sssd-ldap.5.xml:1412
 msgid "Default: 60"
 msgstr "Padrão: 60"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:660
+#: sssd.conf.5.xml:661
 msgid "offline_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:663
+#: sssd.conf.5.xml:664
 msgid ""
 "When SSSD switches to offline mode the amount of time before it tries to go "
 "back online will increase based upon the time spent disconnected.  This "
@@ -946,24 +948,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:670
+#: sssd.conf.5.xml:671
 msgid "offline_timeout + random_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:673
+#: sssd.conf.5.xml:674
 msgid ""
 "The random offset can increment up to 30 seconds.  After each unsuccessful "
 "attempt to go online, the new interval is recalculated by the following:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:678
+#: sssd.conf.5.xml:679
 msgid "new_interval = old_interval*2 + random_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:681
+#: sssd.conf.5.xml:682
 msgid ""
 "Note that the maximum length of each interval is currently limited to one "
 "hour. If the calculated length of new_interval is greater than an hour, it "
@@ -971,12 +973,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:692
+#: sssd.conf.5.xml:693
 msgid "responder_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:695
+#: sssd.conf.5.xml:696
 msgid ""
 "This option specifies the number of seconds that an SSSD responder process "
 "can be up without being used. This value is limited in order to avoid "
@@ -988,58 +990,58 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:709 sssd.conf.5.xml:981 sssd.conf.5.xml:1566
+#: sssd.conf.5.xml:710 sssd.conf.5.xml:983 sssd.conf.5.xml:1616
 #: sssd-ldap.5.xml:722
 msgid "Default: 300"
 msgstr "Padrão: 300"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:714
+#: sssd.conf.5.xml:715
 msgid "cache_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:717
+#: sssd.conf.5.xml:718
 msgid ""
 "This option specifies whether the responder should query all caches before "
 "querying the Data Providers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:729
+#: sssd.conf.5.xml:730
 msgid "NSS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:731
+#: sssd.conf.5.xml:732
 msgid ""
 "These options can be used to configure the Name Service Switch (NSS) service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:736
+#: sssd.conf.5.xml:737
 msgid "enum_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:739
+#: sssd.conf.5.xml:740
 msgid ""
 "How many seconds should nss_sss cache enumerations (requests for info about "
 "all users)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:743
+#: sssd.conf.5.xml:744
 msgid "Default: 120"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:748
+#: sssd.conf.5.xml:749
 msgid "entry_cache_nowait_percentage (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:751
+#: sssd.conf.5.xml:752
 msgid ""
 "The entry cache can be set to automatically update entries in the background "
 "if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -1047,7 +1049,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:757
+#: sssd.conf.5.xml:758
 msgid ""
 "For example, if the domain's entry_cache_timeout is set to 30s and "
 "entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -1057,7 +1059,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:767
+#: sssd.conf.5.xml:768
 msgid ""
 "Valid values for this option are 0-99 and represent a percentage of the "
 "entry_cache_timeout for each domain. For performance reasons, this "
@@ -1066,17 +1068,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:775 sssd.conf.5.xml:1428
+#: sssd.conf.5.xml:776 sssd.conf.5.xml:1445
 msgid "Default: 50"
 msgstr "Padrão: 50"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:780
+#: sssd.conf.5.xml:781
 msgid "entry_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:784
 msgid ""
 "Specifies for how many seconds nss_sss should cache negative cache hits "
 "(that is, queries for invalid database entries, like nonexistent ones)  "
@@ -1084,34 +1086,37 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:789 sssd.conf.5.xml:1452
+#: sssd.conf.5.xml:790 sssd.conf.5.xml:1469
 msgid "Default: 15"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:794
+#: sssd.conf.5.xml:795
 msgid "local_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:797
+#: sssd.conf.5.xml:798
 msgid ""
 "Specifies for how many seconds nss_sss should keep local users and groups in "
-"negative cache before trying to look it up in the back end again."
+"negative cache before trying to look it up in the back end again. Setting "
+"the option to 0 disables this feature."
 msgstr ""
 
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:802 sssd.conf.5.xml:1217 sssd.conf.5.xml:2846 sssd.8.xml:79
-msgid "Default: 0"
-msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:804
+#, fuzzy
+#| msgid "Default: 86400 (24 hours)"
+msgid "Default: 14400 (4 hours)"
+msgstr "Padrão: 86400 (24 horas)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:807
+#: sssd.conf.5.xml:809
 msgid "filter_users, filter_groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:810
+#: sssd.conf.5.xml:812
 msgid ""
 "Exclude certain users or groups from being fetched from the sss NSS "
 "database. This is particularly useful for system accounts. This option can "
@@ -1120,7 +1125,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:817
+#: sssd.conf.5.xml:819
 msgid ""
 "NOTE: The filter_groups option doesn't affect inheritance of nested group "
 "members, since filtering happens after they are propagated for returning via "
@@ -1129,41 +1134,41 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:825
+#: sssd.conf.5.xml:827
 msgid "Default: root"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:830
+#: sssd.conf.5.xml:832
 msgid "filter_users_in_groups (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:833
+#: sssd.conf.5.xml:835
 msgid ""
 "If you want filtered user still be group members set this option to false."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:844
+#: sssd.conf.5.xml:846
 msgid "fallback_homedir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:849
 msgid ""
 "Set a default template for a user's home directory if one is not specified "
 "explicitly by the domain's data provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:852
+#: sssd.conf.5.xml:854
 msgid ""
 "The available values for this option are the same as for override_homedir."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:858
+#: sssd.conf.5.xml:860
 #, no-wrap
 msgid ""
 "fallback_homedir = /home/%u\n"
@@ -1171,23 +1176,23 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:856 sssd.conf.5.xml:1296 sssd.conf.5.xml:1315
+#: sssd.conf.5.xml:858 sssd.conf.5.xml:1298 sssd.conf.5.xml:1317
 #: sssd-krb5.5.xml:539 include/override_homedir.xml:59
 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:862
+#: sssd.conf.5.xml:864
 msgid "Default: not set (no substitution for unset home directories)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:870
 msgid "override_shell (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:873
 msgid ""
 "Override the login shell for all users. This option supersedes any other "
 "shell options if it takes effect and can be set either in the [nss] section "
@@ -1195,47 +1200,47 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:877
+#: sssd.conf.5.xml:879
 msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:883
+#: sssd.conf.5.xml:885
 msgid "allowed_shells (string)"
 msgstr "allowed_shells (string)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:886
+#: sssd.conf.5.xml:888
 msgid ""
 "Restrict user shell to one of the listed values. The order of evaluation is:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:889
+#: sssd.conf.5.xml:891
 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:895
 msgid ""
 "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
 "quote>, use the value of the shell_fallback parameter."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:898
+#: sssd.conf.5.xml:900
 msgid ""
 "3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
 "shells</quote>, a nologin shell is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:903
+#: sssd.conf.5.xml:905
 msgid "The wildcard (*) can be used to allow any shell."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:906
+#: sssd.conf.5.xml:908
 msgid ""
 "The (*) is useful if you want to use shell_fallback in case that user's "
 "shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -1243,112 +1248,112 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:913
+#: sssd.conf.5.xml:915
 msgid "An empty string for shell is passed as-is to libc."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:918
 msgid ""
 "The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
 "that a restart of the SSSD is required in case a new shell is installed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:920
+#: sssd.conf.5.xml:922
 msgid "Default: Not set. The user shell is automatically used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:925
+#: sssd.conf.5.xml:927
 msgid "vetoed_shells (string)"
 msgstr "vetoed_shells (string)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:928
+#: sssd.conf.5.xml:930
 msgid "Replace any instance of these shells with the shell_fallback"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:933
+#: sssd.conf.5.xml:935
 msgid "shell_fallback (string)"
 msgstr "shell_fallback (string)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:936
+#: sssd.conf.5.xml:938
 msgid ""
 "The default shell to use if an allowed shell is not installed on the machine."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
+#: sssd.conf.5.xml:942
 msgid "Default: /bin/sh"
 msgstr "Padrão: /bin/sh"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:945
+#: sssd.conf.5.xml:947
 msgid "default_shell"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:950
 msgid ""
 "The default shell to use if the provider does not return one during lookup. "
 "This option can be specified globally in the [nss] section or per-domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:956
 msgid ""
 "Default: not set (Return NULL if no shell is specified and rely on libc to "
 "substitute something sensible when necessary, usually /bin/sh)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:961 sssd.conf.5.xml:1222
+#: sssd.conf.5.xml:963 sssd.conf.5.xml:1224
 msgid "get_domains_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:964 sssd.conf.5.xml:1225
+#: sssd.conf.5.xml:966 sssd.conf.5.xml:1227
 msgid ""
 "Specifies time in seconds for which the list of subdomains will be "
 "considered valid."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:973
+#: sssd.conf.5.xml:975
 msgid "memcache_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:976
+#: sssd.conf.5.xml:978
 msgid ""
 "Specifies time in seconds for which records in the in-memory cache will be "
 "valid. Setting this option to zero will disable the in-memory cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:984
+#: sssd.conf.5.xml:986
 msgid ""
 "WARNING: Disabling the in-memory cache will have significant negative impact "
 "on SSSD's performance and should only be used for testing."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:990
+#: sssd.conf.5.xml:992
 msgid ""
 "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
 "client applications will not use the fast in-memory cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:998 sssd-ifp.5.xml:74
+#: sssd.conf.5.xml:1000 sssd-ifp.5.xml:74
 msgid "user_attributes (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1001
+#: sssd.conf.5.xml:1003
 msgid ""
 "Some of the additional NSS responder requests can return more attributes "
 "than just the POSIX ones defined by the NSS interface. The list of "
@@ -1359,96 +1364,96 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1014
+#: sssd.conf.5.xml:1016
 msgid ""
 "To make configuration more easy the NSS responder will check the InfoPipe "
 "option if it is not set for the NSS responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1019
+#: sssd.conf.5.xml:1021
 msgid "Default: not set, fallback to InfoPipe option"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1026
 msgid "pwfield (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1029
 msgid ""
 "The value that NSS operations that return users or groups will return for "
 "the <quote>password</quote> field."
 msgstr ""
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:1032 include/override_homedir.xml:56
+#: sssd.conf.5.xml:1034 include/override_homedir.xml:56
 msgid "This option can also be set per-domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1035
+#: sssd.conf.5.xml:1037
 msgid ""
 "Default: <quote>*</quote> (remote domains)  or <quote>x</quote> (the files "
 "domain)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1043
+#: sssd.conf.5.xml:1045
 msgid "PAM configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1047
 msgid ""
 "These options can be used to configure the Pluggable Authentication Module "
 "(PAM) service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1050
+#: sssd.conf.5.xml:1052
 msgid "offline_credentials_expiration (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1053
+#: sssd.conf.5.xml:1055
 msgid ""
 "If the authentication provider is offline, how long should we allow cached "
 "logins (in days since the last successful online login)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1058 sssd.conf.5.xml:1071
+#: sssd.conf.5.xml:1060 sssd.conf.5.xml:1073
 msgid "Default: 0 (No limit)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1064
+#: sssd.conf.5.xml:1066
 msgid "offline_failed_login_attempts (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1067
+#: sssd.conf.5.xml:1069
 msgid ""
 "If the authentication provider is offline, how many failed login attempts "
 "are allowed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1077
+#: sssd.conf.5.xml:1079
 msgid "offline_failed_login_delay (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1080
+#: sssd.conf.5.xml:1082
 msgid ""
 "The time in minutes which has to pass after offline_failed_login_attempts "
 "has been reached before a new login attempt is possible."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1085
+#: sssd.conf.5.xml:1087
 msgid ""
 "If set to 0 the user cannot authenticate offline if "
 "offline_failed_login_attempts has been reached. Only a successful online "
@@ -1456,59 +1461,59 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1091 sssd.conf.5.xml:1189
+#: sssd.conf.5.xml:1093 sssd.conf.5.xml:1191
 msgid "Default: 5"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1097
+#: sssd.conf.5.xml:1099
 msgid "pam_verbosity (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1100
+#: sssd.conf.5.xml:1102
 msgid ""
 "Controls what kind of messages are shown to the user during authentication. "
 "The higher the number to more messages are displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1105
+#: sssd.conf.5.xml:1107
 msgid "Currently sssd supports the following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1108
+#: sssd.conf.5.xml:1110
 msgid "<emphasis>0</emphasis>: do not show any message"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1111
+#: sssd.conf.5.xml:1113
 msgid "<emphasis>1</emphasis>: show only important messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1115
+#: sssd.conf.5.xml:1117
 msgid "<emphasis>2</emphasis>: show informational messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1118
+#: sssd.conf.5.xml:1120
 msgid "<emphasis>3</emphasis>: show all messages and debug information"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1122 sssd.8.xml:63
+#: sssd.conf.5.xml:1124 sssd.8.xml:63
 msgid "Default: 1"
 msgstr "Padrão: 1"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1128
+#: sssd.conf.5.xml:1130
 msgid "pam_response_filter (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1131
+#: sssd.conf.5.xml:1133
 msgid ""
 "A comma separated list of strings which allows to remove (filter) data sent "
 "by the PAM responder to pam_sss PAM module. There are different kind of "
@@ -1517,61 +1522,61 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1139
+#: sssd.conf.5.xml:1141
 msgid ""
 "While messages already can be controlled with the help of the pam_verbosity "
 "option this option allows to filter out other kind of responses as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1148
 msgid "ENV"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1147
+#: sssd.conf.5.xml:1149
 msgid "Do not send any environment variables to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1150
+#: sssd.conf.5.xml:1152
 msgid "ENV:var_name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1151
+#: sssd.conf.5.xml:1153
 msgid "Do not send environment variable var_name to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1155
+#: sssd.conf.5.xml:1157
 msgid "ENV:var_name:service"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1156
+#: sssd.conf.5.xml:1158
 msgid "Do not send environment variable var_name to service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1144
+#: sssd.conf.5.xml:1146
 msgid ""
 "Currently the following filters are supported: <placeholder type="
 "\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1166
+#: sssd.conf.5.xml:1168
 msgid "Example: ENV:KRB5CCNAME:sudo-i"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1174
 msgid "pam_id_timeout (integer)"
 msgstr "pam_id_timeout (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1175
+#: sssd.conf.5.xml:1177
 msgid ""
 "For any PAM request while SSSD is online, the SSSD will attempt to "
 "immediately update the cached identity information for the user in order to "
@@ -1579,7 +1584,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1181
+#: sssd.conf.5.xml:1183
 msgid ""
 "A complete PAM conversation may perform multiple PAM requests, such as "
 "account management and session opening. This option controls (on a per-"
@@ -1588,17 +1593,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1195
+#: sssd.conf.5.xml:1197
 msgid "pam_pwd_expiration_warning (integer)"
 msgstr "pam_pwd_expiration_warning (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1198 sssd.conf.5.xml:2028
+#: sssd.conf.5.xml:1200 sssd.conf.5.xml:2078
 msgid "Display a warning N days before the password expires."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1201
+#: sssd.conf.5.xml:1203
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -1606,26 +1611,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1207 sssd.conf.5.xml:2031
+#: sssd.conf.5.xml:1209 sssd.conf.5.xml:2081
 msgid ""
 "If zero is set, then this filter is not applied, i.e. if the expiration "
 "warning was received from backend server, it will automatically be displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1212
+#: sssd.conf.5.xml:1214
 msgid ""
 "This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
 "emphasis> for a particular domain."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1219 sssd.conf.5.xml:2904 sssd.8.xml:79
+msgid "Default: 0"
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1234
+#: sssd.conf.5.xml:1236
 msgid "pam_trusted_users (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1237
+#: sssd.conf.5.xml:1239
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to run PAM conversations against trusted domains.  Users not "
@@ -1635,74 +1645,74 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1247
+#: sssd.conf.5.xml:1249
 msgid "Default: All users are considered trusted by default"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1251
+#: sssd.conf.5.xml:1253
 msgid ""
 "Please note that UID 0 is always allowed to access the PAM responder even in "
 "case it is not in the pam_trusted_users list."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1258
+#: sssd.conf.5.xml:1260
 msgid "pam_public_domains (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1261
+#: sssd.conf.5.xml:1263
 msgid ""
 "Specifies the comma-separated list of domain names that are accessible even "
 "to untrusted users."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1265
+#: sssd.conf.5.xml:1267
 msgid "Two special values for pam_public_domains option are defined:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1269
+#: sssd.conf.5.xml:1271
 msgid ""
 "all (Untrusted users are allowed to access all domains in PAM responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1273
+#: sssd.conf.5.xml:1275
 msgid ""
 "none (Untrusted users are not allowed to access any domains PAM in "
 "responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1277 sssd.conf.5.xml:1302 sssd.conf.5.xml:1321
-#: sssd.conf.5.xml:1825 sssd.conf.5.xml:2782 sssd-ldap.5.xml:1968
+#: sssd.conf.5.xml:1279 sssd.conf.5.xml:1304 sssd.conf.5.xml:1323
+#: sssd.conf.5.xml:1875 sssd.conf.5.xml:2840 sssd-ldap.5.xml:1968
 msgid "Default: none"
 msgstr "Padrão: none"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1282
+#: sssd.conf.5.xml:1284
 msgid "pam_account_expired_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1285
+#: sssd.conf.5.xml:1287
 msgid ""
 "Allows a custom expiration message to be set, replacing the default "
 "'Permission denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1290
+#: sssd.conf.5.xml:1292
 msgid ""
 "Note: Please be aware that message is only printed for the SSH service "
 "unless pam_verbosity is set to 3 (show all messages and debug information)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1298
+#: sssd.conf.5.xml:1300
 #, no-wrap
 msgid ""
 "pam_account_expired_message = Account expired, please contact help desk.\n"
@@ -1710,19 +1720,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1307
+#: sssd.conf.5.xml:1309
 msgid "pam_account_locked_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1310
+#: sssd.conf.5.xml:1312
 msgid ""
 "Allows a custom lockout message to be set, replacing the default 'Permission "
 "denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1317
+#: sssd.conf.5.xml:1319
 #, no-wrap
 msgid ""
 "pam_account_locked_message = Account locked, please contact help desk.\n"
@@ -1730,12 +1740,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1326
+#: sssd.conf.5.xml:1328
 msgid "pam_cert_auth (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1329
+#: sssd.conf.5.xml:1331
 msgid ""
 "Enable certificate based Smartcard authentication.  Since this requires "
 "additional communication with the Smartcard which will delay the "
@@ -1743,58 +1753,82 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1335 sssd.conf.5.xml:2875 sssd-ldap.5.xml:1087
+#: sssd.conf.5.xml:1337 sssd.conf.5.xml:2933 sssd-ldap.5.xml:1087
 #: sssd-ldap.5.xml:1114 sssd-ldap.5.xml:1514 sssd-ldap.5.xml:1535
 #: sssd-ldap.5.xml:2041 include/ldap_id_mapping.xml:244
 msgid "Default: False"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1340
+#: sssd.conf.5.xml:1342
 msgid "pam_cert_db_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1343
+#: sssd.conf.5.xml:1345
 msgid ""
 "The path to the certificate database which contain the PKCS#11 modules to "
 "access the Smartcard."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1347
-msgid "Default: /etc/pki/nssdb (NSS version)"
+#: sssd.conf.5.xml:1349 sssd.conf.5.xml:1534
+#, fuzzy
+#| msgid "Default: 3"
+msgid "Default:"
+msgstr "Padrão: 3"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:1351 sssd.conf.5.xml:1536
+msgid "/etc/pki/nssdb (NSS version, path to a NSS database)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:1354 sssd.conf.5.xml:1539
+msgid ""
+"/etc/sssd/pki/sssd_auth_ca_db.pem (OpenSSL version, path to a file with "
+"trusted CA certificates in PEM format)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1361 sssd.conf.5.xml:1546
+msgid "This man page was generated for the NSS version."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1364 sssd.conf.5.xml:1549
+msgid "This man page was generated for the OpenSSL version."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1352
+#: sssd.conf.5.xml:1369
 msgid "p11_child_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1355
+#: sssd.conf.5.xml:1372
 msgid "How many seconds will pam_sss wait for p11_child to finish."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1364
+#: sssd.conf.5.xml:1381
 msgid "pam_app_services (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1367
+#: sssd.conf.5.xml:1384
 msgid ""
 "Which PAM services are permitted to contact domains of type "
 "<quote>application</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1380
+#: sssd.conf.5.xml:1397
 msgid "SUDO configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1382
+#: sssd.conf.5.xml:1399
 msgid ""
 "These options can be used to configure the sudo service.  The detailed "
 "instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -1805,26 +1839,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1399
+#: sssd.conf.5.xml:1416
 msgid "sudo_timed (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1402
+#: sssd.conf.5.xml:1419
 msgid ""
 "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
 "that implement time-dependent sudoers entries."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1414
-#, fuzzy
-#| msgid "ldap_opt_timeout (integer)"
+#: sssd.conf.5.xml:1431
 msgid "sudo_threshold (integer)"
-msgstr "ldap_opt_timeout (integer)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1417
+#: sssd.conf.5.xml:1434
 msgid ""
 "Maximum number of expired rules that can be refreshed at once. If number of "
 "expired rules is below threshold, those rules are refreshed with "
@@ -1834,22 +1866,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1436
+#: sssd.conf.5.xml:1453
 msgid "AUTOFS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1438
+#: sssd.conf.5.xml:1455
 msgid "These options can be used to configure the autofs service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1442
+#: sssd.conf.5.xml:1459
 msgid "autofs_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1445
+#: sssd.conf.5.xml:1462
 msgid ""
 "Specifies for how many seconds should the autofs responder negative cache "
 "hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1857,68 +1889,77 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1461
+#: sssd.conf.5.xml:1478
 msgid "SSH configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1463
+#: sssd.conf.5.xml:1480
 msgid "These options can be used to configure the SSH service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1467
+#: sssd.conf.5.xml:1484
 msgid "ssh_hash_known_hosts (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1470
+#: sssd.conf.5.xml:1487
 msgid ""
 "Whether or not to hash host names and addresses in the managed known_hosts "
 "file."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1479
+#: sssd.conf.5.xml:1496
 msgid "ssh_known_hosts_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1482
+#: sssd.conf.5.xml:1499
 msgid ""
 "How many seconds to keep a host in the managed known_hosts file after its "
 "host keys were requested."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1486
+#: sssd.conf.5.xml:1503
 msgid "Default: 180"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1491
-msgid "ca_db (string)"
+#: sssd.conf.5.xml:1508
+msgid "ssh_use_certificate_keys (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1494
+#: sssd.conf.5.xml:1511
 msgid ""
-"Path to a storage of trusted CA certificates. The option is used to validate "
-"user certificates before deriving public ssh keys from them."
+"If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh "
+"keys derived from the public key of X.509 certificates stored in the user "
+"entry as well. See <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</"
+"refentrytitle> <manvolnum>1</manvolnum> </citerefentry> for details."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1526
+msgid "ca_db (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1499
-msgid "Default: /etc/pki/nssdb"
+#: sssd.conf.5.xml:1529
+msgid ""
+"Path to a storage of trusted CA certificates. The option is used to validate "
+"user certificates before deriving public ssh keys from them."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1507
+#: sssd.conf.5.xml:1557
 msgid "PAC responder configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1509
+#: sssd.conf.5.xml:1559
 msgid ""
 "The PAC responder works together with the authorization data plugin for MIT "
 "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -1929,7 +1970,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1518
+#: sssd.conf.5.xml:1568
 msgid ""
 "If the remote user does not exist in the cache, it is created. The UID is "
 "determined with the help of the SID, trusted domains will have UPGs and the "
@@ -1940,24 +1981,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1526
+#: sssd.conf.5.xml:1576
 msgid ""
 "If there are SIDs of groups from domains sssd knows about, the user will be "
 "added to those groups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1532
+#: sssd.conf.5.xml:1582
 msgid "These options can be used to configure the PAC responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1536 sssd-ifp.5.xml:50
+#: sssd.conf.5.xml:1586 sssd-ifp.5.xml:50
 msgid "allowed_uids (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1539
+#: sssd.conf.5.xml:1589
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -1965,12 +2006,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1545
+#: sssd.conf.5.xml:1595
 msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1549
+#: sssd.conf.5.xml:1599
 msgid ""
 "Please note that although the UID 0 is used as the default it will be "
 "overwritten with this option. If you still want to allow the root user to "
@@ -1979,24 +2020,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1558
+#: sssd.conf.5.xml:1608
 msgid "pac_lifetime (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1561
+#: sssd.conf.5.xml:1611
 msgid ""
 "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
 "data can be used to determine the group memberships of a user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1574
+#: sssd.conf.5.xml:1624
 msgid "Session recording configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1576
+#: sssd.conf.5.xml:1626
 msgid ""
 "Session recording works in conjunction with <citerefentry> "
 "<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </"
@@ -2006,80 +2047,66 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1589
+#: sssd.conf.5.xml:1639
 msgid "These options can be used to configure session recording."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1593 sssd-session-recording.5.xml:64
-#, fuzzy
-#| msgid "skel_dir (string)"
+#: sssd.conf.5.xml:1643 sssd-session-recording.5.xml:64
 msgid "scope (string)"
-msgstr "skel_dir (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1600 sssd-session-recording.5.xml:71
+#: sssd.conf.5.xml:1650 sssd-session-recording.5.xml:71
 msgid "\"none\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1603 sssd-session-recording.5.xml:74
+#: sssd.conf.5.xml:1653 sssd-session-recording.5.xml:74
 msgid "No users are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1608 sssd-session-recording.5.xml:79
+#: sssd.conf.5.xml:1658 sssd-session-recording.5.xml:79
 msgid "\"some\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1611 sssd-session-recording.5.xml:82
-#, fuzzy
-#| msgid ""
-#| "Append this group to groups specified by the <replaceable>GROUPS</"
-#| "replaceable> parameter.  The <replaceable>GROUPS</replaceable> parameter "
-#| "is a comma separated list of group names."
+#: sssd.conf.5.xml:1661 sssd-session-recording.5.xml:82
 msgid ""
 "Users/groups specified by <replaceable>users</replaceable> and "
 "<replaceable>groups</replaceable> options are recorded."
 msgstr ""
-"Acrescente este grupo para grupos especificados pelo parâmetro de "
-"<replaceable>GROUPS</replaceable>.  O parâmetro de <replaceable>GROUPS</"
-"replaceable> é uma lista separada por vírgulas de nomes de grupo."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1620 sssd-session-recording.5.xml:91
+#: sssd.conf.5.xml:1670 sssd-session-recording.5.xml:91
 msgid "\"all\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1623 sssd-session-recording.5.xml:94
+#: sssd.conf.5.xml:1673 sssd-session-recording.5.xml:94
 msgid "All users are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1596 sssd-session-recording.5.xml:67
+#: sssd.conf.5.xml:1646 sssd-session-recording.5.xml:67
 msgid ""
 "One of the following strings specifying the scope of session recording: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1630 sssd-session-recording.5.xml:101
-#, fuzzy
-#| msgid "Default: none"
+#: sssd.conf.5.xml:1680 sssd-session-recording.5.xml:101
 msgid "Default: \"none\""
-msgstr "Padrão: none"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1635 sssd-session-recording.5.xml:106
-#, fuzzy
-#| msgid "skel_dir (string)"
+#: sssd.conf.5.xml:1685 sssd-session-recording.5.xml:106
 msgid "users (string)"
-msgstr "skel_dir (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1638 sssd-session-recording.5.xml:109
+#: sssd.conf.5.xml:1688 sssd-session-recording.5.xml:109
 msgid ""
 "A comma-separated list of users which should have session recording enabled. "
 "Matches user names as returned by NSS. I.e. after the possible space "
@@ -2087,21 +2114,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1644 sssd-session-recording.5.xml:115
-#, fuzzy
-#| msgid "Default: empty, i.e. ldap_uri is used."
+#: sssd.conf.5.xml:1694 sssd-session-recording.5.xml:115
 msgid "Default: Empty. Matches no users."
-msgstr "Padrão: empty, ou seja, ldap_uri é usado."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1649 sssd-session-recording.5.xml:120
-#, fuzzy
-#| msgid "ldap_group_search_base (string)"
+#: sssd.conf.5.xml:1699 sssd-session-recording.5.xml:120
 msgid "groups (string)"
-msgstr "ldap_group_search_base (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1652 sssd-session-recording.5.xml:123
+#: sssd.conf.5.xml:1702 sssd-session-recording.5.xml:123
 msgid ""
 "A comma-separated list of groups, members of which should have session "
 "recording enabled. Matches group names as returned by NSS. I.e. after the "
@@ -2109,7 +2132,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1658 sssd-session-recording.5.xml:129
+#: sssd.conf.5.xml:1708 sssd-session-recording.5.xml:129
 msgid ""
 "NOTE: using this option (having it set to anything) has a considerable "
 "performance cost, because each uncached request for a user requires "
@@ -2117,22 +2140,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1665 sssd-session-recording.5.xml:136
+#: sssd.conf.5.xml:1715 sssd-session-recording.5.xml:136
 msgid "Default: Empty. Matches no groups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1675
+#: sssd.conf.5.xml:1725
 msgid "DOMAIN SECTIONS"
 msgstr "SECÇÕES DE DOMÍNIO"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1682
+#: sssd.conf.5.xml:1732
 msgid "domain_type (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1685
+#: sssd.conf.5.xml:1735
 msgid ""
 "Specifies whether the domain is meant to be used by POSIX-aware clients such "
 "as the Name Service Switch or by applications that do not need POSIX data to "
@@ -2141,14 +2164,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1693
+#: sssd.conf.5.xml:1743
 msgid ""
 "Allowed values for this option are <quote>posix</quote> and "
 "<quote>application</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1697
+#: sssd.conf.5.xml:1747
 msgid ""
 "POSIX domains are reachable by all services. Application domains are only "
 "reachable from the InfoPipe responder (see <citerefentry> "
@@ -2157,38 +2180,38 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1705
+#: sssd.conf.5.xml:1755
 msgid ""
 "NOTE: The application domains are currently well tested with "
 "<quote>id_provider=ldap</quote> only."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1709
+#: sssd.conf.5.xml:1759
 msgid ""
 "For an easy way to configure a non-POSIX domains, please see the "
 "<quote>Application domains</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1713
+#: sssd.conf.5.xml:1763
 msgid "Default: posix"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1719
+#: sssd.conf.5.xml:1769
 msgid "min_id,max_id (integer)"
 msgstr "min_id,max_id (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1722
+#: sssd.conf.5.xml:1772
 msgid ""
 "UID and GID limits for the domain. If a domain contains an entry that is "
 "outside these limits, it is ignored."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1727
+#: sssd.conf.5.xml:1777
 msgid ""
 "For users, this affects the primary GID limit. The user will not be returned "
 "to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -2197,24 +2220,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1734
+#: sssd.conf.5.xml:1784
 msgid ""
 "These ID limits affect even saving entries to cache, not only returning them "
 "by name or ID."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1738
+#: sssd.conf.5.xml:1788
 msgid "Default: 1 for min_id, 0 (no limit) for max_id"
 msgstr "Padrão: 1 para min_id, 0 (sem limite) para max_id"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1744
+#: sssd.conf.5.xml:1794
 msgid "enumerate (bool)"
 msgstr "enumerate (bool)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1747
+#: sssd.conf.5.xml:1797
 msgid ""
 "Determines if a domain can be enumerated, that is, whether the domain can "
 "list all the users and group it contains. Note that it is not required to "
@@ -2223,29 +2246,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1755
+#: sssd.conf.5.xml:1805
 msgid "TRUE = Users and groups are enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1758
+#: sssd.conf.5.xml:1808
 msgid "FALSE = No enumerations for this domain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1761 sssd.conf.5.xml:1983 sssd.conf.5.xml:2150
+#: sssd.conf.5.xml:1811 sssd.conf.5.xml:2033 sssd.conf.5.xml:2208
 msgid "Default: FALSE"
 msgstr "Padrão: FALSE"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1764
+#: sssd.conf.5.xml:1814
 msgid ""
 "Enumerating a domain requires SSSD to download and store ALL user and group "
 "entries from the remote server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1769
+#: sssd.conf.5.xml:1819
 msgid ""
 "Note: Enabling enumeration has a moderate performance impact on SSSD while "
 "enumeration is running. It may take up to several minutes after SSSD startup "
@@ -2259,14 +2282,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1784
+#: sssd.conf.5.xml:1834
 msgid ""
 "While the first enumeration is running, requests for the complete user or "
 "group lists may return no results until it completes."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1789
+#: sssd.conf.5.xml:1839
 msgid ""
 "Further, enabling enumeration may increase the time necessary to detect "
 "network disconnection, as longer timeouts are required to ensure that "
@@ -2275,39 +2298,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1797
+#: sssd.conf.5.xml:1847
 msgid ""
 "For the reasons cited above, enabling enumeration is not recommended, "
 "especially in large environments."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1805
+#: sssd.conf.5.xml:1855
 msgid "subdomain_enumerate (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1812
+#: sssd.conf.5.xml:1862
 msgid "all"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1813
+#: sssd.conf.5.xml:1863
 msgid "All discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1816
+#: sssd.conf.5.xml:1866
 msgid "none"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1817
+#: sssd.conf.5.xml:1867
 msgid "No discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1808
+#: sssd.conf.5.xml:1858
 msgid ""
 "Whether any of autodetected trusted domains should be enumerated. The "
 "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -2316,19 +2339,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1831
+#: sssd.conf.5.xml:1881
 msgid "entry_cache_timeout (integer)"
 msgstr "entry_cache_timeout (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1834
+#: sssd.conf.5.xml:1884
 msgid ""
 "How many seconds should nss_sss consider entries valid before asking the "
 "backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1838
+#: sssd.conf.5.xml:1888
 msgid ""
 "The cache expiration timestamps are stored as attributes of individual "
 "objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -2339,151 +2362,151 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1851
+#: sssd.conf.5.xml:1901
 msgid "Default: 5400"
 msgstr "Padrão: 5400"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1857
+#: sssd.conf.5.xml:1907
 msgid "entry_cache_user_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1860
+#: sssd.conf.5.xml:1910
 msgid ""
 "How many seconds should nss_sss consider user entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1864 sssd.conf.5.xml:1877 sssd.conf.5.xml:1890
-#: sssd.conf.5.xml:1903 sssd.conf.5.xml:1916 sssd.conf.5.xml:1930
-#: sssd.conf.5.xml:1944
+#: sssd.conf.5.xml:1914 sssd.conf.5.xml:1927 sssd.conf.5.xml:1940
+#: sssd.conf.5.xml:1953 sssd.conf.5.xml:1966 sssd.conf.5.xml:1980
+#: sssd.conf.5.xml:1994
 msgid "Default: entry_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1870
+#: sssd.conf.5.xml:1920
 msgid "entry_cache_group_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1873
+#: sssd.conf.5.xml:1923
 msgid ""
 "How many seconds should nss_sss consider group entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1883
+#: sssd.conf.5.xml:1933
 msgid "entry_cache_netgroup_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1886
+#: sssd.conf.5.xml:1936
 msgid ""
 "How many seconds should nss_sss consider netgroup entries valid before "
 "asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1896
+#: sssd.conf.5.xml:1946
 msgid "entry_cache_service_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1899
+#: sssd.conf.5.xml:1949
 msgid ""
 "How many seconds should nss_sss consider service entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1909
+#: sssd.conf.5.xml:1959
 msgid "entry_cache_sudo_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:1962
 msgid ""
 "How many seconds should sudo consider rules valid before asking the backend "
 "again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1922
+#: sssd.conf.5.xml:1972
 msgid "entry_cache_autofs_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1925
+#: sssd.conf.5.xml:1975
 msgid ""
 "How many seconds should the autofs service consider automounter maps valid "
 "before asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1936
+#: sssd.conf.5.xml:1986
 msgid "entry_cache_ssh_host_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1939
+#: sssd.conf.5.xml:1989
 msgid ""
 "How many seconds to keep a host ssh key after refresh. IE how long to cache "
 "the host key for."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1950
+#: sssd.conf.5.xml:2000
 msgid "refresh_expired_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1953
+#: sssd.conf.5.xml:2003
 msgid ""
 "Specifies how many seconds SSSD has to wait before triggering a background "
 "refresh task which will refresh all expired or nearly expired records."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1958
+#: sssd.conf.5.xml:2008
 msgid ""
 "The background refresh will process users, groups and netgroups in the cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1962
+#: sssd.conf.5.xml:2012
 msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1966 sssd-ldap.5.xml:746 sssd-ipa.5.xml:254
+#: sssd.conf.5.xml:2016 sssd-ldap.5.xml:746 sssd-ipa.5.xml:254
 msgid "Default: 0 (disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1972
+#: sssd.conf.5.xml:2022
 msgid "cache_credentials (bool)"
 msgstr "cache_credentials (bool)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1975
+#: sssd.conf.5.xml:2025
 msgid "Determines if user credentials are also cached in the local LDB cache"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1979
+#: sssd.conf.5.xml:2029
 msgid "User credentials are stored in a SHA512 hash, not in plaintext"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1989
+#: sssd.conf.5.xml:2039
 msgid "cache_credentials_minimal_first_factor_length (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1992
+#: sssd.conf.5.xml:2042
 msgid ""
 "If 2-Factor-Authentication (2FA) is used and credentials should be saved "
 "this value determines the minimal length the first authentication factor "
@@ -2491,24 +2514,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1999
+#: sssd.conf.5.xml:2049
 msgid ""
 "This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
 "the cache which would make them easy targets for brute-force attacks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2004
+#: sssd.conf.5.xml:2054
 msgid "Default: 8"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2010
+#: sssd.conf.5.xml:2060
 msgid "account_cache_expiration (integer)"
 msgstr "account_cache_expiration (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2013
+#: sssd.conf.5.xml:2063
 msgid ""
 "Number of days entries are left in cache after last successful login before "
 "being removed during a cleanup of the cache. 0 means keep forever.  The "
@@ -2517,17 +2540,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2020
+#: sssd.conf.5.xml:2070
 msgid "Default: 0 (unlimited)"
 msgstr "Padrão: 0 (ilimitado)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2025
+#: sssd.conf.5.xml:2075
 msgid "pwd_expiration_warning (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2036
+#: sssd.conf.5.xml:2086
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -2536,33 +2559,42 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2043
+#: sssd.conf.5.xml:2093
 msgid "Default: 7 (Kerberos), 0 (LDAP)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2049
+#: sssd.conf.5.xml:2099
 msgid "id_provider (string)"
 msgstr "id_provider (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2052
+#: sssd.conf.5.xml:2102
 msgid ""
 "The identification provider used for the domain.  Supported ID providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2056
-msgid "<quote>proxy</quote>: Support a legacy NSS provider"
+#: sssd.conf.5.xml:2106
+msgid "<quote>proxy</quote>: Support a legacy NSS provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2059 sssd.conf.5.xml:2196
-msgid "<quote>local</quote>: SSSD internal provider for local users"
+#: sssd.conf.5.xml:2109
+msgid ""
+"<quote>local</quote>: SSSD internal provider for local users (DEPRECATED)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2063
+#: sssd.conf.5.xml:2113
+msgid ""
+"<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-"
+"files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
+"information on how to mirror local users and groups into SSSD."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2121
 msgid ""
 "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
 "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -2570,8 +2602,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2071 sssd.conf.5.xml:2176 sssd.conf.5.xml:2231
-#: sssd.conf.5.xml:2294
+#: sssd.conf.5.xml:2129 sssd.conf.5.xml:2234 sssd.conf.5.xml:2289
+#: sssd.conf.5.xml:2352
 msgid ""
 "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
 "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -2580,8 +2612,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2080 sssd.conf.5.xml:2185 sssd.conf.5.xml:2240
-#: sssd.conf.5.xml:2303
+#: sssd.conf.5.xml:2138 sssd.conf.5.xml:2243 sssd.conf.5.xml:2298
+#: sssd.conf.5.xml:2361
 msgid ""
 "<quote>ad</quote>: Active Directory provider. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2589,19 +2621,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2091
+#: sssd.conf.5.xml:2149
 msgid "use_fully_qualified_names (bool)"
 msgstr "use_fully_qualified_names (bool)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2094
+#: sssd.conf.5.xml:2152
 msgid ""
 "Use the full name and domain (as formatted by the domain's full_name_format) "
 "as the user's login name reported to NSS."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2099
+#: sssd.conf.5.xml:2157
 msgid ""
 "If set to TRUE, all requests to this domain must use fully qualified names. "
 "For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -2610,7 +2642,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2107
+#: sssd.conf.5.xml:2165
 msgid ""
 "NOTE: This option has no effect on netgroup lookups due to their tendency to "
 "include nested netgroups without qualified names. For netgroups, all domains "
@@ -2618,22 +2650,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2114
+#: sssd.conf.5.xml:2172
 msgid "Default: FALSE (TRUE if default_domain_suffix is used)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2120
+#: sssd.conf.5.xml:2178
 msgid "ignore_group_members (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2123
+#: sssd.conf.5.xml:2181
 msgid "Do not return group members for group lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2126
+#: sssd.conf.5.xml:2184
 msgid ""
 "If set to TRUE, the group membership attribute is not requested from the "
 "ldap server, and group members are not returned when processing group lookup "
@@ -2645,7 +2677,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2144
+#: sssd.conf.5.xml:2202
 msgid ""
 "Enabling this option can also make access provider checks for group "
 "membership significantly faster, especially for groups containing many "
@@ -2653,19 +2685,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2155
+#: sssd.conf.5.xml:2213
 msgid "auth_provider (string)"
 msgstr "auth_provider (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2158
+#: sssd.conf.5.xml:2216
 msgid ""
 "The authentication provider used for the domain.  Supported auth providers "
 "are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2162 sssd.conf.5.xml:2224
+#: sssd.conf.5.xml:2220 sssd.conf.5.xml:2282
 msgid ""
 "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2673,7 +2705,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2169
+#: sssd.conf.5.xml:2227
 msgid ""
 "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2681,30 +2713,35 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2193
+#: sssd.conf.5.xml:2251
 msgid ""
 "<quote>proxy</quote> for relaying authentication to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2200
+#: sssd.conf.5.xml:2254
+msgid "<quote>local</quote>: SSSD internal provider for local users"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2258
 msgid "<quote>none</quote> disables authentication explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2203
+#: sssd.conf.5.xml:2261
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "authentication requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2209
+#: sssd.conf.5.xml:2267
 msgid "access_provider (string)"
 msgstr "access_provider (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2212
+#: sssd.conf.5.xml:2270
 msgid ""
 "The access control provider used for the domain.  There are two built-in "
 "access providers (in addition to any included in installed backends)  "
@@ -2712,19 +2749,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2218
+#: sssd.conf.5.xml:2276
 msgid ""
 "<quote>permit</quote> always allow access. It's the only permitted access "
 "provider for a local domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2221
+#: sssd.conf.5.xml:2279
 msgid "<quote>deny</quote> always deny access."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2248
+#: sssd.conf.5.xml:2306
 msgid ""
 "<quote>simple</quote> access control based on access or deny lists. See "
 "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -2733,7 +2770,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2255
+#: sssd.conf.5.xml:2313
 msgid ""
 "<quote>krb5</quote>: .k5login based access control.  See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
@@ -2741,29 +2778,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2262
+#: sssd.conf.5.xml:2320
 msgid "<quote>proxy</quote> for relaying access control to another PAM module."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2265
+#: sssd.conf.5.xml:2323
 msgid "Default: <quote>permit</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2270
+#: sssd.conf.5.xml:2328
 msgid "chpass_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2273
+#: sssd.conf.5.xml:2331
 msgid ""
 "The provider which should handle change password operations for the domain.  "
 "Supported change password providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2278
+#: sssd.conf.5.xml:2336
 msgid ""
 "<quote>ldap</quote> to change a password stored in a LDAP server. See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -2771,7 +2808,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2286
+#: sssd.conf.5.xml:2344
 msgid ""
 "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2779,35 +2816,35 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2311
+#: sssd.conf.5.xml:2369
 msgid ""
 "<quote>proxy</quote> for relaying password changes to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2315
+#: sssd.conf.5.xml:2373
 msgid "<quote>none</quote> disallows password changes explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2318
+#: sssd.conf.5.xml:2376
 msgid ""
 "Default: <quote>auth_provider</quote> is used if it is set and can handle "
 "change password requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2325
+#: sssd.conf.5.xml:2383
 msgid "sudo_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2328
+#: sssd.conf.5.xml:2386
 msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2332
+#: sssd.conf.5.xml:2390
 msgid ""
 "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2815,32 +2852,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2340
+#: sssd.conf.5.xml:2398
 msgid ""
 "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2344
+#: sssd.conf.5.xml:2402
 msgid ""
 "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2348
+#: sssd.conf.5.xml:2406
 msgid "<quote>none</quote> disables SUDO explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2351 sssd.conf.5.xml:2437 sssd.conf.5.xml:2507
-#: sssd.conf.5.xml:2532
+#: sssd.conf.5.xml:2409 sssd.conf.5.xml:2495 sssd.conf.5.xml:2565
+#: sssd.conf.5.xml:2590
 msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2355
+#: sssd.conf.5.xml:2413
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -2851,7 +2888,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2370
+#: sssd.conf.5.xml:2428
 msgid ""
 "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the "
 "background unless the sudo provider is explicitly disabled. Set "
@@ -2860,12 +2897,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2380
+#: sssd.conf.5.xml:2438
 msgid "selinux_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2383
+#: sssd.conf.5.xml:2441
 msgid ""
 "The provider which should handle loading of selinux settings. Note that this "
 "provider will be called right after access provider ends.  Supported selinux "
@@ -2873,7 +2910,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2389
+#: sssd.conf.5.xml:2447
 msgid ""
 "<quote>ipa</quote> to load selinux settings from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2881,31 +2918,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2397
+#: sssd.conf.5.xml:2455
 msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2400
+#: sssd.conf.5.xml:2458
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "selinux loading requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2406
+#: sssd.conf.5.xml:2464
 msgid "subdomains_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2409
+#: sssd.conf.5.xml:2467
 msgid ""
 "The provider which should handle fetching of subdomains. This value should "
 "be always the same as id_provider.  Supported subdomain providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2415
+#: sssd.conf.5.xml:2473
 msgid ""
 "<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2913,7 +2950,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2424
+#: sssd.conf.5.xml:2482
 msgid ""
 "<quote>ad</quote> to load a list of subdomains from an Active Directory "
 "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -2922,19 +2959,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2433
+#: sssd.conf.5.xml:2491
 msgid "<quote>none</quote> disallows fetching subdomains explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2443
-#, fuzzy
-#| msgid "access_provider (string)"
+#: sssd.conf.5.xml:2501
 msgid "session_provider (string)"
-msgstr "access_provider (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2446
+#: sssd.conf.5.xml:2504
 msgid ""
 "The provider which configures and manages user session related tasks. The "
 "only user session task currently provided is the integration with Fleet "
@@ -2942,43 +2977,43 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2453
+#: sssd.conf.5.xml:2511
 msgid "<quote>ipa</quote> to allow performing user session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2457
+#: sssd.conf.5.xml:2515
 msgid ""
 "<quote>none</quote> does not perform any kind of user session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2461
+#: sssd.conf.5.xml:2519
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can perform "
 "session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2465
+#: sssd.conf.5.xml:2523
 msgid ""
 "<emphasis>NOTE:</emphasis> In order to have this feature working as expected "
 "SSSD must be running as \"root\" and not as the unprivileged user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2473
+#: sssd.conf.5.xml:2531
 msgid "autofs_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2476
+#: sssd.conf.5.xml:2534
 msgid ""
 "The autofs provider used for the domain.  Supported autofs providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2480
+#: sssd.conf.5.xml:2538
 msgid ""
 "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2986,7 +3021,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2487
+#: sssd.conf.5.xml:2545
 msgid ""
 "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
 "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2994,7 +3029,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2495
+#: sssd.conf.5.xml:2553
 msgid ""
 "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3002,24 +3037,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2504
+#: sssd.conf.5.xml:2562
 msgid "<quote>none</quote> disables autofs explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2514
+#: sssd.conf.5.xml:2572
 msgid "hostid_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2517
+#: sssd.conf.5.xml:2575
 msgid ""
 "The provider used for retrieving host identity information.  Supported "
 "hostid providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2521
+#: sssd.conf.5.xml:2579
 msgid ""
 "<quote>ipa</quote> to load host identity stored in an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -3027,12 +3062,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2529
+#: sssd.conf.5.xml:2587
 msgid "<quote>none</quote> disables hostid explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2542
+#: sssd.conf.5.xml:2600
 msgid ""
 "Regular expression for this domain that describes how to parse the string "
 "containing user name and domain into these components.  The \"domain\" can "
@@ -3042,7 +3077,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2551
+#: sssd.conf.5.xml:2609
 msgid ""
 "Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
 "\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -3051,29 +3086,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2556
+#: sssd.conf.5.xml:2614
 msgid "username"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2559
+#: sssd.conf.5.xml:2617
 msgid "username@domain.name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2562
+#: sssd.conf.5.xml:2620
 msgid "domain\\username"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2565
+#: sssd.conf.5.xml:2623
 msgid ""
 "While the first two correspond to the general default the third one is "
 "introduced to allow easy integration of users from Windows domains."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2570
+#: sssd.conf.5.xml:2628
 msgid ""
 "Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
 "which translates to \"the name is everything up to the <quote>@</quote> "
@@ -3081,7 +3116,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2576
+#: sssd.conf.5.xml:2634
 msgid ""
 "PLEASE NOTE: the support for non-unique named subpatterns is not available "
 "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -3089,66 +3124,66 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2583
+#: sssd.conf.5.xml:2641
 msgid ""
 "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
 "P&lt;name&gt;) to label subpatterns."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2630
+#: sssd.conf.5.xml:2688
 msgid "Default: <quote>%1$s@%2$s</quote>."
 msgstr "Default: <quote>%1$s@%2$s</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2636
+#: sssd.conf.5.xml:2694
 msgid "lookup_family_order (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2639
+#: sssd.conf.5.xml:2697
 msgid ""
 "Provides the ability to select preferred address family to use when "
 "performing DNS lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2643
+#: sssd.conf.5.xml:2701
 msgid "Supported values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2646
+#: sssd.conf.5.xml:2704
 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2649
+#: sssd.conf.5.xml:2707
 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2652
+#: sssd.conf.5.xml:2710
 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2655
+#: sssd.conf.5.xml:2713
 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2658
+#: sssd.conf.5.xml:2716
 msgid "Default: ipv4_first"
 msgstr "Default: ipv4_first"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2664
+#: sssd.conf.5.xml:2722
 msgid "dns_resolver_timeout (integer)"
 msgstr "dns_resolver_timeout (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2667
+#: sssd.conf.5.xml:2725
 msgid ""
 "Defines the amount of time (in seconds) to wait for a reply from the "
 "internal fail over service before assuming that the service is unreachable. "
@@ -3157,77 +3192,77 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2674
+#: sssd.conf.5.xml:2732
 msgid ""
 "Please see the section <quote>FAILOVER</quote> for more information about "
 "the service resolution."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2679 sssd-ldap.5.xml:1396 sssd-ldap.5.xml:1438
+#: sssd.conf.5.xml:2737 sssd-ldap.5.xml:1396 sssd-ldap.5.xml:1438
 #: sssd-ldap.5.xml:1456 sssd-krb5.5.xml:248
 msgid "Default: 6"
 msgstr "Padrão: 6"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2685
+#: sssd.conf.5.xml:2743
 msgid "dns_discovery_domain (string)"
 msgstr "dns_discovery_domain (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2688
+#: sssd.conf.5.xml:2746
 msgid ""
 "If service discovery is used in the back end, specifies the domain part of "
 "the service discovery DNS query."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2692
+#: sssd.conf.5.xml:2750
 msgid "Default: Use the domain part of machine's hostname"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2698
+#: sssd.conf.5.xml:2756
 msgid "override_gid (integer)"
 msgstr "override_gid (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2701
+#: sssd.conf.5.xml:2759
 msgid "Override the primary GID value with the one specified."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2707
+#: sssd.conf.5.xml:2765
 msgid "case_sensitive (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2715
+#: sssd.conf.5.xml:2773
 msgid "True"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2718
+#: sssd.conf.5.xml:2776
 msgid "Case sensitive. This value is invalid for AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2724
+#: sssd.conf.5.xml:2782
 msgid "False"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2726
+#: sssd.conf.5.xml:2784
 msgid "Case insensitive."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2730
+#: sssd.conf.5.xml:2788
 msgid "Preserving"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2733
+#: sssd.conf.5.xml:2791
 msgid ""
 "Same as False (case insensitive), but does not lowercase names in the result "
 "of NSS operations. Note that name aliases (and in case of services also "
@@ -3235,7 +3270,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2710
+#: sssd.conf.5.xml:2768
 msgid ""
 "Treat user and group names as case sensitive. At the moment, this option is "
 "not supported in the local provider. Possible option values are: "
@@ -3243,17 +3278,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2745
+#: sssd.conf.5.xml:2803
 msgid "Default: True (False for AD provider)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2751
+#: sssd.conf.5.xml:2809
 msgid "subdomain_inherit (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2754
+#: sssd.conf.5.xml:2812
 msgid ""
 "Specifies a list of configuration parameters that should be inherited by a "
 "subdomain. Please note that only selected parameters can be inherited.  "
@@ -3261,34 +3296,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2760
+#: sssd.conf.5.xml:2818
 msgid "ignore_group_members"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2763
+#: sssd.conf.5.xml:2821
 msgid "ldap_purge_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2766 sssd-ldap.5.xml:1120
+#: sssd.conf.5.xml:2824 sssd-ldap.5.xml:1120
 msgid "ldap_use_tokengroups"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2769
+#: sssd.conf.5.xml:2827
 msgid "ldap_user_principal"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2772
+#: sssd.conf.5.xml:2830
 msgid ""
 "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
 "is not set explicitly)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:2778
+#: sssd.conf.5.xml:2836
 #, no-wrap
 msgid ""
 "subdomain_inherit = ldap_purge_cache_timeout\n"
@@ -3296,32 +3331,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2776 sssd-secrets.5.xml:448
+#: sssd.conf.5.xml:2834 sssd-secrets.5.xml:448
 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2785
+#: sssd.conf.5.xml:2843
 msgid "Note: This option only works with the IPA and AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2792
+#: sssd.conf.5.xml:2850
 msgid "subdomain_homedir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2803
+#: sssd.conf.5.xml:2861
 msgid "%F"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2804
+#: sssd.conf.5.xml:2862
 msgid "flat (NetBIOS) name of a subdomain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2795
+#: sssd.conf.5.xml:2853
 msgid ""
 "Use this homedir as default value for all subdomains within this domain in "
 "IPA AD trust.  See <emphasis>override_homedir</emphasis> for info about "
@@ -3331,34 +3366,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2809
+#: sssd.conf.5.xml:2867
 msgid ""
 "The value can be overridden by <emphasis>override_homedir</emphasis> option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2813
+#: sssd.conf.5.xml:2871
 msgid "Default: <filename>/home/%d/%u</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2818
+#: sssd.conf.5.xml:2876
 msgid "realmd_tags (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2821
+#: sssd.conf.5.xml:2879
 msgid ""
 "Various tags stored by the realmd configuration service for this domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2827
+#: sssd.conf.5.xml:2885
 msgid "cached_auth_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2830
+#: sssd.conf.5.xml:2888
 msgid ""
 "Specifies time in seconds since last successful online authentication for "
 "which user will be authenticated using cached credentials while SSSD is in "
@@ -3366,12 +3401,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2836
+#: sssd.conf.5.xml:2894
 msgid "Special value 0 implies that this feature is disabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2840
+#: sssd.conf.5.xml:2898
 msgid ""
 "Please note that if <quote>cached_auth_timeout</quote> is longer than "
 "<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -3379,28 +3414,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2851
-#, fuzzy
-#| msgid "auth_provider (string)"
+#: sssd.conf.5.xml:2909
 msgid "auto_private_groups (string)"
-msgstr "auth_provider (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2854
+#: sssd.conf.5.xml:2912
 msgid ""
 "If this option is enabled, SSSD will automatically create user private "
 "groups based on user's UID number. The GID number is ignored in this case."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2859
+#: sssd.conf.5.xml:2917
 msgid ""
 "For POSIX subdomains, setting the option in the main domain is inherited in "
 "the subdomain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2863
+#: sssd.conf.5.xml:2921
 msgid ""
 "For ID-mapping subdomains, auto_private_groups is already enabled for the "
 "subdomains and setting it to false will not have any effect for the "
@@ -3408,7 +3441,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2868
+#: sssd.conf.5.xml:2926
 msgid ""
 "NOTE: Because the GID number and the user private group are inferred from "
 "the UID number, it is not supported to have multiple entries with the same "
@@ -3417,7 +3450,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1677
+#: sssd.conf.5.xml:1727
 msgid ""
 "These configuration options can be present in a domain configuration "
 "section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -3425,29 +3458,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2887
+#: sssd.conf.5.xml:2945
 msgid "proxy_pam_target (string)"
 msgstr "proxy_pam_target (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2890
+#: sssd.conf.5.xml:2948
 msgid "The proxy target PAM proxies to."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2893
+#: sssd.conf.5.xml:2951
 msgid ""
 "Default: not set by default, you have to take an existing pam configuration "
 "or create a new one and add the service name here."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2901
+#: sssd.conf.5.xml:2959
 msgid "proxy_lib_name (string)"
 msgstr "proxy_lib_name (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2904
+#: sssd.conf.5.xml:2962
 msgid ""
 "The name of the NSS library to use in proxy domains. The NSS functions "
 "searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -3455,12 +3488,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2914
+#: sssd.conf.5.xml:2972
 msgid "proxy_fast_alias (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2917
+#: sssd.conf.5.xml:2975
 msgid ""
 "When a user or group is looked up by name in the proxy provider, a second "
 "lookup by ID is performed to \"canonicalize\" the name in case the requested "
@@ -3469,12 +3502,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2931
+#: sssd.conf.5.xml:2989
 msgid "proxy_max_children (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2934
+#: sssd.conf.5.xml:2992
 msgid ""
 "This option specifies the number of pre-forked proxy children. It is useful "
 "for high-load SSSD environments where sssd may run out of available child "
@@ -3482,19 +3515,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2883
+#: sssd.conf.5.xml:2941
 msgid ""
 "Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
 "\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2950
+#: sssd.conf.5.xml:3008
 msgid "Application domains"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2952
+#: sssd.conf.5.xml:3010
 msgid ""
 "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</"
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to "
@@ -3511,7 +3544,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2972
+#: sssd.conf.5.xml:3030
 msgid ""
 "Please note that the application domain must still be explicitly enabled in "
 "the <quote>domains</quote> parameter so that the lookup order between the "
@@ -3519,17 +3552,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:2978
+#: sssd.conf.5.xml:3036
 msgid "Application domain parameters"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2980
+#: sssd.conf.5.xml:3038
 msgid "inherit_from (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2983
+#: sssd.conf.5.xml:3041
 msgid ""
 "The SSSD POSIX-type domain the application domain inherits all settings "
 "from. The application domain can moreover add its own settings to the "
@@ -3538,7 +3571,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2997
+#: sssd.conf.5.xml:3055
 msgid ""
 "The following example illustrates the use of an application domain. In this "
 "setup, the POSIX domain is connected to an LDAP server and is used by the OS "
@@ -3548,7 +3581,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting>
-#: sssd.conf.5.xml:3005
+#: sssd.conf.5.xml:3063
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -3568,12 +3601,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:3023
+#: sssd.conf.5.xml:3081
 msgid "The local domain section"
 msgstr "A secção de domínio local"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:3025
+#: sssd.conf.5.xml:3083
 msgid ""
 "This section contains settings for domain that stores users and groups in "
 "SSSD native database, that is, a domain that uses "
@@ -3581,73 +3614,73 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3032
+#: sssd.conf.5.xml:3090
 msgid "default_shell (string)"
 msgstr "default_shell (string)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3035
+#: sssd.conf.5.xml:3093
 msgid "The default shell for users created with SSSD userspace tools."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3039
+#: sssd.conf.5.xml:3097
 msgid "Default: <filename>/bin/bash</filename>"
 msgstr "Padrão: <filename>bash/bin/bash</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3044
+#: sssd.conf.5.xml:3102
 msgid "base_directory (string)"
 msgstr "base_directory (string)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3047
+#: sssd.conf.5.xml:3105
 msgid ""
 "The tools append the login name to <replaceable>base_directory</replaceable> "
 "and use that as the home directory."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3052
+#: sssd.conf.5.xml:3110
 msgid "Default: <filename>/home</filename>"
 msgstr "Padrão: <filename>/ home</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3057
+#: sssd.conf.5.xml:3115
 msgid "create_homedir (bool)"
 msgstr "create_homedir (bool)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3060
+#: sssd.conf.5.xml:3118
 msgid ""
 "Indicate if a home directory should be created by default for new users.  "
 "Can be overridden on command line."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3064 sssd.conf.5.xml:3076
+#: sssd.conf.5.xml:3122 sssd.conf.5.xml:3134
 msgid "Default: TRUE"
 msgstr "Padrão: TRUE"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3069
+#: sssd.conf.5.xml:3127
 msgid "remove_homedir (bool)"
 msgstr "remove_homedir (bool)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3072
+#: sssd.conf.5.xml:3130
 msgid ""
 "Indicate if a home directory should be removed by default for deleted "
 "users.  Can be overridden on command line."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3081
+#: sssd.conf.5.xml:3139
 msgid "homedir_umask (integer)"
 msgstr "homedir_umask (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3084
+#: sssd.conf.5.xml:3142
 msgid ""
 "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
 "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -3655,17 +3688,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3092
+#: sssd.conf.5.xml:3150
 msgid "Default: 077"
 msgstr "Padrão: 077"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3097
+#: sssd.conf.5.xml:3155
 msgid "skel_dir (string)"
 msgstr "skel_dir (string)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3100
+#: sssd.conf.5.xml:3158
 msgid ""
 "The skeleton directory, which contains files and directories to be copied in "
 "the user's home directory, when the home directory is created by "
@@ -3674,17 +3707,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3110
+#: sssd.conf.5.xml:3168
 msgid "Default: <filename>/etc/skel</filename>"
 msgstr "Padrão: <filename>skel/etc/skel</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3115
+#: sssd.conf.5.xml:3173
 msgid "mail_dir (string)"
 msgstr "mail_dir (string)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3118
+#: sssd.conf.5.xml:3176
 msgid ""
 "The mail spool directory. This is needed to manipulate the mailbox when its "
 "corresponding user account is modified or deleted.  If not specified, a "
@@ -3692,17 +3725,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3125
+#: sssd.conf.5.xml:3183
 msgid "Default: <filename>/var/mail</filename>"
 msgstr "Padrão: <filename>mail/var/mail</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3130
+#: sssd.conf.5.xml:3188
 msgid "userdel_cmd (string)"
 msgstr "userdel_cmd (string)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3133
+#: sssd.conf.5.xml:3191
 msgid ""
 "The command that is run after a user is removed.  The command us passed the "
 "username of the user being removed as the first and only parameter. The "
@@ -3710,17 +3743,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3139
+#: sssd.conf.5.xml:3197
 msgid "Default: None, no command is run"
 msgstr "Padrão: None, nenhum comando é executado"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:3149
+#: sssd.conf.5.xml:3207
 msgid "TRUSTED DOMAIN SECTION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3151
+#: sssd.conf.5.xml:3209
 msgid ""
 "Some options used in the domain section can also be used in the trusted "
 "domain section, that is, in a section called <quote>[domain/"
@@ -3731,64 +3764,64 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3158
+#: sssd.conf.5.xml:3216
 msgid "ldap_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3159
+#: sssd.conf.5.xml:3217
 msgid "ldap_user_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3160
+#: sssd.conf.5.xml:3218
 msgid "ldap_group_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3161
+#: sssd.conf.5.xml:3219
 msgid "ldap_netgroup_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3162
+#: sssd.conf.5.xml:3220
 msgid "ldap_service_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3163
+#: sssd.conf.5.xml:3221
 msgid "ad_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3164
+#: sssd.conf.5.xml:3222
 msgid "ad_backup_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3165
+#: sssd.conf.5.xml:3223
 msgid "ad_site,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3166
+#: sssd.conf.5.xml:3224
 msgid "use_fully_qualified_names"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3168
+#: sssd.conf.5.xml:3226
 msgid ""
 "For more details about these options see their individual description in the "
 "manual page."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:3174 idmap_sss.8.xml:43
+#: sssd.conf.5.xml:3232 idmap_sss.8.xml:43
 msgid "EXAMPLES"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:3180
+#: sssd.conf.5.xml:3238
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -3842,7 +3875,7 @@ msgstr ""
 "enumerate = False\n"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3176
+#: sssd.conf.5.xml:3234
 msgid ""
 "1. The following example shows a typical SSSD config. It does not describe "
 "configuration of the domains themselves - refer to documentation on "
@@ -3851,7 +3884,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:3213
+#: sssd.conf.5.xml:3271
 #, no-wrap
 msgid ""
 "[domain/ipa.com/child.ad.com]\n"
@@ -3859,7 +3892,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3207
+#: sssd.conf.5.xml:3265
 msgid ""
 "2. The following example shows configuration of IPA AD trust where the AD "
 "forest consists of two domains in a parent-child structure.  Suppose IPA "
@@ -3907,7 +3940,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:81 sssd-ad.5.xml:112
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:81 sssd-ad.5.xml:115
 #: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44 sssd-files.5.xml:57
 #: sssd-secrets.5.xml:120 sssd-session-recording.5.xml:58 sssd-kcm.8.xml:139
 msgid "CONFIGURATION OPTIONS"
@@ -4008,7 +4041,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:662 sssd-ad.5.xml:283
+#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:662 sssd-ad.5.xml:286
 #: sss_override.8.xml:137 sss_override.8.xml:234
 msgid "Examples:"
 msgstr "Exemplos:"
@@ -4810,10 +4843,8 @@ msgstr "Padrão: host"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:833
-#, fuzzy
-#| msgid "ldap_user_authorized_host (string)"
 msgid "ldap_user_authorized_rhost (string)"
-msgstr "ldap_user_authorized_host (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:836
@@ -4840,10 +4871,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:855
-#, fuzzy
-#| msgid "Default: host"
 msgid "Default: rhost"
-msgstr "Padrão: host"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:861
@@ -4857,10 +4886,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:868
-#, fuzzy
-#| msgid "Default: filter"
 msgid "Default: userCertificate;binary"
-msgstr "Padrão: filter"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:874
@@ -5194,10 +5221,8 @@ msgstr "ldap_netgroup_modify_timestamp (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1216
-#, fuzzy
-#| msgid "ldap_search_base (string)"
 msgid "ldap_host_object_class (string)"
-msgstr "ldap_search_base (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1219
@@ -5211,10 +5236,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1228
-#, fuzzy
-#| msgid "ipa_hostname (string)"
 msgid "ldap_host_name (string)"
-msgstr "ipa_hostname (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1257
@@ -5223,10 +5246,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1241
-#, fuzzy
-#| msgid "ipa_hostname (string)"
 msgid "ldap_host_fqdn (string)"
-msgstr "ipa_hostname (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1244
@@ -5237,31 +5258,23 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1248
-#, fuzzy
-#| msgid "Default: cn"
 msgid "Default: fqdn"
-msgstr "Padrão: NC"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1254
-#, fuzzy
-#| msgid "ipa_hostname (string)"
 msgid "ldap_host_serverhostname (string)"
-msgstr "ipa_hostname (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1261
-#, fuzzy
-#| msgid "Default: none"
 msgid "Default: serverHostname"
-msgstr "Padrão: none"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1267
-#, fuzzy
-#| msgid "ldap_deref (string)"
 msgid "ldap_host_member_of (string)"
-msgstr "ldap_deref (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1270
@@ -5270,10 +5283,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1280
-#, fuzzy
-#| msgid "ldap_search_base (string)"
 msgid "ldap_host_search_base (string)"
-msgstr "ldap_search_base (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1283
@@ -5295,10 +5306,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1299
-#, fuzzy
-#| msgid "ldap_pwd_policy (string)"
 msgid "ldap_host_ssh_public_key (string)"
-msgstr "ldap_pwd_policy (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1302
@@ -5307,10 +5316,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1312
-#, fuzzy
-#| msgid "ldap_sasl_authid (string)"
 msgid "ldap_host_uuid (string)"
-msgstr "ldap_sasl_authid (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1315
@@ -5855,7 +5862,7 @@ msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1853 sssd-ad.5.xml:934
+#: sssd-ldap.5.xml:1853 sssd-ad.5.xml:937
 msgid "Default: 86400 (24 hours)"
 msgstr "Padrão: 86400 (24 horas)"
 
@@ -6399,10 +6406,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:2341 sssd-ifp.5.xml:136
-#, fuzzy
-#| msgid "ldap_opt_timeout (integer)"
 msgid "wildcard_limit (integer)"
-msgstr "ldap_opt_timeout (integer)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:2344
@@ -6929,8 +6934,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd-ldap.5.xml:2816 sssd-simple.5.xml:131 sssd-ipa.5.xml:736
-#: sssd-ad.5.xml:1038 sssd-krb5.5.xml:570 sss_rpcidmapd.5.xml:98
-#: sssd-files.5.xml:71 sssd-session-recording.5.xml:144
+#: sssd-ad.5.xml:1041 sssd-krb5.5.xml:570 sss_rpcidmapd.5.xml:98
+#: sssd-files.5.xml:103 sssd-session-recording.5.xml:144
 msgid "EXAMPLE"
 msgstr "EXEMPLO"
 
@@ -6957,8 +6962,8 @@ msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para>
 #: sssd-ldap.5.xml:2823 sssd-ldap.5.xml:2841 sssd-simple.5.xml:139
-#: sssd-ipa.5.xml:744 sssd-ad.5.xml:1046 sssd-sudo.5.xml:56 sssd-krb5.5.xml:579
-#: sssd-files.5.xml:78 sssd-session-recording.5.xml:150
+#: sssd-ipa.5.xml:744 sssd-ad.5.xml:1049 sssd-sudo.5.xml:56 sssd-krb5.5.xml:579
+#: sssd-files.5.xml:110 sssd-session-recording.5.xml:150
 #: include/ldap_id_mapping.xml:105
 msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
@@ -6993,7 +6998,7 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd-ldap.5.xml:2857 sssd_krb5_locator_plugin.8.xml:61 sssd-simple.5.xml:148
-#: sssd-ad.5.xml:1061 sssd.8.xml:230 sss_seed.8.xml:163
+#: sssd-ad.5.xml:1064 sssd.8.xml:230 sss_seed.8.xml:163
 msgid "NOTES"
 msgstr "NOTAS"
 
@@ -7404,7 +7409,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:82 sssd-ad.5.xml:113
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:82 sssd-ad.5.xml:116
 msgid ""
 "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
 "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -7501,23 +7506,24 @@ msgstr ""
 msgid ""
 "The rules are processed by priority while the number '0' (zero)  indicates "
 "the highest priority. The higher the number the lower is the priority. A "
-"missing value indicates the lowest priority."
+"missing value indicates the lowest priority. The rules processing is stopped "
+"when a matched rule is found and no further rules are checked."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:50
+#: sss-certmap.5.xml:52
 msgid ""
 "Internally the priority is treated as unsigned 32bit integer, using a "
 "priority value larger than 4294967295 will cause an error."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sss-certmap.5.xml:55
+#: sss-certmap.5.xml:57
 msgid "MATCHING RULE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:57
+#: sss-certmap.5.xml:59
 msgid ""
 "The matching rule is used to select a certificate to which the mapping rule "
 "should be applied. It uses a system similar to the one used by "
@@ -7529,12 +7535,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:69
+#: sss-certmap.5.xml:71
 msgid "&lt;SUBJECT&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:72
+#: sss-certmap.5.xml:74
 msgid ""
 "With this a part or the whole subject name of the certificate can be "
 "matched. For the matching POSIX Extended Regular Expression syntax is used, "
@@ -7542,7 +7548,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:78
+#: sss-certmap.5.xml:80
 msgid ""
 "For the matching the subject name stored in the certificate in DER encoded "
 "ASN.1 is converted into a string according to RFC 4514. This means the most "
@@ -7555,172 +7561,172 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:91
+#: sss-certmap.5.xml:93
 msgid "Example: &lt;SUBJECT&gt;.*,DC=MY,DC=DOMAIN"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:96
+#: sss-certmap.5.xml:98
 msgid "&lt;ISSUER&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:99
+#: sss-certmap.5.xml:101
 msgid ""
 "With this a part or the whole issuer name of the certificate can be matched. "
 "All comments for &lt;SUBJECT&gt; apply her as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:104
+#: sss-certmap.5.xml:106
 msgid "Example: &lt;ISSUER&gt;^CN=My-CA,DC=MY,DC=DOMAIN$"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:109
+#: sss-certmap.5.xml:111
 msgid "&lt;KU&gt;key-usage"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:112
+#: sss-certmap.5.xml:114
 msgid ""
 "This option can be used to specify which key usage values the certificate "
 "should have. The following values can be used in a comma separated list:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:116
+#: sss-certmap.5.xml:118
 msgid "digitalSignature"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:117
+#: sss-certmap.5.xml:119
 msgid "nonRepudiation"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:118
+#: sss-certmap.5.xml:120
 msgid "keyEncipherment"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:119
+#: sss-certmap.5.xml:121
 msgid "dataEncipherment"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:120
+#: sss-certmap.5.xml:122
 msgid "keyAgreement"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:121
+#: sss-certmap.5.xml:123
 msgid "keyCertSign"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:122
+#: sss-certmap.5.xml:124
 msgid "cRLSign"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:123
+#: sss-certmap.5.xml:125
 msgid "encipherOnly"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:124
+#: sss-certmap.5.xml:126
 msgid "decipherOnly"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:128
+#: sss-certmap.5.xml:130
 msgid ""
 "A numerical value in the range of a 32bit unsigned integer can be used as "
 "well to cover special use cases."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:132
+#: sss-certmap.5.xml:134
 msgid "Example: &lt;KU&gt;digitalSignature,keyEncipherment"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:137
+#: sss-certmap.5.xml:139
 msgid "&lt;EKU&gt;extended-key-usage"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:140
+#: sss-certmap.5.xml:142
 msgid ""
 "This option can be used to specify which extended key usage the certificate "
 "should have. The following value can be used in a comma separated list:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:144
+#: sss-certmap.5.xml:146
 msgid "serverAuth"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:145
+#: sss-certmap.5.xml:147
 msgid "clientAuth"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:146
+#: sss-certmap.5.xml:148
 msgid "codeSigning"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:147
+#: sss-certmap.5.xml:149
 msgid "emailProtection"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:148
+#: sss-certmap.5.xml:150
 msgid "timeStamping"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:149
+#: sss-certmap.5.xml:151
 msgid "OCSPSigning"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:150
+#: sss-certmap.5.xml:152
 msgid "KPClientAuth"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:151
+#: sss-certmap.5.xml:153
 msgid "pkinit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:152
+#: sss-certmap.5.xml:154
 msgid "msScLogin"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:156
+#: sss-certmap.5.xml:158
 msgid ""
 "Extended key usages which are not listed above can be specified with their "
 "OID in dotted-decimal notation."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:160
+#: sss-certmap.5.xml:162
 msgid "Example: &lt;EKU&gt;clientAuth,1.3.6.1.5.2.3.4"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:165
+#: sss-certmap.5.xml:167
 msgid "&lt;SAN&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:168
+#: sss-certmap.5.xml:170
 msgid ""
 "To be compatible with the usage of MIT Kerberos this option will match the "
 "Kerberos principals in the PKINIT or AD NT Principal SAN as &lt;SAN:"
@@ -7728,62 +7734,62 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:173
+#: sss-certmap.5.xml:175
 msgid "Example: &lt;SAN&gt;.*@MY\\.REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:178
+#: sss-certmap.5.xml:180
 msgid "&lt;SAN:Principal&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:181
+#: sss-certmap.5.xml:183
 msgid "Match the Kerberos principals in the PKINIT or AD NT Principal SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:185
+#: sss-certmap.5.xml:187
 msgid "Example: &lt;SAN:Principal&gt;.*@MY\\.REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:190
+#: sss-certmap.5.xml:192
 msgid "&lt;SAN:ntPrincipalName&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:193
+#: sss-certmap.5.xml:195
 msgid "Match the Kerberos principals from the AD NT Principal SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:197
+#: sss-certmap.5.xml:199
 msgid "Example: &lt;SAN:ntPrincipalName&gt;.*@MY.AD.REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:202
+#: sss-certmap.5.xml:204
 msgid "&lt;SAN:pkinit&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:205
+#: sss-certmap.5.xml:207
 msgid "Match the Kerberos principals from the PKINIT SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:208
+#: sss-certmap.5.xml:210
 msgid "Example: &lt;SAN:ntPrincipalName&gt;.*@MY\\.PKINIT\\.REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:213
+#: sss-certmap.5.xml:215
 msgid "&lt;SAN:dotted-decimal-oid&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:216
+#: sss-certmap.5.xml:218
 msgid ""
 "Take the value of the otherName SAN component given by the OID in dotted-"
 "decimal notation, interpret it as string and try to match it against the "
@@ -7791,17 +7797,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:222
+#: sss-certmap.5.xml:224
 msgid "Example: &lt;SAN:1.2.3.4&gt;test"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:227
+#: sss-certmap.5.xml:229
 msgid "&lt;SAN:otherName&gt;base64-string"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:230
+#: sss-certmap.5.xml:232
 msgid ""
 "Do a binary match with the base64 encoded blob against all otherName SAN "
 "components. With this option it is possible to match against custom "
@@ -7810,145 +7816,145 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:237
+#: sss-certmap.5.xml:239
 msgid "Example: &lt;SAN:otherName&gt;MTIz"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:242
+#: sss-certmap.5.xml:244
 msgid "&lt;SAN:rfc822Name&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:245
+#: sss-certmap.5.xml:247
 msgid "Match the value of the rfc822Name SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:248
+#: sss-certmap.5.xml:250
 msgid "Example: &lt;SAN:rfc822Name&gt;.*@email\\.domain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:253
+#: sss-certmap.5.xml:255
 msgid "&lt;SAN:dNSName&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:256
+#: sss-certmap.5.xml:258
 msgid "Match the value of the dNSName SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:259
+#: sss-certmap.5.xml:261
 msgid "Example: &lt;SAN:dNSName&gt;.*\\.my\\.dns\\.domain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:264
+#: sss-certmap.5.xml:266
 msgid "&lt;SAN:x400Address&gt;base64-string"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:267
+#: sss-certmap.5.xml:269
 msgid "Binary match the value of the x400Address SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:270
+#: sss-certmap.5.xml:272
 msgid "Example: &lt;SAN:x400Address&gt;MTIz"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:275
+#: sss-certmap.5.xml:277
 msgid "&lt;SAN:directoryName&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:278
+#: sss-certmap.5.xml:280
 msgid ""
 "Match the value of the directoryName SAN. The same comments as given for &lt;"
 "ISSUER&gt; and &lt;SUBJECT&gt; apply here as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:283
+#: sss-certmap.5.xml:285
 msgid "Example: &lt;SAN:directoryName&gt;.*,DC=com"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:288
+#: sss-certmap.5.xml:290
 msgid "&lt;SAN:ediPartyName&gt;base64-string"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:291
+#: sss-certmap.5.xml:293
 msgid "Binary match the value of the ediPartyName SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:294
+#: sss-certmap.5.xml:296
 msgid "Example: &lt;SAN:ediPartyName&gt;MTIz"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:299
+#: sss-certmap.5.xml:301
 msgid "&lt;SAN:uniformResourceIdentifier&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:302
+#: sss-certmap.5.xml:304
 msgid "Match the value of the uniformResourceIdentifier SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:305
+#: sss-certmap.5.xml:307
 msgid "Example: &lt;SAN:uniformResourceIdentifier&gt;URN:.*"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:310
+#: sss-certmap.5.xml:312
 msgid "&lt;SAN:iPAddress&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:313
+#: sss-certmap.5.xml:315
 msgid "Match the value of the iPAddress SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:316
+#: sss-certmap.5.xml:318
 msgid "Example: &lt;SAN:iPAddress&gt;192\\.168\\..*"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:321
+#: sss-certmap.5.xml:323
 msgid "&lt;SAN:registeredID&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:324
+#: sss-certmap.5.xml:326
 msgid "Match the value of the registeredID SAN as dotted-decimal string."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:328
+#: sss-certmap.5.xml:330
 msgid "Example: &lt;SAN:registeredID&gt;1\\.2\\.3\\..*"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:66
+#: sss-certmap.5.xml:68
 msgid ""
 "The available options are: <placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sss-certmap.5.xml:336
+#: sss-certmap.5.xml:338
 msgid "MAPPING RULE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:338
+#: sss-certmap.5.xml:340
 msgid ""
 "The mapping rule is used to associate a certificate with one or more "
 "accounts. A Smartcard with the certificate and the matching private key can "
@@ -7956,7 +7962,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:343
+#: sss-certmap.5.xml:345
 msgid ""
 "Currently SSSD basically only supports LDAP to lookup user information (the "
 "exception is the proxy provider which is not of relevance here). Because of "
@@ -7968,7 +7974,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:353
+#: sss-certmap.5.xml:355
 msgid ""
 "In general it is recommended to use attributes from the certificate and add "
 "them to special attributes to the LDAP user object. E.g. the "
@@ -7977,7 +7983,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:359
+#: sss-certmap.5.xml:361
 msgid ""
 "This should be preferred to read user specific data from the certificate "
 "like e.g. an email address and search for it in the LDAP server. The reason "
@@ -7987,12 +7993,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:374
+#: sss-certmap.5.xml:376
 msgid "{issuer_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:377
+#: sss-certmap.5.xml:379
 msgid ""
 "This template will add the full issuer DN converted to a string according to "
 "RFC 4514. If X.500 ordering (most specific RDN comes last) an option with "
@@ -8000,40 +8006,40 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:383 sss-certmap.5.xml:409
+#: sss-certmap.5.xml:385 sss-certmap.5.xml:411
 msgid ""
 "The conversion options starting with 'ad_' will use attribute names as used "
 "by AD, e.g. 'S' instead of 'ST'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:387 sss-certmap.5.xml:413
+#: sss-certmap.5.xml:389 sss-certmap.5.xml:415
 msgid ""
 "The conversion options starting with 'nss_' will use attribute names as used "
 "by NSS."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:391 sss-certmap.5.xml:417
+#: sss-certmap.5.xml:393 sss-certmap.5.xml:419
 msgid ""
 "The default conversion option is 'nss', i.e. attribute names according to "
 "NSS and LDAP/RFC 4514 ordering."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:395
+#: sss-certmap.5.xml:397
 msgid ""
 "Example: (ipacertmapdata=X509:&lt;I&gt;{issuer_dn!ad}&lt;S&gt;{subject_dn!"
 "ad})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:400
+#: sss-certmap.5.xml:402
 msgid "{subject_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:403
+#: sss-certmap.5.xml:405
 msgid ""
 "This template will add the full subject DN converted to string according to "
 "RFC 4514. If X.500 ordering (most specific RDN comes last) an option with "
@@ -8041,19 +8047,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:421
+#: sss-certmap.5.xml:423
 msgid ""
 "Example: (ipacertmapdata=X509:&lt;I&gt;{issuer_dn!nss_x500}&lt;S&gt;"
 "{subject_dn!nss_x500})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:426
+#: sss-certmap.5.xml:428
 msgid "{cert[!(bin|base64)]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:429
+#: sss-certmap.5.xml:431
 msgid ""
 "This template will add the whole DER encoded certificate as a string to the "
 "search filter. Depending on the conversion option the binary certificate is "
@@ -8063,17 +8069,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:437
+#: sss-certmap.5.xml:439
 msgid "Example: (userCertificate;binary={cert!bin})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:442
+#: sss-certmap.5.xml:444
 msgid "{subject_principal[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:445
+#: sss-certmap.5.xml:447
 msgid ""
 "This template will add the Kerberos principal which is taken either from the "
 "SAN used by pkinit or the one used by AD. The 'short_name' component "
@@ -8081,19 +8087,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:451 sss-certmap.5.xml:479
+#: sss-certmap.5.xml:453 sss-certmap.5.xml:481
 msgid ""
 "Example: (|(userPrincipal={subject_principal})"
 "(samAccountName={subject_principal.short_name}))"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:456
+#: sss-certmap.5.xml:458
 msgid "{subject_pkinit_principal[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:459
+#: sss-certmap.5.xml:461
 msgid ""
 "This template will add the Kerberos principal which is given by the SAN used "
 "by pkinit. The 'short_name' component represents the first part of the "
@@ -8101,19 +8107,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:465
+#: sss-certmap.5.xml:467
 msgid ""
 "Example: (|(userPrincipal={subject_pkinit_principal})"
 "(uid={subject_pkinit_principal.short_name}))"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:470
+#: sss-certmap.5.xml:472
 msgid "{subject_nt_principal[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:473
+#: sss-certmap.5.xml:475
 msgid ""
 "This template will add the Kerberos principal which is given by the SAN used "
 "by AD. The 'short_name' component represent the first part of the principal "
@@ -8121,12 +8127,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:484
+#: sss-certmap.5.xml:486
 msgid "{subject_rfc822_name[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:487
+#: sss-certmap.5.xml:489
 msgid ""
 "This template will add the string which is stored in the rfc822Name "
 "component of the SAN, typically an email address. The 'short_name' component "
@@ -8134,19 +8140,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:493
+#: sss-certmap.5.xml:495
 msgid ""
 "Example: (|(mail={subject_rfc822_name})(uid={subject_rfc822_name."
 "short_name}))"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:498
+#: sss-certmap.5.xml:500
 msgid "{subject_dns_name[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:501
+#: sss-certmap.5.xml:503
 msgid ""
 "This template will add the string which is stored in the dNSName component "
 "of the SAN, typically a fully-qualified host name.  The 'short_name' "
@@ -8154,116 +8160,116 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:507
+#: sss-certmap.5.xml:509
 msgid ""
 "Example: (|(fqdn={subject_dns_name})(host={subject_dns_name.short_name}))"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:512
+#: sss-certmap.5.xml:514
 msgid "{subject_uri}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:515
+#: sss-certmap.5.xml:517
 msgid ""
 "This template will add the string which is stored in the "
 "uniformResourceIdentifier component of the SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:519
+#: sss-certmap.5.xml:521
 msgid "Example: (uri={subject_uri})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:524
+#: sss-certmap.5.xml:526
 msgid "{subject_ip_address}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:527
+#: sss-certmap.5.xml:529
 msgid ""
 "This template will add the string which is stored in the iPAddress component "
 "of the SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:531
+#: sss-certmap.5.xml:533
 msgid "Example: (ip={subject_ip_address})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:536
+#: sss-certmap.5.xml:538
 msgid "{subject_x400_address}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:539
+#: sss-certmap.5.xml:541
 msgid ""
 "This template will add the value which is stored in the x400Address "
 "component of the SAN as escaped hex sequence."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:544
+#: sss-certmap.5.xml:546
 msgid "Example: (attr:binary={subject_x400_address})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:549
+#: sss-certmap.5.xml:551
 msgid ""
 "{subject_directory_name[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:552
+#: sss-certmap.5.xml:554
 msgid ""
 "This template will add the DN string of the value which is stored in the "
 "directoryName component of the SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:556
+#: sss-certmap.5.xml:558
 msgid "Example: (orig_dn={subject_directory_name})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:561
+#: sss-certmap.5.xml:563
 msgid "{subject_ediparty_name}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:564
+#: sss-certmap.5.xml:566
 msgid ""
 "This template will add the value which is stored in the ediPartyName "
 "component of the SAN as escaped hex sequence."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:569
+#: sss-certmap.5.xml:571
 msgid "Example: (attr:binary={subject_ediparty_name})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:574
+#: sss-certmap.5.xml:576
 msgid "{subject_registered_id}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:577
+#: sss-certmap.5.xml:579
 msgid ""
 "This template will add the OID which is stored in the registeredID component "
 "of the SAN as a dotted-decimal string."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:582
+#: sss-certmap.5.xml:584
 msgid "Example: (oid={subject_registered_id})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:367
+#: sss-certmap.5.xml:369
 msgid ""
 "The templates to add certificate data to the search filter are based on "
 "Python-style formatting strings. They consist of a keyword in curly braces "
@@ -8273,12 +8279,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sss-certmap.5.xml:590
+#: sss-certmap.5.xml:592
 msgid "DOMAIN LIST"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:592
+#: sss-certmap.5.xml:594
 msgid ""
 "If the domain list is not empty users mapped to a given certificate are not "
 "only searched in the local domain but in the listed domains as well as long "
@@ -8399,7 +8405,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:863
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:866
 msgid "dyndns_update (boolean)"
 msgstr ""
 
@@ -8414,7 +8420,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:140 sssd-ad.5.xml:877
+#: sssd-ipa.5.xml:140 sssd-ad.5.xml:880
 msgid ""
 "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
 "the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -8429,12 +8435,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:157 sssd-ad.5.xml:888
+#: sssd-ipa.5.xml:157 sssd-ad.5.xml:891
 msgid "dyndns_ttl (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:160 sssd-ad.5.xml:891
+#: sssd-ipa.5.xml:160 sssd-ad.5.xml:894
 msgid ""
 "The TTL to apply to the client DNS record when updating it.  If "
 "dyndns_update is false this has no effect. This will override the TTL "
@@ -8455,12 +8461,12 @@ msgid "Default: 1200 (seconds)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:177 sssd-ad.5.xml:902
+#: sssd-ipa.5.xml:177 sssd-ad.5.xml:905
 msgid "dyndns_iface (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:180 sssd-ad.5.xml:905
+#: sssd-ipa.5.xml:180 sssd-ad.5.xml:908
 msgid ""
 "Optional. Applicable only when dyndns_update is true. Choose the interface "
 "or a list of interfaces whose IP addresses should be used for dynamic DNS "
@@ -8484,17 +8490,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:197 sssd-ad.5.xml:916
+#: sssd-ipa.5.xml:197 sssd-ad.5.xml:919
 msgid "Example: dyndns_iface = em1, vnet1, vnet2"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:203 sssd-ad.5.xml:967
+#: sssd-ipa.5.xml:203 sssd-ad.5.xml:970
 msgid "dyndns_auth (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:206 sssd-ad.5.xml:970
+#: sssd-ipa.5.xml:206 sssd-ad.5.xml:973
 msgid ""
 "Whether the nsupdate utility should use GSS-TSIG authentication for secure "
 "updates with the DNS server, insecure updates can be sent by setting this "
@@ -8502,7 +8508,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:212 sssd-ad.5.xml:976
+#: sssd-ipa.5.xml:212 sssd-ad.5.xml:979
 msgid "Default: GSS-TSIG"
 msgstr ""
 
@@ -8512,7 +8518,7 @@ msgid "ipa_enable_dns_sites (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:221 sssd-ad.5.xml:210
+#: sssd-ipa.5.xml:221 sssd-ad.5.xml:213
 msgid "Enables DNS sites - location based service discovery."
 msgstr ""
 
@@ -8529,7 +8535,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:244 sssd-ad.5.xml:922
+#: sssd-ipa.5.xml:244 sssd-ad.5.xml:925
 msgid "dyndns_refresh_interval (integer)"
 msgstr ""
 
@@ -8542,12 +8548,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:940
+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:943
 msgid "dyndns_update_ptr (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:263 sssd-ad.5.xml:943
+#: sssd-ipa.5.xml:263 sssd-ad.5.xml:946
 msgid ""
 "Whether the PTR record should also be explicitly updated when updating the "
 "client's DNS records.  Applicable only when dyndns_update is true."
@@ -8566,59 +8572,57 @@ msgid "Default: False (disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:280 sssd-ad.5.xml:954
+#: sssd-ipa.5.xml:280 sssd-ad.5.xml:957
 msgid "dyndns_force_tcp (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:283 sssd-ad.5.xml:957
+#: sssd-ipa.5.xml:283 sssd-ad.5.xml:960
 msgid ""
 "Whether the nsupdate utility should default to using TCP for communicating "
 "with the DNS server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:287 sssd-ad.5.xml:961
+#: sssd-ipa.5.xml:287 sssd-ad.5.xml:964
 msgid "Default: False (let nsupdate choose the protocol)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:293 sssd-ad.5.xml:982
+#: sssd-ipa.5.xml:293 sssd-ad.5.xml:985
 msgid "dyndns_server (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:296 sssd-ad.5.xml:985
+#: sssd-ipa.5.xml:296 sssd-ad.5.xml:988
 msgid ""
 "The DNS server to use when performing a DNS update. In most setups, it's "
 "recommended to leave this option unset."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:301 sssd-ad.5.xml:990
+#: sssd-ipa.5.xml:301 sssd-ad.5.xml:993
 msgid ""
 "Setting this option makes sense for environments where the DNS server is "
 "different from the identity server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:306 sssd-ad.5.xml:995
+#: sssd-ipa.5.xml:306 sssd-ad.5.xml:998
 msgid ""
 "Please note that this option will be only used in fallback attempt when "
 "previous attempt using autodetected settings failed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1000
+#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1003
 msgid "Default: None (let nsupdate choose the server)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:317
-#, fuzzy
-#| msgid "ipa_hbac_search_base (string)"
 msgid "ipa_deskprofile_search_base (string)"
-msgstr "ipa_hbac_search_base (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:320
@@ -8722,36 +8726,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:443 sssd-ad.5.xml:1009
+#: sssd-ipa.5.xml:443 sssd-ad.5.xml:1012
 msgid "krb5_confd_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:446 sssd-ad.5.xml:1012
+#: sssd-ipa.5.xml:446 sssd-ad.5.xml:1015
 msgid ""
 "Absolute path of a directory where SSSD should place Kerberos configuration "
 "snippets."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:450 sssd-ad.5.xml:1016
+#: sssd-ipa.5.xml:450 sssd-ad.5.xml:1019
 msgid ""
 "To disable the creation of the configuration snippets set the parameter to "
 "'none'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454 sssd-ad.5.xml:1020
+#: sssd-ipa.5.xml:454 sssd-ad.5.xml:1023
 msgid ""
 "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:461
-#, fuzzy
-#| msgid "config_file_version (integer)"
 msgid "ipa_deskprofile_refresh (integer)"
-msgstr "config_file_version (integer)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:464
@@ -8762,7 +8764,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471 sssd-ipa.5.xml:501 sssd-ipa.5.xml:517 sssd-ad.5.xml:428
+#: sssd-ipa.5.xml:471 sssd-ipa.5.xml:501 sssd-ipa.5.xml:517 sssd-ad.5.xml:431
 msgid "Default: 5 (seconds)"
 msgstr ""
 
@@ -8780,10 +8782,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:485
-#, fuzzy
-#| msgid "Default: 0 (unlimited)"
 msgid "Default: 60 (minutes)"
-msgstr "Padrão: 0 (ilimitado)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:491
@@ -9184,11 +9184,13 @@ msgid ""
 "POSIX attributes are not replicated to the Global Catalog, SSSD must search "
 "all the domains in the forest sequentially. Please note that the "
 "<quote>cache_first</quote> option might be also helpful in speeding up "
-"domainless searches."
+"domainless searches.  Note that if only a subset of POSIX attributes is "
+"present in the Global Catalog, the non-replicated attributes are currently "
+"not read from the LDAP port."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:105
+#: sssd-ad.5.xml:108
 msgid ""
 "Users, groups and other entities served by SSSD are always treated as case-"
 "insensitive in the AD provider for compatibility with Active Directory's "
@@ -9196,38 +9198,38 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:120
+#: sssd-ad.5.xml:123
 msgid "ad_domain (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:123
+#: sssd-ad.5.xml:126
 msgid ""
 "Specifies the name of the Active Directory domain.  This is optional. If not "
 "provided, the configuration domain name is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:128
+#: sssd-ad.5.xml:131
 msgid ""
 "For proper operation, this option should be specified as the lower-case "
 "version of the long version of the Active Directory domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:133
+#: sssd-ad.5.xml:136
 msgid ""
 "The short domain name (also known as the NetBIOS or the flat name) is "
 "autodetected by the SSSD."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:140
+#: sssd-ad.5.xml:143
 msgid "ad_enabled_domains (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:143
+#: sssd-ad.5.xml:146
 msgid ""
 "A comma-separated list of enabled Active Directory domains.  If provided, "
 "SSSD will ignore any domains not listed in this option. If left unset, all "
@@ -9235,7 +9237,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:153
+#: sssd-ad.5.xml:156
 #, no-wrap
 msgid ""
 "ad_enabled_domains = sales.example.com, eng.example.com\n"
@@ -9243,7 +9245,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:149
+#: sssd-ad.5.xml:152
 msgid ""
 "For proper operation, this option must be specified in all lower-case and as "
 "the fully qualified domain name of the Active Directory domain. For example: "
@@ -9251,19 +9253,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:157
+#: sssd-ad.5.xml:160
 msgid ""
 "The short domain name (also known as the NetBIOS or the flat name) will be "
 "autodetected by SSSD."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:167
+#: sssd-ad.5.xml:170
 msgid "ad_server, ad_backup_server (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:170
+#: sssd-ad.5.xml:173
 msgid ""
 "The comma-separated list of hostnames of the AD servers to which SSSD should "
 "connect in order of preference. For more information on failover and server "
@@ -9271,26 +9273,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:177
+#: sssd-ad.5.xml:180
 msgid ""
 "This is optional if autodiscovery is enabled.  For more information on "
 "service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:182
+#: sssd-ad.5.xml:185
 msgid ""
 "Note: Trusted domains will always auto-discover servers even if the primary "
 "server is explicitly defined in the ad_server option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:190
+#: sssd-ad.5.xml:193
 msgid "ad_hostname (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:193
+#: sssd-ad.5.xml:196
 msgid ""
 "Optional. May be set on machines where the hostname(5) does not reflect the "
 "fully qualified name used in the Active Directory domain to identify this "
@@ -9298,19 +9300,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:199
+#: sssd-ad.5.xml:202
 msgid ""
 "This field is used to determine the host principal in use in the keytab. It "
 "must match the hostname for which the keytab was issued."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:207
+#: sssd-ad.5.xml:210
 msgid "ad_enable_dns_sites (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:214
+#: sssd-ad.5.xml:217
 msgid ""
 "If true and service discovery (see Service Discovery paragraph at the bottom "
 "of the man page)  is enabled, the SSSD will first attempt to discover the "
@@ -9321,12 +9323,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:230
+#: sssd-ad.5.xml:233
 msgid "ad_access_filter (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:233
+#: sssd-ad.5.xml:236
 msgid ""
 "This option specifies LDAP access control filter that the user must match in "
 "order to be allowed access. Please note that the <quote>access_provider</"
@@ -9335,7 +9337,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:241
+#: sssd-ad.5.xml:244
 msgid ""
 "The option also supports specifying different filters per domain or forest. "
 "This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>.  "
@@ -9344,7 +9346,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:249
+#: sssd-ad.5.xml:252
 msgid ""
 "If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</"
 "quote> specifies the domain or subdomain the filter applies to.  If the "
@@ -9353,14 +9355,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:257
+#: sssd-ad.5.xml:260
 msgid ""
 "Multiple filters can be separated with the <quote>?</quote> character, "
 "similarly to how search bases work."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:262
+#: sssd-ad.5.xml:265
 msgid ""
 "Nested group membership must be searched for using a special OID "
 "<quote>:1.2.840.113556.1.4.1941:</quote> in addition to the full DOM:domain."
@@ -9373,7 +9375,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:275
+#: sssd-ad.5.xml:278
 msgid ""
 "The most specific match is always used. For example, if the option specified "
 "filter for a domain the user is a member of and a global filter, the per-"
@@ -9382,7 +9384,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ad.5.xml:286
+#: sssd-ad.5.xml:289
 #, no-wrap
 msgid ""
 "# apply filter on domain called dom1 only:\n"
@@ -9400,24 +9402,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:305
+#: sssd-ad.5.xml:308
 msgid "ad_site (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:308
+#: sssd-ad.5.xml:311
 msgid ""
 "Specify AD site to which client should try to connect.  If this option is "
 "not provided, the AD site will be auto-discovered."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:319
+#: sssd-ad.5.xml:322
 msgid "ad_enable_gc (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:322
+#: sssd-ad.5.xml:325
 msgid ""
 "By default, the SSSD connects to the Global Catalog first to retrieve users "
 "from trusted domains and uses the LDAP port to retrieve group memberships or "
@@ -9426,7 +9428,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:330
+#: sssd-ad.5.xml:333
 msgid ""
 "Please note that disabling Global Catalog support does not disable "
 "retrieving users from trusted domains. The SSSD would connect to the LDAP "
@@ -9435,12 +9437,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:344
+#: sssd-ad.5.xml:347
 msgid "ad_gpo_access_control (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:347
+#: sssd-ad.5.xml:350
 msgid ""
 "This option specifies the operation mode for GPO-based access control "
 "functionality: whether it operates in disabled mode, enforcing mode, or "
@@ -9450,14 +9452,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:356
+#: sssd-ad.5.xml:359
 msgid ""
 "GPO-based access control functionality uses GPO policy settings to determine "
 "whether or not a particular user is allowed to logon to a particular host."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:362
+#: sssd-ad.5.xml:365
 msgid ""
 "NOTE: The current version of SSSD does not support host (computer) entries "
 "in the GPO 'Security Filtering' list. Only user and group entries are "
@@ -9465,7 +9467,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:369
+#: sssd-ad.5.xml:372
 msgid ""
 "NOTE: If the operation mode is set to enforcing, it is possible that users "
 "that were previously allowed logon access will now be denied logon access "
@@ -9478,23 +9480,23 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:382
+#: sssd-ad.5.xml:385
 msgid "There are three supported values for this option:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:386
+#: sssd-ad.5.xml:389
 msgid ""
 "disabled: GPO-based access control rules are neither evaluated nor enforced."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:392
+#: sssd-ad.5.xml:395
 msgid "enforcing: GPO-based access control rules are evaluated and enforced."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:398
+#: sssd-ad.5.xml:401
 msgid ""
 "permissive: GPO-based access control rules are evaluated, but not enforced.  "
 "Instead, a syslog message will be emitted indicating that the user would "
@@ -9502,22 +9504,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:409
+#: sssd-ad.5.xml:412
 msgid "Default: permissive"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:412
+#: sssd-ad.5.xml:415
 msgid "Default: enforcing"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:418
+#: sssd-ad.5.xml:421
 msgid "ad_gpo_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:421
+#: sssd-ad.5.xml:424
 msgid ""
 "The amount of time between lookups of GPO policy files against the AD "
 "server. This will reduce the latency and load on the AD server if there are "
@@ -9525,12 +9527,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:434
+#: sssd-ad.5.xml:437
 msgid "ad_gpo_map_interactive (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:437
+#: sssd-ad.5.xml:440
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the InteractiveLogonRight and "
@@ -9538,14 +9540,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:443
+#: sssd-ad.5.xml:446
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Allow "
 "log on locally\" and \"Deny log on locally\"."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:457
+#: sssd-ad.5.xml:460
 #, no-wrap
 msgid ""
 "ad_gpo_map_interactive = +my_pam_service, -login\n"
@@ -9553,7 +9555,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:448
+#: sssd-ad.5.xml:451
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -9565,78 +9567,78 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:461 sssd-ad.5.xml:557 sssd-ad.5.xml:603 sssd-ad.5.xml:648
-#: sssd-ad.5.xml:714
+#: sssd-ad.5.xml:464 sssd-ad.5.xml:560 sssd-ad.5.xml:606 sssd-ad.5.xml:651
+#: sssd-ad.5.xml:717
 msgid "Default: the default set of PAM service names includes:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:465
+#: sssd-ad.5.xml:468
 msgid "login"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:470
+#: sssd-ad.5.xml:473
 msgid "su"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:475
+#: sssd-ad.5.xml:478
 msgid "su-l"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:480
+#: sssd-ad.5.xml:483
 msgid "gdm-fingerprint"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:485
+#: sssd-ad.5.xml:488
 msgid "gdm-password"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:490
+#: sssd-ad.5.xml:493
 msgid "gdm-smartcard"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:495
+#: sssd-ad.5.xml:498
 msgid "kdm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:500
+#: sssd-ad.5.xml:503
 msgid "lightdm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:505
+#: sssd-ad.5.xml:508
 msgid "lxdm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:510
+#: sssd-ad.5.xml:513
 msgid "sddm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:515
+#: sssd-ad.5.xml:518
 msgid "unity"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:520
+#: sssd-ad.5.xml:523
 msgid "xdm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:529
+#: sssd-ad.5.xml:532
 msgid "ad_gpo_map_remote_interactive (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:532
+#: sssd-ad.5.xml:535
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the RemoteInteractiveLogonRight and "
@@ -9644,7 +9646,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:538
+#: sssd-ad.5.xml:541
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Allow "
 "log on through Remote Desktop Services\" and \"Deny log on through Remote "
@@ -9652,7 +9654,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:553
+#: sssd-ad.5.xml:556
 #, no-wrap
 msgid ""
 "ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n"
@@ -9660,7 +9662,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:544
+#: sssd-ad.5.xml:547
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -9672,22 +9674,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:561
+#: sssd-ad.5.xml:564
 msgid "sshd"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:566
+#: sssd-ad.5.xml:569
 msgid "cockpit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:575
+#: sssd-ad.5.xml:578
 msgid "ad_gpo_map_network (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:578
+#: sssd-ad.5.xml:581
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the NetworkLogonRight and "
@@ -9695,7 +9697,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:584
+#: sssd-ad.5.xml:587
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Access "
 "this computer from the network\" and \"Deny access to this computer from the "
@@ -9703,7 +9705,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:599
+#: sssd-ad.5.xml:602
 #, no-wrap
 msgid ""
 "ad_gpo_map_network = +my_pam_service, -ftp\n"
@@ -9711,7 +9713,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:590
+#: sssd-ad.5.xml:593
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -9723,22 +9725,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:607
+#: sssd-ad.5.xml:610
 msgid "ftp"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:612
+#: sssd-ad.5.xml:615
 msgid "samba"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:621
+#: sssd-ad.5.xml:624
 msgid "ad_gpo_map_batch (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:624
+#: sssd-ad.5.xml:627
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the BatchLogonRight and DenyBatchLogonRight "
@@ -9746,14 +9748,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:630
+#: sssd-ad.5.xml:633
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Allow "
 "log on as a batch job\" and \"Deny log on as a batch job\"."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:644
+#: sssd-ad.5.xml:647
 #, no-wrap
 msgid ""
 "ad_gpo_map_batch = +my_pam_service, -crond\n"
@@ -9761,7 +9763,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:635
+#: sssd-ad.5.xml:638
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -9773,17 +9775,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:652
+#: sssd-ad.5.xml:655
 msgid "crond"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:661
+#: sssd-ad.5.xml:664
 msgid "ad_gpo_map_service (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:664
+#: sssd-ad.5.xml:667
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the ServiceLogonRight and "
@@ -9791,14 +9793,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:670
+#: sssd-ad.5.xml:673
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Allow "
 "log on as a service\" and \"Deny log on as a service\"."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:683
+#: sssd-ad.5.xml:686
 #, no-wrap
 msgid ""
 "ad_gpo_map_service = +my_pam_service\n"
@@ -9806,7 +9808,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:675 sssd-ad.5.xml:750
+#: sssd-ad.5.xml:678 sssd-ad.5.xml:753
 msgid ""
 "It is possible to add a PAM service name to the default set by using <quote>"
 "+service_name</quote>.  Since the default set is empty, it is not possible "
@@ -9817,19 +9819,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:693
+#: sssd-ad.5.xml:696
 msgid "ad_gpo_map_permit (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:696
+#: sssd-ad.5.xml:699
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access is "
 "always granted, regardless of any GPO Logon Rights."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:710
+#: sssd-ad.5.xml:713
 #, no-wrap
 msgid ""
 "ad_gpo_map_permit = +my_pam_service, -sudo\n"
@@ -9837,7 +9839,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:701
+#: sssd-ad.5.xml:704
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -9849,39 +9851,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:718
+#: sssd-ad.5.xml:721
 msgid "polkit-1"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:723
+#: sssd-ad.5.xml:726
 msgid "sudo"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:728
+#: sssd-ad.5.xml:731
 msgid "sudo-i"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:733
+#: sssd-ad.5.xml:736
 msgid "systemd-user"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:742
+#: sssd-ad.5.xml:745
 msgid "ad_gpo_map_deny (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:745
+#: sssd-ad.5.xml:748
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access is "
 "always denied, regardless of any GPO Logon Rights."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:758
+#: sssd-ad.5.xml:761
 #, no-wrap
 msgid ""
 "ad_gpo_map_deny = +my_pam_service\n"
@@ -9889,12 +9891,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:768
+#: sssd-ad.5.xml:771
 msgid "ad_gpo_default_right (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:771
+#: sssd-ad.5.xml:774
 msgid ""
 "This option defines how access control is evaluated for PAM service names "
 "that are not explicitly listed in one of the ad_gpo_map_* options. This "
@@ -9907,57 +9909,57 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:784
+#: sssd-ad.5.xml:787
 msgid "Supported values for this option include:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:788
+#: sssd-ad.5.xml:791
 msgid "interactive"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:793
+#: sssd-ad.5.xml:796
 msgid "remote_interactive"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:798
+#: sssd-ad.5.xml:801
 msgid "network"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:803
+#: sssd-ad.5.xml:806
 msgid "batch"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:808
+#: sssd-ad.5.xml:811
 msgid "service"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:813
+#: sssd-ad.5.xml:816
 msgid "permit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:818
+#: sssd-ad.5.xml:821
 msgid "deny"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:824
+#: sssd-ad.5.xml:827
 msgid "Default: deny"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:830
+#: sssd-ad.5.xml:833
 msgid "ad_maximum_machine_account_password_age (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:833
+#: sssd-ad.5.xml:836
 msgid ""
 "SSSD will check once a day if the machine account password is older than the "
 "given age in days and try to renew it. A value of 0 will disable the renewal "
@@ -9965,17 +9967,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:839
+#: sssd-ad.5.xml:842
 msgid "Default: 30 days"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:845
+#: sssd-ad.5.xml:848
 msgid "ad_machine_account_password_renewal_opts (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:848
+#: sssd-ad.5.xml:851
 msgid ""
 "This option should only be used to test the machine account renewal task. "
 "The option expects 2 integers separated by a colon (':'). The first integer "
@@ -9985,12 +9987,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:857
+#: sssd-ad.5.xml:860
 msgid "Default: 86400:750 (24h and 15m)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:866
+#: sssd-ad.5.xml:869
 msgid ""
 "Optional. This option tells SSSD to automatically update the Active "
 "Directory DNS server with the IP address of this client. The update is "
@@ -10001,19 +10003,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:896
+#: sssd-ad.5.xml:899
 msgid "Default: 3600 (seconds)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:912
+#: sssd-ad.5.xml:915
 msgid ""
 "Default: Use the IP addresses of the interface which is used for AD LDAP "
 "connection"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:925
+#: sssd-ad.5.xml:928
 msgid ""
 "How often should the back end perform periodic DNS update in addition to the "
 "automatic update performed when the back end goes online.  This option is "
@@ -10023,12 +10025,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:948 sss_rpcidmapd.5.xml:76
+#: sssd-ad.5.xml:951 sss_rpcidmapd.5.xml:76
 msgid "Default: True"
 msgstr "Padrão: TRUE"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:1040
+#: sssd-ad.5.xml:1043
 msgid ""
 "The following example assumes that SSSD is correctly configured and example."
 "com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -10036,7 +10038,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:1047
+#: sssd-ad.5.xml:1050
 #, no-wrap
 msgid ""
 "[domain/EXAMPLE]\n"
@@ -10051,7 +10053,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:1067
+#: sssd-ad.5.xml:1070
 #, no-wrap
 msgid ""
 "access_provider = ldap\n"
@@ -10060,7 +10062,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:1063
+#: sssd-ad.5.xml:1066
 msgid ""
 "The AD access control provider checks if the account is expired.  It has the "
 "same effect as the following configuration of the LDAP provider: "
@@ -10068,7 +10070,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:1073
+#: sssd-ad.5.xml:1076
 msgid ""
 "However, unless the <quote>ad</quote> access control provider is explicitly "
 "configured, the default access provider is <quote>permit</quote>. Please "
@@ -10078,15 +10080,15 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:1081
+#: sssd-ad.5.xml:1084
 msgid ""
 "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
 "attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
 "are included in the default Active Directory schema."
 msgstr ""
 
-#. type: Content of: <reference><refentry><refmeta><refentrytitle>
-#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 sssd-session-recording.5.xml:10
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16
 msgid "sssd-sudo"
 msgstr ""
 
@@ -10400,10 +10402,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sssd.8.xml:101
-#, fuzzy
-#| msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>"
 msgid "<option>--logger=</option><replaceable>value</replaceable>"
-msgstr "<option>--debug-timestamps=</option><replaceable>mode</replaceable>"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd.8.xml:105
@@ -10604,7 +10604,7 @@ msgid "The password to obfuscate will be read from standard input."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:70
+#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:127
 #: sss_ssh_knownhostsproxy.1.xml:78
 msgid ""
 "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
@@ -12634,19 +12634,99 @@ msgid ""
 "\" id=\"0\"/>"
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sss_ssh_authorizedkeys.1.xml:65
+msgid "KEYS FROM CERTIFICATES"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:67
+msgid ""
+"In addition to the public SSH keys for user <replaceable>USER</replaceable> "
+"<command>sss_ssh_authorizedkeys</command> can return public SSH keys derived "
+"from the public key of a X.509 certificate as well."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:73
+msgid ""
+"To enable this the <quote>ssh_use_certificate_keys</quote> option must be "
+"set to true (default) in the [ssh] section of <filename>sssd.conf</"
+"filename>. If the user entry contains certificates (see "
+"<quote>ldap_user_certificate</quote> in <citerefentry><refentrytitle>sssd-"
+"ldap</refentrytitle> <manvolnum>5</manvolnum></citerefentry> for details) or "
+"there is a certificate in an override entry for the user (see "
+"<citerefentry><refentrytitle>sss_override</refentrytitle> <manvolnum>8</"
+"manvolnum></citerefentry> or <citerefentry><refentrytitle>sssd-ipa</"
+"refentrytitle> <manvolnum>5</manvolnum></citerefentry> for details) and the "
+"certificate is valid SSSD will extract the public key from the certificate "
+"and convert it into the format expected by sshd."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:90
+msgid "Besides <quote>ssh_use_certificate_keys</quote> the options"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+#: sss_ssh_authorizedkeys.1.xml:92
+msgid "ca_db"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+#: sss_ssh_authorizedkeys.1.xml:93
+msgid "p11_child_timeout"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+#: sss_ssh_authorizedkeys.1.xml:94
+msgid "certificate_verification"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:96
+msgid ""
+"can be used to control how the certificates are validated (see "
+"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry> for details)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:101
+msgid ""
+"The validation is the benefit of using X.509 certificates instead of SSH "
+"keys directly because e.g. it gives a better control of the lifetime of the "
+"keys. When the ssh client is configured to use the private keys from a "
+"Smartcard with the help of a PKCS#11 shared library (see "
+"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></"
+"citerefentry> for details) it might be irritating that authentication is "
+"still working even if the related X.509 certificate on the Smartcard is "
+"already expired because neither <command>ssh</command> nor <command>sshd</"
+"command> will look at the certificate at all."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:114
+msgid ""
+"It has to be noted that the derived public SSH key can still be added to the "
+"<filename>authorized_keys</filename> file of the user to bypass the "
+"certificate validation if the <command>sshd</command> configuration permits "
+"this."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_authorizedkeys.1.xml:75
+#: sss_ssh_authorizedkeys.1.xml:132
 msgid ""
 "Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_authorizedkeys.1.xml:84 sss_ssh_knownhostsproxy.1.xml:92
+#: sss_ssh_authorizedkeys.1.xml:141 sss_ssh_knownhostsproxy.1.xml:92
 msgid "EXIT STATUS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:86 sss_ssh_knownhostsproxy.1.xml:94
+#: sss_ssh_authorizedkeys.1.xml:143 sss_ssh_knownhostsproxy.1.xml:94
 msgid ""
 "In case of success, an exit value of 0 is returned. Otherwise, 1 is returned."
 msgstr ""
@@ -12847,25 +12927,69 @@ msgid ""
 "manvolnum> </citerefentry>."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-files.5.xml:69
+#, fuzzy
+#| msgid "allowed_shells (string)"
+msgid "passwd_files (string)"
+msgstr "allowed_shells (string)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:72
+msgid ""
+"Comma-separated list of one or multiple password filenames to be read and "
+"enumerated by the files provider, inotify monitor watches will be set on "
+"each file to detect changes dynamically."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:78
+#, fuzzy
+#| msgid "Default: /tmp"
+msgid "Default: /etc/passwd"
+msgstr "Padrão: /tmp."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-files.5.xml:84
+#, fuzzy
+#| msgid "ldap_group_search_base (string)"
+msgid "group_files (string)"
+msgstr "ldap_group_search_base (string)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:87
+msgid ""
+"Comma-separated list of one or multiple group filenames to be read and "
+"enumerated by the files provider, inotify monitor watches will be set on "
+"each file to detect changes dynamically."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:93
+#, fuzzy
+#| msgid "Default: /tmp"
+msgid "Default: /etc/group"
+msgstr "Padrão: /tmp."
+
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-files.5.xml:59
 msgid ""
-"The files provider has no specific options of its own, however, generic SSSD "
-"domain options can be set where applicable.  Refer to the section "
-"<quote>DOMAIN SECTIONS</quote> of the <citerefentry> <refentrytitle>sssd."
-"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page "
-"for details on the configuration of an SSSD domain."
+"In addition to the options listed below, generic SSSD domain options can be "
+"set where applicable.  Refer to the section <quote>DOMAIN SECTIONS</quote> "
+"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> manual page for details on the configuration of "
+"an SSSD domain.  <placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-files.5.xml:73
+#: sssd-files.5.xml:105
 msgid ""
 "The following example assumes that SSSD is correctly configured and files is "
 "one of the domains in the <replaceable>[sssd]</replaceable> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-files.5.xml:79
+#: sssd-files.5.xml:111
 #, no-wrap
 msgid ""
 "[domain/files]\n"
@@ -13104,10 +13228,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sssd-secrets.5.xml:216
-#, fuzzy
-#| msgid "pam_id_timeout (integer)"
 msgid "max_uid_secrets (integer)"
-msgstr "pam_id_timeout (integer)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd-secrets.5.xml:219
@@ -13636,7 +13758,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-session-recording.5.xml:16
+#: sssd-session-recording.5.xml:10 sssd-session-recording.5.xml:16
 msgid "sssd-session-recording"
 msgstr ""
 
@@ -13905,10 +14027,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sssd-systemtap.5.xml:10 sssd-systemtap.5.xml:16
-#, fuzzy
-#| msgid "sssd-simple"
 msgid "sssd-systemtap"
-msgstr "sssd-simple"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sssd-systemtap.5.xml:17
@@ -13957,10 +14077,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sssd-systemtap.5.xml:64
-#, fuzzy
-#| msgid "realm name"
 msgid "probe $name"
-msgstr "nome de território"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd-systemtap.5.xml:67
@@ -14457,10 +14575,8 @@ msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
 #: include/failover.xml:76
-#, fuzzy
-#| msgid "dns_resolver_timeout (integer)"
 msgid "dns_resolver_op_timeout"
-msgstr "dns_resolver_timeout (integer)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: include/failover.xml:80
@@ -14469,10 +14585,8 @@ msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
 #: include/failover.xml:86
-#, fuzzy
-#| msgid "dns_resolver_timeout (integer)"
 msgid "dns_resolver_timeout"
-msgstr "dns_resolver_timeout (integer)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: include/failover.xml:90
@@ -14495,7 +14609,7 @@ msgstr ""
 #: include/failover.xml:100
 msgid ""
 "For LDAP-based providers, the resolve operation is performed as part of an "
-"LDAP connection operation. Thefore, also the <quote>ldap_opt_timeout></"
+"LDAP connection operation. Therefore, also the <quote>ldap_opt_timeout></"
 "quote> timeout should be set to a larger value than "
 "<quote>dns_resolver_timeout</quote> which in turn should be set to a larger "
 "value than <quote>dns_resolver_op_timeout</quote>."
@@ -15333,6 +15447,23 @@ msgstr ""
 msgid "ldap_use_tokengroups = true"
 msgstr ""
 
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ad_modified_defaults.xml:63
+msgid "ldap_sasl_authid = sAMAccountName@REALM (typically SHORTNAME$@REALM)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ad_modified_defaults.xml:66
+msgid ""
+"The AD provider looks for a different principal than the LDAP provider by "
+"default, because in an Active Directory environment the principals are "
+"divided into two groups - User Principals and Service Principals. Only User "
+"Principal can be used to obtain a TGT and by default, computer object's "
+"principal is constructed from its sAMAccountName and the AD realm. The well-"
+"known host/hostname@REALM principal is a Service Principal and thus cannot "
+"be used to get a TGT with."
+msgstr ""
+
 #. type: Content of: <refsect1><para>
 #: include/ipa_modified_defaults.xml:4
 msgid ""
diff --git a/src/man/po/pt_BR.po b/src/man/po/pt_BR.po
index a1f2566..9ab94be 100644
--- a/src/man/po/pt_BR.po
+++ b/src/man/po/pt_BR.po
@@ -2,18 +2,18 @@
 # Rodrigo de Araujo Sousa Fonseca <rodrigodearaujo@fedoraproject.org>, 2017. #zanata
 msgid ""
 msgstr ""
-"Project-Id-Version: sssd-docs 1.15.3\n"
+"Project-Id-Version: sssd-docs 1.16.1\n"
 "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2018-03-09 12:30+0100\n"
-"PO-Revision-Date: 2017-01-29 10:11-0500\n"
+"POT-Creation-Date: 2018-06-08 21:00+0200\n"
+"PO-Revision-Date: 2017-01-29 10:11+0000\n"
 "Last-Translator: Rodrigo de Araujo Sousa Fonseca "
 "<rodrigodearaujo@fedoraproject.org>\n"
 "Language-Team: Portuguese (Brazil)\n"
-"Language: pt-BR\n"
+"Language: pt_BR\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"X-Generator: Zanata 3.9.6\n"
+"X-Generator: Zanata 4.4.5\n"
 "Plural-Forms: nplurals=2; plural=(n != 1)\n"
 
 #. type: Content of: <reference><title>
@@ -85,7 +85,7 @@ msgstr ""
 #: sss_groupmod.8.xml:39 pam_sss.8.xml:64 sssd.8.xml:42 sss_obfuscate.8.xml:58
 #: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
 #: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
-#: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:66
+#: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:123
 #: sss_ssh_knownhostsproxy.1.xml:62
 msgid "OPTIONS"
 msgstr "OPÇÕES"
@@ -181,7 +181,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd.conf.5.xml:41
 msgid ""
-"A line comment starts with a hash sign (<quote>#</quote>) or a semicolon "
+"A comment line starts with a hash sign (<quote>#</quote>) or a semicolon "
 "(<quote>;</quote>).  Inline comments are not supported."
 msgstr ""
 
@@ -289,11 +289,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:133 sssd.conf.5.xml:543 sssd.conf.5.xml:837
-#: sssd.conf.5.xml:1474 sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1937
-#: sssd-ldap.5.xml:1999 sssd-ldap.5.xml:2565 sssd-ldap.5.xml:2630
-#: sssd-ldap.5.xml:2648 sssd-ad.5.xml:224 sssd-ad.5.xml:338 sssd-ad.5.xml:882
-#: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
+#: sssd.conf.5.xml:133 sssd.conf.5.xml:543 sssd.conf.5.xml:839
+#: sssd.conf.5.xml:1491 sssd.conf.5.xml:1521 sssd-ldap.5.xml:1840
+#: sssd-ldap.5.xml:1937 sssd-ldap.5.xml:1999 sssd-ldap.5.xml:2565
+#: sssd-ldap.5.xml:2630 sssd-ldap.5.xml:2648 sssd-ad.5.xml:227
+#: sssd-ad.5.xml:341 sssd-ad.5.xml:885 sssd-krb5.5.xml:499
+#: sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
 msgid "Default: true"
 msgstr ""
 
@@ -310,8 +311,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:146 sssd.conf.5.xml:540 sssd.conf.5.xml:721
-#: sssd.conf.5.xml:1407 sssd.conf.5.xml:2925 sssd-ldap.5.xml:708
+#: sssd.conf.5.xml:146 sssd.conf.5.xml:540 sssd.conf.5.xml:722
+#: sssd.conf.5.xml:1424 sssd.conf.5.xml:2983 sssd-ldap.5.xml:708
 #: sssd-ldap.5.xml:1714 sssd-ldap.5.xml:1733 sssd-ldap.5.xml:1909
 #: sssd-ldap.5.xml:2335 sssd-ipa.5.xml:151 sssd-ipa.5.xml:238
 #: sssd-ipa.5.xml:559 sssd-krb5.5.xml:266 sssd-krb5.5.xml:300
@@ -345,7 +346,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:169 sssd.conf.5.xml:1359 sssd.conf.5.xml:2941
+#: sssd.conf.5.xml:169 sssd.conf.5.xml:1376 sssd.conf.5.xml:2999
 #: sssd-ldap.5.xml:1585 include/ldap_id_mapping.xml:264
 msgid "Default: 10"
 msgstr ""
@@ -361,7 +362,7 @@ msgid "The [sssd] section"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:191 sssd.conf.5.xml:3030
+#: sssd.conf.5.xml:191 sssd.conf.5.xml:3088
 msgid "Section parameters"
 msgstr ""
 
@@ -409,19 +410,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231 sssd.conf.5.xml:613
+#: sssd.conf.5.xml:231 sssd.conf.5.xml:614
 msgid "reconnection_retries (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:234 sssd.conf.5.xml:616
+#: sssd.conf.5.xml:234 sssd.conf.5.xml:617
 msgid ""
 "Number of times services should attempt to reconnect in the event of a Data "
 "Provider crash or restart before they give up"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:239 sssd.conf.5.xml:621
+#: sssd.conf.5.xml:239 sssd.conf.5.xml:622
 msgid "Default: 3"
 msgstr ""
 
@@ -441,7 +442,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:259 sssd.conf.5.xml:2539
+#: sssd.conf.5.xml:259 sssd.conf.5.xml:2597
 msgid "re_expression (string)"
 msgstr ""
 
@@ -461,12 +462,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:276 sssd.conf.5.xml:2590
+#: sssd.conf.5.xml:276 sssd.conf.5.xml:2648
 msgid "full_name_format (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:279 sssd.conf.5.xml:2593
+#: sssd.conf.5.xml:279 sssd.conf.5.xml:2651
 msgid ""
 "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
 "manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -474,39 +475,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:290 sssd.conf.5.xml:2604
+#: sssd.conf.5.xml:290 sssd.conf.5.xml:2662
 msgid "%1$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:291 sssd.conf.5.xml:2605
+#: sssd.conf.5.xml:291 sssd.conf.5.xml:2663
 msgid "user name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:294 sssd.conf.5.xml:2608
+#: sssd.conf.5.xml:294 sssd.conf.5.xml:2666
 msgid "%2$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:297 sssd.conf.5.xml:2611
+#: sssd.conf.5.xml:297 sssd.conf.5.xml:2669
 msgid "domain name as specified in the SSSD config file."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:303 sssd.conf.5.xml:2617
+#: sssd.conf.5.xml:303 sssd.conf.5.xml:2675
 msgid "%3$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:306 sssd.conf.5.xml:2620
+#: sssd.conf.5.xml:306 sssd.conf.5.xml:2678
 msgid ""
 "domain flat name. Mostly usable for Active Directory domains, both directly "
 "configured or discovered via IPA trusts."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:287 sssd.conf.5.xml:2601
+#: sssd.conf.5.xml:287 sssd.conf.5.xml:2659
 msgid ""
 "The following expansions are supported: <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
@@ -630,9 +631,9 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:418 sssd.conf.5.xml:1163 sssd-ldap.5.xml:679
+#: sssd.conf.5.xml:418 sssd.conf.5.xml:1165 sssd-ldap.5.xml:679
 #: sssd-ldap.5.xml:1319 sssd-ldap.5.xml:1673 sssd-ldap.5.xml:1685
-#: sssd-ldap.5.xml:1767 sssd-ad.5.xml:687 sssd-ad.5.xml:762 sssd.8.xml:126
+#: sssd-ldap.5.xml:1767 sssd-ad.5.xml:690 sssd-ad.5.xml:765 sssd.8.xml:126
 #: sssd-krb5.5.xml:410 sssd-krb5.5.xml:556 sssd-secrets.5.xml:339
 #: sssd-secrets.5.xml:377 sssd-secrets.5.xml:390 sssd-secrets.5.xml:404
 #: sssd-secrets.5.xml:415 include/ldap_id_mapping.xml:205
@@ -810,21 +811,22 @@ msgstr ""
 #: sssd.conf.5.xml:563
 msgid ""
 "Please, note that when this option is set the output format of all commands "
-"is always fully-qualified even when using short names for input.  In case "
-"the administrator wants the output not fully-qualified, the full_name_format "
-"option can be used as shown below: <quote>full_name_format=%1$s</quote> "
-"However, keep in mind that during login, login applications often "
-"canonicalize the username by calling <citerefentry> <refentrytitle>getpwnam</"
-"refentrytitle> <manvolnum>3</manvolnum> </citerefentry> which, if a "
-"shortname is returned for a qualified input (while trying to reach a user "
-"which exists in multiple domains) might re-route the login attempt into the "
-"domain which users shortnames, making this workaround totally not "
-"recommended in cases where usernames may overlap between domains."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587 sssd.conf.5.xml:1371 sssd.conf.5.xml:2991
-#: sssd-ad.5.xml:161 sssd-ad.5.xml:299 sssd-ad.5.xml:313
+"is always fully-qualified even when using short names for input, for all "
+"users but the ones managed by the files provider.  In case the administrator "
+"wants the output not fully-qualified, the full_name_format option can be "
+"used as shown below: <quote>full_name_format=%1$s</quote> However, keep in "
+"mind that during login, login applications often canonicalize the username "
+"by calling <citerefentry> <refentrytitle>getpwnam</refentrytitle> "
+"<manvolnum>3</manvolnum> </citerefentry> which, if a shortname is returned "
+"for a qualified input (while trying to reach a user which exists in multiple "
+"domains) might re-route the login attempt into the domain which uses "
+"shortnames, making this workaround totally not recommended in cases where "
+"usernames may overlap between domains."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:588 sssd.conf.5.xml:1388 sssd.conf.5.xml:3049
+#: sssd-ad.5.xml:164 sssd-ad.5.xml:302 sssd-ad.5.xml:316
 msgid "Default: Not set"
 msgstr ""
 
@@ -840,12 +842,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:598
+#: sssd.conf.5.xml:599
 msgid "SERVICES SECTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:600
+#: sssd.conf.5.xml:601
 msgid ""
 "Settings that can be used to configure different services are described in "
 "this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -854,22 +856,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:607
+#: sssd.conf.5.xml:608
 msgid "General service configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:609
+#: sssd.conf.5.xml:610
 msgid "These options can be used to configure any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:626
+#: sssd.conf.5.xml:627
 msgid "fd_limit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:629
+#: sssd.conf.5.xml:630
 msgid ""
 "This option specifies the maximum number of file descriptors that may be "
 "opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -879,17 +881,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:638
+#: sssd.conf.5.xml:639
 msgid "Default: 8192 (or limits.conf \"hard\" limit)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:643
+#: sssd.conf.5.xml:644
 msgid "client_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:646
+#: sssd.conf.5.xml:647
 msgid ""
 "This option specifies the number of seconds that a client of an SSSD process "
 "can hold onto a file descriptor without communicating on it. This value is "
@@ -899,18 +901,18 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:655 sssd.conf.5.xml:687 sssd.conf.5.xml:968
-#: sssd.conf.5.xml:1229 sssd-ldap.5.xml:1412
+#: sssd.conf.5.xml:656 sssd.conf.5.xml:688 sssd.conf.5.xml:970
+#: sssd.conf.5.xml:1231 sssd-ldap.5.xml:1412
 msgid "Default: 60"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:660
+#: sssd.conf.5.xml:661
 msgid "offline_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:663
+#: sssd.conf.5.xml:664
 msgid ""
 "When SSSD switches to offline mode the amount of time before it tries to go "
 "back online will increase based upon the time spent disconnected.  This "
@@ -918,24 +920,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:670
+#: sssd.conf.5.xml:671
 msgid "offline_timeout + random_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:673
+#: sssd.conf.5.xml:674
 msgid ""
 "The random offset can increment up to 30 seconds.  After each unsuccessful "
 "attempt to go online, the new interval is recalculated by the following:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:678
+#: sssd.conf.5.xml:679
 msgid "new_interval = old_interval*2 + random_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:681
+#: sssd.conf.5.xml:682
 msgid ""
 "Note that the maximum length of each interval is currently limited to one "
 "hour. If the calculated length of new_interval is greater than an hour, it "
@@ -943,12 +945,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:692
+#: sssd.conf.5.xml:693
 msgid "responder_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:695
+#: sssd.conf.5.xml:696
 msgid ""
 "This option specifies the number of seconds that an SSSD responder process "
 "can be up without being used. This value is limited in order to avoid "
@@ -960,58 +962,58 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:709 sssd.conf.5.xml:981 sssd.conf.5.xml:1566
+#: sssd.conf.5.xml:710 sssd.conf.5.xml:983 sssd.conf.5.xml:1616
 #: sssd-ldap.5.xml:722
 msgid "Default: 300"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:714
+#: sssd.conf.5.xml:715
 msgid "cache_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:717
+#: sssd.conf.5.xml:718
 msgid ""
 "This option specifies whether the responder should query all caches before "
 "querying the Data Providers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:729
+#: sssd.conf.5.xml:730
 msgid "NSS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:731
+#: sssd.conf.5.xml:732
 msgid ""
 "These options can be used to configure the Name Service Switch (NSS) service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:736
+#: sssd.conf.5.xml:737
 msgid "enum_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:739
+#: sssd.conf.5.xml:740
 msgid ""
 "How many seconds should nss_sss cache enumerations (requests for info about "
 "all users)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:743
+#: sssd.conf.5.xml:744
 msgid "Default: 120"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:748
+#: sssd.conf.5.xml:749
 msgid "entry_cache_nowait_percentage (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:751
+#: sssd.conf.5.xml:752
 msgid ""
 "The entry cache can be set to automatically update entries in the background "
 "if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -1019,7 +1021,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:757
+#: sssd.conf.5.xml:758
 msgid ""
 "For example, if the domain's entry_cache_timeout is set to 30s and "
 "entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -1029,7 +1031,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:767
+#: sssd.conf.5.xml:768
 msgid ""
 "Valid values for this option are 0-99 and represent a percentage of the "
 "entry_cache_timeout for each domain. For performance reasons, this "
@@ -1038,17 +1040,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:775 sssd.conf.5.xml:1428
+#: sssd.conf.5.xml:776 sssd.conf.5.xml:1445
 msgid "Default: 50"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:780
+#: sssd.conf.5.xml:781
 msgid "entry_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:784
 msgid ""
 "Specifies for how many seconds nss_sss should cache negative cache hits "
 "(that is, queries for invalid database entries, like nonexistent ones)  "
@@ -1056,34 +1058,35 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:789 sssd.conf.5.xml:1452
+#: sssd.conf.5.xml:790 sssd.conf.5.xml:1469
 msgid "Default: 15"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:794
+#: sssd.conf.5.xml:795
 msgid "local_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:797
+#: sssd.conf.5.xml:798
 msgid ""
 "Specifies for how many seconds nss_sss should keep local users and groups in "
-"negative cache before trying to look it up in the back end again."
+"negative cache before trying to look it up in the back end again. Setting "
+"the option to 0 disables this feature."
 msgstr ""
 
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:802 sssd.conf.5.xml:1217 sssd.conf.5.xml:2846 sssd.8.xml:79
-msgid "Default: 0"
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:804
+msgid "Default: 14400 (4 hours)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:807
+#: sssd.conf.5.xml:809
 msgid "filter_users, filter_groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:810
+#: sssd.conf.5.xml:812
 msgid ""
 "Exclude certain users or groups from being fetched from the sss NSS "
 "database. This is particularly useful for system accounts. This option can "
@@ -1092,7 +1095,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:817
+#: sssd.conf.5.xml:819
 msgid ""
 "NOTE: The filter_groups option doesn't affect inheritance of nested group "
 "members, since filtering happens after they are propagated for returning via "
@@ -1101,41 +1104,41 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:825
+#: sssd.conf.5.xml:827
 msgid "Default: root"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:830
+#: sssd.conf.5.xml:832
 msgid "filter_users_in_groups (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:833
+#: sssd.conf.5.xml:835
 msgid ""
 "If you want filtered user still be group members set this option to false."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:844
+#: sssd.conf.5.xml:846
 msgid "fallback_homedir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:849
 msgid ""
 "Set a default template for a user's home directory if one is not specified "
 "explicitly by the domain's data provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:852
+#: sssd.conf.5.xml:854
 msgid ""
 "The available values for this option are the same as for override_homedir."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:858
+#: sssd.conf.5.xml:860
 #, no-wrap
 msgid ""
 "fallback_homedir = /home/%u\n"
@@ -1143,23 +1146,23 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:856 sssd.conf.5.xml:1296 sssd.conf.5.xml:1315
+#: sssd.conf.5.xml:858 sssd.conf.5.xml:1298 sssd.conf.5.xml:1317
 #: sssd-krb5.5.xml:539 include/override_homedir.xml:59
 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:862
+#: sssd.conf.5.xml:864
 msgid "Default: not set (no substitution for unset home directories)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:870
 msgid "override_shell (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:873
 msgid ""
 "Override the login shell for all users. This option supersedes any other "
 "shell options if it takes effect and can be set either in the [nss] section "
@@ -1167,47 +1170,47 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:877
+#: sssd.conf.5.xml:879
 msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:883
+#: sssd.conf.5.xml:885
 msgid "allowed_shells (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:886
+#: sssd.conf.5.xml:888
 msgid ""
 "Restrict user shell to one of the listed values. The order of evaluation is:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:889
+#: sssd.conf.5.xml:891
 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:895
 msgid ""
 "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
 "quote>, use the value of the shell_fallback parameter."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:898
+#: sssd.conf.5.xml:900
 msgid ""
 "3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
 "shells</quote>, a nologin shell is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:903
+#: sssd.conf.5.xml:905
 msgid "The wildcard (*) can be used to allow any shell."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:906
+#: sssd.conf.5.xml:908
 msgid ""
 "The (*) is useful if you want to use shell_fallback in case that user's "
 "shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -1215,112 +1218,112 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:913
+#: sssd.conf.5.xml:915
 msgid "An empty string for shell is passed as-is to libc."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:918
 msgid ""
 "The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
 "that a restart of the SSSD is required in case a new shell is installed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:920
+#: sssd.conf.5.xml:922
 msgid "Default: Not set. The user shell is automatically used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:925
+#: sssd.conf.5.xml:927
 msgid "vetoed_shells (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:928
+#: sssd.conf.5.xml:930
 msgid "Replace any instance of these shells with the shell_fallback"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:933
+#: sssd.conf.5.xml:935
 msgid "shell_fallback (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:936
+#: sssd.conf.5.xml:938
 msgid ""
 "The default shell to use if an allowed shell is not installed on the machine."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
+#: sssd.conf.5.xml:942
 msgid "Default: /bin/sh"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:945
+#: sssd.conf.5.xml:947
 msgid "default_shell"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:950
 msgid ""
 "The default shell to use if the provider does not return one during lookup. "
 "This option can be specified globally in the [nss] section or per-domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:956
 msgid ""
 "Default: not set (Return NULL if no shell is specified and rely on libc to "
 "substitute something sensible when necessary, usually /bin/sh)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:961 sssd.conf.5.xml:1222
+#: sssd.conf.5.xml:963 sssd.conf.5.xml:1224
 msgid "get_domains_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:964 sssd.conf.5.xml:1225
+#: sssd.conf.5.xml:966 sssd.conf.5.xml:1227
 msgid ""
 "Specifies time in seconds for which the list of subdomains will be "
 "considered valid."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:973
+#: sssd.conf.5.xml:975
 msgid "memcache_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:976
+#: sssd.conf.5.xml:978
 msgid ""
 "Specifies time in seconds for which records in the in-memory cache will be "
 "valid. Setting this option to zero will disable the in-memory cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:984
+#: sssd.conf.5.xml:986
 msgid ""
 "WARNING: Disabling the in-memory cache will have significant negative impact "
 "on SSSD's performance and should only be used for testing."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:990
+#: sssd.conf.5.xml:992
 msgid ""
 "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
 "client applications will not use the fast in-memory cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:998 sssd-ifp.5.xml:74
+#: sssd.conf.5.xml:1000 sssd-ifp.5.xml:74
 msgid "user_attributes (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1001
+#: sssd.conf.5.xml:1003
 msgid ""
 "Some of the additional NSS responder requests can return more attributes "
 "than just the POSIX ones defined by the NSS interface. The list of "
@@ -1331,96 +1334,96 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1014
+#: sssd.conf.5.xml:1016
 msgid ""
 "To make configuration more easy the NSS responder will check the InfoPipe "
 "option if it is not set for the NSS responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1019
+#: sssd.conf.5.xml:1021
 msgid "Default: not set, fallback to InfoPipe option"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1026
 msgid "pwfield (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1029
 msgid ""
 "The value that NSS operations that return users or groups will return for "
 "the <quote>password</quote> field."
 msgstr ""
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:1032 include/override_homedir.xml:56
+#: sssd.conf.5.xml:1034 include/override_homedir.xml:56
 msgid "This option can also be set per-domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1035
+#: sssd.conf.5.xml:1037
 msgid ""
 "Default: <quote>*</quote> (remote domains)  or <quote>x</quote> (the files "
 "domain)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1043
+#: sssd.conf.5.xml:1045
 msgid "PAM configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1047
 msgid ""
 "These options can be used to configure the Pluggable Authentication Module "
 "(PAM) service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1050
+#: sssd.conf.5.xml:1052
 msgid "offline_credentials_expiration (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1053
+#: sssd.conf.5.xml:1055
 msgid ""
 "If the authentication provider is offline, how long should we allow cached "
 "logins (in days since the last successful online login)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1058 sssd.conf.5.xml:1071
+#: sssd.conf.5.xml:1060 sssd.conf.5.xml:1073
 msgid "Default: 0 (No limit)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1064
+#: sssd.conf.5.xml:1066
 msgid "offline_failed_login_attempts (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1067
+#: sssd.conf.5.xml:1069
 msgid ""
 "If the authentication provider is offline, how many failed login attempts "
 "are allowed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1077
+#: sssd.conf.5.xml:1079
 msgid "offline_failed_login_delay (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1080
+#: sssd.conf.5.xml:1082
 msgid ""
 "The time in minutes which has to pass after offline_failed_login_attempts "
 "has been reached before a new login attempt is possible."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1085
+#: sssd.conf.5.xml:1087
 msgid ""
 "If set to 0 the user cannot authenticate offline if "
 "offline_failed_login_attempts has been reached. Only a successful online "
@@ -1428,59 +1431,59 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1091 sssd.conf.5.xml:1189
+#: sssd.conf.5.xml:1093 sssd.conf.5.xml:1191
 msgid "Default: 5"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1097
+#: sssd.conf.5.xml:1099
 msgid "pam_verbosity (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1100
+#: sssd.conf.5.xml:1102
 msgid ""
 "Controls what kind of messages are shown to the user during authentication. "
 "The higher the number to more messages are displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1105
+#: sssd.conf.5.xml:1107
 msgid "Currently sssd supports the following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1108
+#: sssd.conf.5.xml:1110
 msgid "<emphasis>0</emphasis>: do not show any message"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1111
+#: sssd.conf.5.xml:1113
 msgid "<emphasis>1</emphasis>: show only important messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1115
+#: sssd.conf.5.xml:1117
 msgid "<emphasis>2</emphasis>: show informational messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1118
+#: sssd.conf.5.xml:1120
 msgid "<emphasis>3</emphasis>: show all messages and debug information"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1122 sssd.8.xml:63
+#: sssd.conf.5.xml:1124 sssd.8.xml:63
 msgid "Default: 1"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1128
+#: sssd.conf.5.xml:1130
 msgid "pam_response_filter (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1131
+#: sssd.conf.5.xml:1133
 msgid ""
 "A comma separated list of strings which allows to remove (filter) data sent "
 "by the PAM responder to pam_sss PAM module. There are different kind of "
@@ -1489,61 +1492,61 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1139
+#: sssd.conf.5.xml:1141
 msgid ""
 "While messages already can be controlled with the help of the pam_verbosity "
 "option this option allows to filter out other kind of responses as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1148
 msgid "ENV"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1147
+#: sssd.conf.5.xml:1149
 msgid "Do not send any environment variables to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1150
+#: sssd.conf.5.xml:1152
 msgid "ENV:var_name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1151
+#: sssd.conf.5.xml:1153
 msgid "Do not send environment variable var_name to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1155
+#: sssd.conf.5.xml:1157
 msgid "ENV:var_name:service"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1156
+#: sssd.conf.5.xml:1158
 msgid "Do not send environment variable var_name to service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1144
+#: sssd.conf.5.xml:1146
 msgid ""
 "Currently the following filters are supported: <placeholder type="
 "\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1166
+#: sssd.conf.5.xml:1168
 msgid "Example: ENV:KRB5CCNAME:sudo-i"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1174
 msgid "pam_id_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1175
+#: sssd.conf.5.xml:1177
 msgid ""
 "For any PAM request while SSSD is online, the SSSD will attempt to "
 "immediately update the cached identity information for the user in order to "
@@ -1551,7 +1554,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1181
+#: sssd.conf.5.xml:1183
 msgid ""
 "A complete PAM conversation may perform multiple PAM requests, such as "
 "account management and session opening. This option controls (on a per-"
@@ -1560,17 +1563,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1195
+#: sssd.conf.5.xml:1197
 msgid "pam_pwd_expiration_warning (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1198 sssd.conf.5.xml:2028
+#: sssd.conf.5.xml:1200 sssd.conf.5.xml:2078
 msgid "Display a warning N days before the password expires."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1201
+#: sssd.conf.5.xml:1203
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -1578,26 +1581,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1207 sssd.conf.5.xml:2031
+#: sssd.conf.5.xml:1209 sssd.conf.5.xml:2081
 msgid ""
 "If zero is set, then this filter is not applied, i.e. if the expiration "
 "warning was received from backend server, it will automatically be displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1212
+#: sssd.conf.5.xml:1214
 msgid ""
 "This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
 "emphasis> for a particular domain."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1219 sssd.conf.5.xml:2904 sssd.8.xml:79
+msgid "Default: 0"
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1234
+#: sssd.conf.5.xml:1236
 msgid "pam_trusted_users (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1237
+#: sssd.conf.5.xml:1239
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to run PAM conversations against trusted domains.  Users not "
@@ -1607,74 +1615,74 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1247
+#: sssd.conf.5.xml:1249
 msgid "Default: All users are considered trusted by default"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1251
+#: sssd.conf.5.xml:1253
 msgid ""
 "Please note that UID 0 is always allowed to access the PAM responder even in "
 "case it is not in the pam_trusted_users list."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1258
+#: sssd.conf.5.xml:1260
 msgid "pam_public_domains (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1261
+#: sssd.conf.5.xml:1263
 msgid ""
 "Specifies the comma-separated list of domain names that are accessible even "
 "to untrusted users."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1265
+#: sssd.conf.5.xml:1267
 msgid "Two special values for pam_public_domains option are defined:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1269
+#: sssd.conf.5.xml:1271
 msgid ""
 "all (Untrusted users are allowed to access all domains in PAM responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1273
+#: sssd.conf.5.xml:1275
 msgid ""
 "none (Untrusted users are not allowed to access any domains PAM in "
 "responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1277 sssd.conf.5.xml:1302 sssd.conf.5.xml:1321
-#: sssd.conf.5.xml:1825 sssd.conf.5.xml:2782 sssd-ldap.5.xml:1968
+#: sssd.conf.5.xml:1279 sssd.conf.5.xml:1304 sssd.conf.5.xml:1323
+#: sssd.conf.5.xml:1875 sssd.conf.5.xml:2840 sssd-ldap.5.xml:1968
 msgid "Default: none"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1282
+#: sssd.conf.5.xml:1284
 msgid "pam_account_expired_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1285
+#: sssd.conf.5.xml:1287
 msgid ""
 "Allows a custom expiration message to be set, replacing the default "
 "'Permission denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1290
+#: sssd.conf.5.xml:1292
 msgid ""
 "Note: Please be aware that message is only printed for the SSH service "
 "unless pam_verbosity is set to 3 (show all messages and debug information)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1298
+#: sssd.conf.5.xml:1300
 #, no-wrap
 msgid ""
 "pam_account_expired_message = Account expired, please contact help desk.\n"
@@ -1682,19 +1690,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1307
+#: sssd.conf.5.xml:1309
 msgid "pam_account_locked_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1310
+#: sssd.conf.5.xml:1312
 msgid ""
 "Allows a custom lockout message to be set, replacing the default 'Permission "
 "denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1317
+#: sssd.conf.5.xml:1319
 #, no-wrap
 msgid ""
 "pam_account_locked_message = Account locked, please contact help desk.\n"
@@ -1702,12 +1710,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1326
+#: sssd.conf.5.xml:1328
 msgid "pam_cert_auth (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1329
+#: sssd.conf.5.xml:1331
 msgid ""
 "Enable certificate based Smartcard authentication.  Since this requires "
 "additional communication with the Smartcard which will delay the "
@@ -1715,58 +1723,80 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1335 sssd.conf.5.xml:2875 sssd-ldap.5.xml:1087
+#: sssd.conf.5.xml:1337 sssd.conf.5.xml:2933 sssd-ldap.5.xml:1087
 #: sssd-ldap.5.xml:1114 sssd-ldap.5.xml:1514 sssd-ldap.5.xml:1535
 #: sssd-ldap.5.xml:2041 include/ldap_id_mapping.xml:244
 msgid "Default: False"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1340
+#: sssd.conf.5.xml:1342
 msgid "pam_cert_db_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1343
+#: sssd.conf.5.xml:1345
 msgid ""
 "The path to the certificate database which contain the PKCS#11 modules to "
 "access the Smartcard."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1347
-msgid "Default: /etc/pki/nssdb (NSS version)"
+#: sssd.conf.5.xml:1349 sssd.conf.5.xml:1534
+msgid "Default:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:1351 sssd.conf.5.xml:1536
+msgid "/etc/pki/nssdb (NSS version, path to a NSS database)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:1354 sssd.conf.5.xml:1539
+msgid ""
+"/etc/sssd/pki/sssd_auth_ca_db.pem (OpenSSL version, path to a file with "
+"trusted CA certificates in PEM format)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1361 sssd.conf.5.xml:1546
+msgid "This man page was generated for the NSS version."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1364 sssd.conf.5.xml:1549
+msgid "This man page was generated for the OpenSSL version."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1352
+#: sssd.conf.5.xml:1369
 msgid "p11_child_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1355
+#: sssd.conf.5.xml:1372
 msgid "How many seconds will pam_sss wait for p11_child to finish."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1364
+#: sssd.conf.5.xml:1381
 msgid "pam_app_services (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1367
+#: sssd.conf.5.xml:1384
 msgid ""
 "Which PAM services are permitted to contact domains of type "
 "<quote>application</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1380
+#: sssd.conf.5.xml:1397
 msgid "SUDO configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1382
+#: sssd.conf.5.xml:1399
 msgid ""
 "These options can be used to configure the sudo service.  The detailed "
 "instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -1777,24 +1807,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1399
+#: sssd.conf.5.xml:1416
 msgid "sudo_timed (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1402
+#: sssd.conf.5.xml:1419
 msgid ""
 "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
 "that implement time-dependent sudoers entries."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1414
+#: sssd.conf.5.xml:1431
 msgid "sudo_threshold (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1417
+#: sssd.conf.5.xml:1434
 msgid ""
 "Maximum number of expired rules that can be refreshed at once. If number of "
 "expired rules is below threshold, those rules are refreshed with "
@@ -1804,22 +1834,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1436
+#: sssd.conf.5.xml:1453
 msgid "AUTOFS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1438
+#: sssd.conf.5.xml:1455
 msgid "These options can be used to configure the autofs service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1442
+#: sssd.conf.5.xml:1459
 msgid "autofs_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1445
+#: sssd.conf.5.xml:1462
 msgid ""
 "Specifies for how many seconds should the autofs responder negative cache "
 "hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1827,68 +1857,77 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1461
+#: sssd.conf.5.xml:1478
 msgid "SSH configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1463
+#: sssd.conf.5.xml:1480
 msgid "These options can be used to configure the SSH service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1467
+#: sssd.conf.5.xml:1484
 msgid "ssh_hash_known_hosts (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1470
+#: sssd.conf.5.xml:1487
 msgid ""
 "Whether or not to hash host names and addresses in the managed known_hosts "
 "file."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1479
+#: sssd.conf.5.xml:1496
 msgid "ssh_known_hosts_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1482
+#: sssd.conf.5.xml:1499
 msgid ""
 "How many seconds to keep a host in the managed known_hosts file after its "
 "host keys were requested."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1486
+#: sssd.conf.5.xml:1503
 msgid "Default: 180"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1491
-msgid "ca_db (string)"
+#: sssd.conf.5.xml:1508
+msgid "ssh_use_certificate_keys (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1494
+#: sssd.conf.5.xml:1511
 msgid ""
-"Path to a storage of trusted CA certificates. The option is used to validate "
-"user certificates before deriving public ssh keys from them."
+"If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh "
+"keys derived from the public key of X.509 certificates stored in the user "
+"entry as well. See <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</"
+"refentrytitle> <manvolnum>1</manvolnum> </citerefentry> for details."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1526
+msgid "ca_db (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1499
-msgid "Default: /etc/pki/nssdb"
+#: sssd.conf.5.xml:1529
+msgid ""
+"Path to a storage of trusted CA certificates. The option is used to validate "
+"user certificates before deriving public ssh keys from them."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1507
+#: sssd.conf.5.xml:1557
 msgid "PAC responder configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1509
+#: sssd.conf.5.xml:1559
 msgid ""
 "The PAC responder works together with the authorization data plugin for MIT "
 "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -1899,7 +1938,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1518
+#: sssd.conf.5.xml:1568
 msgid ""
 "If the remote user does not exist in the cache, it is created. The UID is "
 "determined with the help of the SID, trusted domains will have UPGs and the "
@@ -1910,24 +1949,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1526
+#: sssd.conf.5.xml:1576
 msgid ""
 "If there are SIDs of groups from domains sssd knows about, the user will be "
 "added to those groups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1532
+#: sssd.conf.5.xml:1582
 msgid "These options can be used to configure the PAC responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1536 sssd-ifp.5.xml:50
+#: sssd.conf.5.xml:1586 sssd-ifp.5.xml:50
 msgid "allowed_uids (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1539
+#: sssd.conf.5.xml:1589
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -1935,12 +1974,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1545
+#: sssd.conf.5.xml:1595
 msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1549
+#: sssd.conf.5.xml:1599
 msgid ""
 "Please note that although the UID 0 is used as the default it will be "
 "overwritten with this option. If you still want to allow the root user to "
@@ -1949,24 +1988,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1558
+#: sssd.conf.5.xml:1608
 msgid "pac_lifetime (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1561
+#: sssd.conf.5.xml:1611
 msgid ""
 "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
 "data can be used to determine the group memberships of a user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1574
+#: sssd.conf.5.xml:1624
 msgid "Session recording configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1576
+#: sssd.conf.5.xml:1626
 msgid ""
 "Session recording works in conjunction with <citerefentry> "
 "<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </"
@@ -1976,66 +2015,66 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1589
+#: sssd.conf.5.xml:1639
 msgid "These options can be used to configure session recording."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1593 sssd-session-recording.5.xml:64
+#: sssd.conf.5.xml:1643 sssd-session-recording.5.xml:64
 msgid "scope (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1600 sssd-session-recording.5.xml:71
+#: sssd.conf.5.xml:1650 sssd-session-recording.5.xml:71
 msgid "\"none\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1603 sssd-session-recording.5.xml:74
+#: sssd.conf.5.xml:1653 sssd-session-recording.5.xml:74
 msgid "No users are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1608 sssd-session-recording.5.xml:79
+#: sssd.conf.5.xml:1658 sssd-session-recording.5.xml:79
 msgid "\"some\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1611 sssd-session-recording.5.xml:82
+#: sssd.conf.5.xml:1661 sssd-session-recording.5.xml:82
 msgid ""
 "Users/groups specified by <replaceable>users</replaceable> and "
 "<replaceable>groups</replaceable> options are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1620 sssd-session-recording.5.xml:91
+#: sssd.conf.5.xml:1670 sssd-session-recording.5.xml:91
 msgid "\"all\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1623 sssd-session-recording.5.xml:94
+#: sssd.conf.5.xml:1673 sssd-session-recording.5.xml:94
 msgid "All users are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1596 sssd-session-recording.5.xml:67
+#: sssd.conf.5.xml:1646 sssd-session-recording.5.xml:67
 msgid ""
 "One of the following strings specifying the scope of session recording: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1630 sssd-session-recording.5.xml:101
+#: sssd.conf.5.xml:1680 sssd-session-recording.5.xml:101
 msgid "Default: \"none\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1635 sssd-session-recording.5.xml:106
+#: sssd.conf.5.xml:1685 sssd-session-recording.5.xml:106
 msgid "users (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1638 sssd-session-recording.5.xml:109
+#: sssd.conf.5.xml:1688 sssd-session-recording.5.xml:109
 msgid ""
 "A comma-separated list of users which should have session recording enabled. "
 "Matches user names as returned by NSS. I.e. after the possible space "
@@ -2043,17 +2082,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1644 sssd-session-recording.5.xml:115
+#: sssd.conf.5.xml:1694 sssd-session-recording.5.xml:115
 msgid "Default: Empty. Matches no users."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1649 sssd-session-recording.5.xml:120
+#: sssd.conf.5.xml:1699 sssd-session-recording.5.xml:120
 msgid "groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1652 sssd-session-recording.5.xml:123
+#: sssd.conf.5.xml:1702 sssd-session-recording.5.xml:123
 msgid ""
 "A comma-separated list of groups, members of which should have session "
 "recording enabled. Matches group names as returned by NSS. I.e. after the "
@@ -2061,7 +2100,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1658 sssd-session-recording.5.xml:129
+#: sssd.conf.5.xml:1708 sssd-session-recording.5.xml:129
 msgid ""
 "NOTE: using this option (having it set to anything) has a considerable "
 "performance cost, because each uncached request for a user requires "
@@ -2069,22 +2108,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1665 sssd-session-recording.5.xml:136
+#: sssd.conf.5.xml:1715 sssd-session-recording.5.xml:136
 msgid "Default: Empty. Matches no groups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1675
+#: sssd.conf.5.xml:1725
 msgid "DOMAIN SECTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1682
+#: sssd.conf.5.xml:1732
 msgid "domain_type (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1685
+#: sssd.conf.5.xml:1735
 msgid ""
 "Specifies whether the domain is meant to be used by POSIX-aware clients such "
 "as the Name Service Switch or by applications that do not need POSIX data to "
@@ -2093,14 +2132,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1693
+#: sssd.conf.5.xml:1743
 msgid ""
 "Allowed values for this option are <quote>posix</quote> and "
 "<quote>application</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1697
+#: sssd.conf.5.xml:1747
 msgid ""
 "POSIX domains are reachable by all services. Application domains are only "
 "reachable from the InfoPipe responder (see <citerefentry> "
@@ -2109,38 +2148,38 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1705
+#: sssd.conf.5.xml:1755
 msgid ""
 "NOTE: The application domains are currently well tested with "
 "<quote>id_provider=ldap</quote> only."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1709
+#: sssd.conf.5.xml:1759
 msgid ""
 "For an easy way to configure a non-POSIX domains, please see the "
 "<quote>Application domains</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1713
+#: sssd.conf.5.xml:1763
 msgid "Default: posix"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1719
+#: sssd.conf.5.xml:1769
 msgid "min_id,max_id (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1722
+#: sssd.conf.5.xml:1772
 msgid ""
 "UID and GID limits for the domain. If a domain contains an entry that is "
 "outside these limits, it is ignored."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1727
+#: sssd.conf.5.xml:1777
 msgid ""
 "For users, this affects the primary GID limit. The user will not be returned "
 "to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -2149,24 +2188,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1734
+#: sssd.conf.5.xml:1784
 msgid ""
 "These ID limits affect even saving entries to cache, not only returning them "
 "by name or ID."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1738
+#: sssd.conf.5.xml:1788
 msgid "Default: 1 for min_id, 0 (no limit) for max_id"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1744
+#: sssd.conf.5.xml:1794
 msgid "enumerate (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1747
+#: sssd.conf.5.xml:1797
 msgid ""
 "Determines if a domain can be enumerated, that is, whether the domain can "
 "list all the users and group it contains. Note that it is not required to "
@@ -2175,29 +2214,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1755
+#: sssd.conf.5.xml:1805
 msgid "TRUE = Users and groups are enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1758
+#: sssd.conf.5.xml:1808
 msgid "FALSE = No enumerations for this domain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1761 sssd.conf.5.xml:1983 sssd.conf.5.xml:2150
+#: sssd.conf.5.xml:1811 sssd.conf.5.xml:2033 sssd.conf.5.xml:2208
 msgid "Default: FALSE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1764
+#: sssd.conf.5.xml:1814
 msgid ""
 "Enumerating a domain requires SSSD to download and store ALL user and group "
 "entries from the remote server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1769
+#: sssd.conf.5.xml:1819
 msgid ""
 "Note: Enabling enumeration has a moderate performance impact on SSSD while "
 "enumeration is running. It may take up to several minutes after SSSD startup "
@@ -2211,14 +2250,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1784
+#: sssd.conf.5.xml:1834
 msgid ""
 "While the first enumeration is running, requests for the complete user or "
 "group lists may return no results until it completes."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1789
+#: sssd.conf.5.xml:1839
 msgid ""
 "Further, enabling enumeration may increase the time necessary to detect "
 "network disconnection, as longer timeouts are required to ensure that "
@@ -2227,39 +2266,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1797
+#: sssd.conf.5.xml:1847
 msgid ""
 "For the reasons cited above, enabling enumeration is not recommended, "
 "especially in large environments."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1805
+#: sssd.conf.5.xml:1855
 msgid "subdomain_enumerate (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1812
+#: sssd.conf.5.xml:1862
 msgid "all"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1813
+#: sssd.conf.5.xml:1863
 msgid "All discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1816
+#: sssd.conf.5.xml:1866
 msgid "none"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1817
+#: sssd.conf.5.xml:1867
 msgid "No discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1808
+#: sssd.conf.5.xml:1858
 msgid ""
 "Whether any of autodetected trusted domains should be enumerated. The "
 "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -2268,19 +2307,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1831
+#: sssd.conf.5.xml:1881
 msgid "entry_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1834
+#: sssd.conf.5.xml:1884
 msgid ""
 "How many seconds should nss_sss consider entries valid before asking the "
 "backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1838
+#: sssd.conf.5.xml:1888
 msgid ""
 "The cache expiration timestamps are stored as attributes of individual "
 "objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -2291,151 +2330,151 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1851
+#: sssd.conf.5.xml:1901
 msgid "Default: 5400"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1857
+#: sssd.conf.5.xml:1907
 msgid "entry_cache_user_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1860
+#: sssd.conf.5.xml:1910
 msgid ""
 "How many seconds should nss_sss consider user entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1864 sssd.conf.5.xml:1877 sssd.conf.5.xml:1890
-#: sssd.conf.5.xml:1903 sssd.conf.5.xml:1916 sssd.conf.5.xml:1930
-#: sssd.conf.5.xml:1944
+#: sssd.conf.5.xml:1914 sssd.conf.5.xml:1927 sssd.conf.5.xml:1940
+#: sssd.conf.5.xml:1953 sssd.conf.5.xml:1966 sssd.conf.5.xml:1980
+#: sssd.conf.5.xml:1994
 msgid "Default: entry_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1870
+#: sssd.conf.5.xml:1920
 msgid "entry_cache_group_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1873
+#: sssd.conf.5.xml:1923
 msgid ""
 "How many seconds should nss_sss consider group entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1883
+#: sssd.conf.5.xml:1933
 msgid "entry_cache_netgroup_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1886
+#: sssd.conf.5.xml:1936
 msgid ""
 "How many seconds should nss_sss consider netgroup entries valid before "
 "asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1896
+#: sssd.conf.5.xml:1946
 msgid "entry_cache_service_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1899
+#: sssd.conf.5.xml:1949
 msgid ""
 "How many seconds should nss_sss consider service entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1909
+#: sssd.conf.5.xml:1959
 msgid "entry_cache_sudo_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:1962
 msgid ""
 "How many seconds should sudo consider rules valid before asking the backend "
 "again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1922
+#: sssd.conf.5.xml:1972
 msgid "entry_cache_autofs_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1925
+#: sssd.conf.5.xml:1975
 msgid ""
 "How many seconds should the autofs service consider automounter maps valid "
 "before asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1936
+#: sssd.conf.5.xml:1986
 msgid "entry_cache_ssh_host_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1939
+#: sssd.conf.5.xml:1989
 msgid ""
 "How many seconds to keep a host ssh key after refresh. IE how long to cache "
 "the host key for."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1950
+#: sssd.conf.5.xml:2000
 msgid "refresh_expired_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1953
+#: sssd.conf.5.xml:2003
 msgid ""
 "Specifies how many seconds SSSD has to wait before triggering a background "
 "refresh task which will refresh all expired or nearly expired records."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1958
+#: sssd.conf.5.xml:2008
 msgid ""
 "The background refresh will process users, groups and netgroups in the cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1962
+#: sssd.conf.5.xml:2012
 msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1966 sssd-ldap.5.xml:746 sssd-ipa.5.xml:254
+#: sssd.conf.5.xml:2016 sssd-ldap.5.xml:746 sssd-ipa.5.xml:254
 msgid "Default: 0 (disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1972
+#: sssd.conf.5.xml:2022
 msgid "cache_credentials (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1975
+#: sssd.conf.5.xml:2025
 msgid "Determines if user credentials are also cached in the local LDB cache"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1979
+#: sssd.conf.5.xml:2029
 msgid "User credentials are stored in a SHA512 hash, not in plaintext"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1989
+#: sssd.conf.5.xml:2039
 msgid "cache_credentials_minimal_first_factor_length (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1992
+#: sssd.conf.5.xml:2042
 msgid ""
 "If 2-Factor-Authentication (2FA) is used and credentials should be saved "
 "this value determines the minimal length the first authentication factor "
@@ -2443,24 +2482,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1999
+#: sssd.conf.5.xml:2049
 msgid ""
 "This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
 "the cache which would make them easy targets for brute-force attacks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2004
+#: sssd.conf.5.xml:2054
 msgid "Default: 8"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2010
+#: sssd.conf.5.xml:2060
 msgid "account_cache_expiration (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2013
+#: sssd.conf.5.xml:2063
 msgid ""
 "Number of days entries are left in cache after last successful login before "
 "being removed during a cleanup of the cache. 0 means keep forever.  The "
@@ -2469,17 +2508,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2020
+#: sssd.conf.5.xml:2070
 msgid "Default: 0 (unlimited)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2025
+#: sssd.conf.5.xml:2075
 msgid "pwd_expiration_warning (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2036
+#: sssd.conf.5.xml:2086
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -2488,33 +2527,42 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2043
+#: sssd.conf.5.xml:2093
 msgid "Default: 7 (Kerberos), 0 (LDAP)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2049
+#: sssd.conf.5.xml:2099
 msgid "id_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2052
+#: sssd.conf.5.xml:2102
 msgid ""
 "The identification provider used for the domain.  Supported ID providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2056
-msgid "<quote>proxy</quote>: Support a legacy NSS provider"
+#: sssd.conf.5.xml:2106
+msgid "<quote>proxy</quote>: Support a legacy NSS provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2059 sssd.conf.5.xml:2196
-msgid "<quote>local</quote>: SSSD internal provider for local users"
+#: sssd.conf.5.xml:2109
+msgid ""
+"<quote>local</quote>: SSSD internal provider for local users (DEPRECATED)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2063
+#: sssd.conf.5.xml:2113
+msgid ""
+"<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-"
+"files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
+"information on how to mirror local users and groups into SSSD."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2121
 msgid ""
 "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
 "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -2522,8 +2570,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2071 sssd.conf.5.xml:2176 sssd.conf.5.xml:2231
-#: sssd.conf.5.xml:2294
+#: sssd.conf.5.xml:2129 sssd.conf.5.xml:2234 sssd.conf.5.xml:2289
+#: sssd.conf.5.xml:2352
 msgid ""
 "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
 "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -2532,8 +2580,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2080 sssd.conf.5.xml:2185 sssd.conf.5.xml:2240
-#: sssd.conf.5.xml:2303
+#: sssd.conf.5.xml:2138 sssd.conf.5.xml:2243 sssd.conf.5.xml:2298
+#: sssd.conf.5.xml:2361
 msgid ""
 "<quote>ad</quote>: Active Directory provider. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2541,19 +2589,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2091
+#: sssd.conf.5.xml:2149
 msgid "use_fully_qualified_names (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2094
+#: sssd.conf.5.xml:2152
 msgid ""
 "Use the full name and domain (as formatted by the domain's full_name_format) "
 "as the user's login name reported to NSS."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2099
+#: sssd.conf.5.xml:2157
 msgid ""
 "If set to TRUE, all requests to this domain must use fully qualified names. "
 "For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -2562,7 +2610,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2107
+#: sssd.conf.5.xml:2165
 msgid ""
 "NOTE: This option has no effect on netgroup lookups due to their tendency to "
 "include nested netgroups without qualified names. For netgroups, all domains "
@@ -2570,22 +2618,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2114
+#: sssd.conf.5.xml:2172
 msgid "Default: FALSE (TRUE if default_domain_suffix is used)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2120
+#: sssd.conf.5.xml:2178
 msgid "ignore_group_members (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2123
+#: sssd.conf.5.xml:2181
 msgid "Do not return group members for group lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2126
+#: sssd.conf.5.xml:2184
 msgid ""
 "If set to TRUE, the group membership attribute is not requested from the "
 "ldap server, and group members are not returned when processing group lookup "
@@ -2597,7 +2645,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2144
+#: sssd.conf.5.xml:2202
 msgid ""
 "Enabling this option can also make access provider checks for group "
 "membership significantly faster, especially for groups containing many "
@@ -2605,19 +2653,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2155
+#: sssd.conf.5.xml:2213
 msgid "auth_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2158
+#: sssd.conf.5.xml:2216
 msgid ""
 "The authentication provider used for the domain.  Supported auth providers "
 "are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2162 sssd.conf.5.xml:2224
+#: sssd.conf.5.xml:2220 sssd.conf.5.xml:2282
 msgid ""
 "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2625,7 +2673,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2169
+#: sssd.conf.5.xml:2227
 msgid ""
 "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2633,30 +2681,35 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2193
+#: sssd.conf.5.xml:2251
 msgid ""
 "<quote>proxy</quote> for relaying authentication to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2200
+#: sssd.conf.5.xml:2254
+msgid "<quote>local</quote>: SSSD internal provider for local users"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2258
 msgid "<quote>none</quote> disables authentication explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2203
+#: sssd.conf.5.xml:2261
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "authentication requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2209
+#: sssd.conf.5.xml:2267
 msgid "access_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2212
+#: sssd.conf.5.xml:2270
 msgid ""
 "The access control provider used for the domain.  There are two built-in "
 "access providers (in addition to any included in installed backends)  "
@@ -2664,19 +2717,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2218
+#: sssd.conf.5.xml:2276
 msgid ""
 "<quote>permit</quote> always allow access. It's the only permitted access "
 "provider for a local domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2221
+#: sssd.conf.5.xml:2279
 msgid "<quote>deny</quote> always deny access."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2248
+#: sssd.conf.5.xml:2306
 msgid ""
 "<quote>simple</quote> access control based on access or deny lists. See "
 "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -2685,7 +2738,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2255
+#: sssd.conf.5.xml:2313
 msgid ""
 "<quote>krb5</quote>: .k5login based access control.  See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
@@ -2693,29 +2746,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2262
+#: sssd.conf.5.xml:2320
 msgid "<quote>proxy</quote> for relaying access control to another PAM module."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2265
+#: sssd.conf.5.xml:2323
 msgid "Default: <quote>permit</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2270
+#: sssd.conf.5.xml:2328
 msgid "chpass_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2273
+#: sssd.conf.5.xml:2331
 msgid ""
 "The provider which should handle change password operations for the domain.  "
 "Supported change password providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2278
+#: sssd.conf.5.xml:2336
 msgid ""
 "<quote>ldap</quote> to change a password stored in a LDAP server. See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -2723,7 +2776,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2286
+#: sssd.conf.5.xml:2344
 msgid ""
 "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2731,35 +2784,35 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2311
+#: sssd.conf.5.xml:2369
 msgid ""
 "<quote>proxy</quote> for relaying password changes to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2315
+#: sssd.conf.5.xml:2373
 msgid "<quote>none</quote> disallows password changes explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2318
+#: sssd.conf.5.xml:2376
 msgid ""
 "Default: <quote>auth_provider</quote> is used if it is set and can handle "
 "change password requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2325
+#: sssd.conf.5.xml:2383
 msgid "sudo_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2328
+#: sssd.conf.5.xml:2386
 msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2332
+#: sssd.conf.5.xml:2390
 msgid ""
 "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2767,32 +2820,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2340
+#: sssd.conf.5.xml:2398
 msgid ""
 "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2344
+#: sssd.conf.5.xml:2402
 msgid ""
 "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2348
+#: sssd.conf.5.xml:2406
 msgid "<quote>none</quote> disables SUDO explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2351 sssd.conf.5.xml:2437 sssd.conf.5.xml:2507
-#: sssd.conf.5.xml:2532
+#: sssd.conf.5.xml:2409 sssd.conf.5.xml:2495 sssd.conf.5.xml:2565
+#: sssd.conf.5.xml:2590
 msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2355
+#: sssd.conf.5.xml:2413
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -2803,7 +2856,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2370
+#: sssd.conf.5.xml:2428
 msgid ""
 "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the "
 "background unless the sudo provider is explicitly disabled. Set "
@@ -2812,12 +2865,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2380
+#: sssd.conf.5.xml:2438
 msgid "selinux_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2383
+#: sssd.conf.5.xml:2441
 msgid ""
 "The provider which should handle loading of selinux settings. Note that this "
 "provider will be called right after access provider ends.  Supported selinux "
@@ -2825,7 +2878,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2389
+#: sssd.conf.5.xml:2447
 msgid ""
 "<quote>ipa</quote> to load selinux settings from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2833,31 +2886,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2397
+#: sssd.conf.5.xml:2455
 msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2400
+#: sssd.conf.5.xml:2458
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "selinux loading requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2406
+#: sssd.conf.5.xml:2464
 msgid "subdomains_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2409
+#: sssd.conf.5.xml:2467
 msgid ""
 "The provider which should handle fetching of subdomains. This value should "
 "be always the same as id_provider.  Supported subdomain providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2415
+#: sssd.conf.5.xml:2473
 msgid ""
 "<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2865,7 +2918,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2424
+#: sssd.conf.5.xml:2482
 msgid ""
 "<quote>ad</quote> to load a list of subdomains from an Active Directory "
 "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -2874,17 +2927,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2433
+#: sssd.conf.5.xml:2491
 msgid "<quote>none</quote> disallows fetching subdomains explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2443
+#: sssd.conf.5.xml:2501
 msgid "session_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2446
+#: sssd.conf.5.xml:2504
 msgid ""
 "The provider which configures and manages user session related tasks. The "
 "only user session task currently provided is the integration with Fleet "
@@ -2892,43 +2945,43 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2453
+#: sssd.conf.5.xml:2511
 msgid "<quote>ipa</quote> to allow performing user session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2457
+#: sssd.conf.5.xml:2515
 msgid ""
 "<quote>none</quote> does not perform any kind of user session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2461
+#: sssd.conf.5.xml:2519
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can perform "
 "session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2465
+#: sssd.conf.5.xml:2523
 msgid ""
 "<emphasis>NOTE:</emphasis> In order to have this feature working as expected "
 "SSSD must be running as \"root\" and not as the unprivileged user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2473
+#: sssd.conf.5.xml:2531
 msgid "autofs_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2476
+#: sssd.conf.5.xml:2534
 msgid ""
 "The autofs provider used for the domain.  Supported autofs providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2480
+#: sssd.conf.5.xml:2538
 msgid ""
 "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2936,7 +2989,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2487
+#: sssd.conf.5.xml:2545
 msgid ""
 "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
 "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2944,7 +2997,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2495
+#: sssd.conf.5.xml:2553
 msgid ""
 "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2952,24 +3005,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2504
+#: sssd.conf.5.xml:2562
 msgid "<quote>none</quote> disables autofs explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2514
+#: sssd.conf.5.xml:2572
 msgid "hostid_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2517
+#: sssd.conf.5.xml:2575
 msgid ""
 "The provider used for retrieving host identity information.  Supported "
 "hostid providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2521
+#: sssd.conf.5.xml:2579
 msgid ""
 "<quote>ipa</quote> to load host identity stored in an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2977,12 +3030,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2529
+#: sssd.conf.5.xml:2587
 msgid "<quote>none</quote> disables hostid explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2542
+#: sssd.conf.5.xml:2600
 msgid ""
 "Regular expression for this domain that describes how to parse the string "
 "containing user name and domain into these components.  The \"domain\" can "
@@ -2992,7 +3045,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2551
+#: sssd.conf.5.xml:2609
 msgid ""
 "Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
 "\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -3001,29 +3054,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2556
+#: sssd.conf.5.xml:2614
 msgid "username"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2559
+#: sssd.conf.5.xml:2617
 msgid "username@domain.name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2562
+#: sssd.conf.5.xml:2620
 msgid "domain\\username"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2565
+#: sssd.conf.5.xml:2623
 msgid ""
 "While the first two correspond to the general default the third one is "
 "introduced to allow easy integration of users from Windows domains."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2570
+#: sssd.conf.5.xml:2628
 msgid ""
 "Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
 "which translates to \"the name is everything up to the <quote>@</quote> "
@@ -3031,7 +3084,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2576
+#: sssd.conf.5.xml:2634
 msgid ""
 "PLEASE NOTE: the support for non-unique named subpatterns is not available "
 "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -3039,66 +3092,66 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2583
+#: sssd.conf.5.xml:2641
 msgid ""
 "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
 "P&lt;name&gt;) to label subpatterns."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2630
+#: sssd.conf.5.xml:2688
 msgid "Default: <quote>%1$s@%2$s</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2636
+#: sssd.conf.5.xml:2694
 msgid "lookup_family_order (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2639
+#: sssd.conf.5.xml:2697
 msgid ""
 "Provides the ability to select preferred address family to use when "
 "performing DNS lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2643
+#: sssd.conf.5.xml:2701
 msgid "Supported values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2646
+#: sssd.conf.5.xml:2704
 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2649
+#: sssd.conf.5.xml:2707
 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2652
+#: sssd.conf.5.xml:2710
 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2655
+#: sssd.conf.5.xml:2713
 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2658
+#: sssd.conf.5.xml:2716
 msgid "Default: ipv4_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2664
+#: sssd.conf.5.xml:2722
 msgid "dns_resolver_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2667
+#: sssd.conf.5.xml:2725
 msgid ""
 "Defines the amount of time (in seconds) to wait for a reply from the "
 "internal fail over service before assuming that the service is unreachable. "
@@ -3107,77 +3160,77 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2674
+#: sssd.conf.5.xml:2732
 msgid ""
 "Please see the section <quote>FAILOVER</quote> for more information about "
 "the service resolution."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2679 sssd-ldap.5.xml:1396 sssd-ldap.5.xml:1438
+#: sssd.conf.5.xml:2737 sssd-ldap.5.xml:1396 sssd-ldap.5.xml:1438
 #: sssd-ldap.5.xml:1456 sssd-krb5.5.xml:248
 msgid "Default: 6"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2685
+#: sssd.conf.5.xml:2743
 msgid "dns_discovery_domain (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2688
+#: sssd.conf.5.xml:2746
 msgid ""
 "If service discovery is used in the back end, specifies the domain part of "
 "the service discovery DNS query."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2692
+#: sssd.conf.5.xml:2750
 msgid "Default: Use the domain part of machine's hostname"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2698
+#: sssd.conf.5.xml:2756
 msgid "override_gid (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2701
+#: sssd.conf.5.xml:2759
 msgid "Override the primary GID value with the one specified."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2707
+#: sssd.conf.5.xml:2765
 msgid "case_sensitive (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2715
+#: sssd.conf.5.xml:2773
 msgid "True"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2718
+#: sssd.conf.5.xml:2776
 msgid "Case sensitive. This value is invalid for AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2724
+#: sssd.conf.5.xml:2782
 msgid "False"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2726
+#: sssd.conf.5.xml:2784
 msgid "Case insensitive."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2730
+#: sssd.conf.5.xml:2788
 msgid "Preserving"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2733
+#: sssd.conf.5.xml:2791
 msgid ""
 "Same as False (case insensitive), but does not lowercase names in the result "
 "of NSS operations. Note that name aliases (and in case of services also "
@@ -3185,7 +3238,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2710
+#: sssd.conf.5.xml:2768
 msgid ""
 "Treat user and group names as case sensitive. At the moment, this option is "
 "not supported in the local provider. Possible option values are: "
@@ -3193,17 +3246,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2745
+#: sssd.conf.5.xml:2803
 msgid "Default: True (False for AD provider)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2751
+#: sssd.conf.5.xml:2809
 msgid "subdomain_inherit (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2754
+#: sssd.conf.5.xml:2812
 msgid ""
 "Specifies a list of configuration parameters that should be inherited by a "
 "subdomain. Please note that only selected parameters can be inherited.  "
@@ -3211,34 +3264,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2760
+#: sssd.conf.5.xml:2818
 msgid "ignore_group_members"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2763
+#: sssd.conf.5.xml:2821
 msgid "ldap_purge_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2766 sssd-ldap.5.xml:1120
+#: sssd.conf.5.xml:2824 sssd-ldap.5.xml:1120
 msgid "ldap_use_tokengroups"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2769
+#: sssd.conf.5.xml:2827
 msgid "ldap_user_principal"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2772
+#: sssd.conf.5.xml:2830
 msgid ""
 "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
 "is not set explicitly)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:2778
+#: sssd.conf.5.xml:2836
 #, no-wrap
 msgid ""
 "subdomain_inherit = ldap_purge_cache_timeout\n"
@@ -3246,32 +3299,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2776 sssd-secrets.5.xml:448
+#: sssd.conf.5.xml:2834 sssd-secrets.5.xml:448
 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2785
+#: sssd.conf.5.xml:2843
 msgid "Note: This option only works with the IPA and AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2792
+#: sssd.conf.5.xml:2850
 msgid "subdomain_homedir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2803
+#: sssd.conf.5.xml:2861
 msgid "%F"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2804
+#: sssd.conf.5.xml:2862
 msgid "flat (NetBIOS) name of a subdomain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2795
+#: sssd.conf.5.xml:2853
 msgid ""
 "Use this homedir as default value for all subdomains within this domain in "
 "IPA AD trust.  See <emphasis>override_homedir</emphasis> for info about "
@@ -3281,34 +3334,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2809
+#: sssd.conf.5.xml:2867
 msgid ""
 "The value can be overridden by <emphasis>override_homedir</emphasis> option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2813
+#: sssd.conf.5.xml:2871
 msgid "Default: <filename>/home/%d/%u</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2818
+#: sssd.conf.5.xml:2876
 msgid "realmd_tags (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2821
+#: sssd.conf.5.xml:2879
 msgid ""
 "Various tags stored by the realmd configuration service for this domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2827
+#: sssd.conf.5.xml:2885
 msgid "cached_auth_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2830
+#: sssd.conf.5.xml:2888
 msgid ""
 "Specifies time in seconds since last successful online authentication for "
 "which user will be authenticated using cached credentials while SSSD is in "
@@ -3316,12 +3369,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2836
+#: sssd.conf.5.xml:2894
 msgid "Special value 0 implies that this feature is disabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2840
+#: sssd.conf.5.xml:2898
 msgid ""
 "Please note that if <quote>cached_auth_timeout</quote> is longer than "
 "<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -3329,26 +3382,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2851
+#: sssd.conf.5.xml:2909
 msgid "auto_private_groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2854
+#: sssd.conf.5.xml:2912
 msgid ""
 "If this option is enabled, SSSD will automatically create user private "
 "groups based on user's UID number. The GID number is ignored in this case."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2859
+#: sssd.conf.5.xml:2917
 msgid ""
 "For POSIX subdomains, setting the option in the main domain is inherited in "
 "the subdomain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2863
+#: sssd.conf.5.xml:2921
 msgid ""
 "For ID-mapping subdomains, auto_private_groups is already enabled for the "
 "subdomains and setting it to false will not have any effect for the "
@@ -3356,7 +3409,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2868
+#: sssd.conf.5.xml:2926
 msgid ""
 "NOTE: Because the GID number and the user private group are inferred from "
 "the UID number, it is not supported to have multiple entries with the same "
@@ -3365,7 +3418,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1677
+#: sssd.conf.5.xml:1727
 msgid ""
 "These configuration options can be present in a domain configuration "
 "section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -3373,29 +3426,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2887
+#: sssd.conf.5.xml:2945
 msgid "proxy_pam_target (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2890
+#: sssd.conf.5.xml:2948
 msgid "The proxy target PAM proxies to."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2893
+#: sssd.conf.5.xml:2951
 msgid ""
 "Default: not set by default, you have to take an existing pam configuration "
 "or create a new one and add the service name here."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2901
+#: sssd.conf.5.xml:2959
 msgid "proxy_lib_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2904
+#: sssd.conf.5.xml:2962
 msgid ""
 "The name of the NSS library to use in proxy domains. The NSS functions "
 "searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -3403,12 +3456,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2914
+#: sssd.conf.5.xml:2972
 msgid "proxy_fast_alias (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2917
+#: sssd.conf.5.xml:2975
 msgid ""
 "When a user or group is looked up by name in the proxy provider, a second "
 "lookup by ID is performed to \"canonicalize\" the name in case the requested "
@@ -3417,12 +3470,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2931
+#: sssd.conf.5.xml:2989
 msgid "proxy_max_children (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2934
+#: sssd.conf.5.xml:2992
 msgid ""
 "This option specifies the number of pre-forked proxy children. It is useful "
 "for high-load SSSD environments where sssd may run out of available child "
@@ -3430,19 +3483,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2883
+#: sssd.conf.5.xml:2941
 msgid ""
 "Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
 "\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2950
+#: sssd.conf.5.xml:3008
 msgid "Application domains"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2952
+#: sssd.conf.5.xml:3010
 msgid ""
 "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</"
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to "
@@ -3459,7 +3512,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2972
+#: sssd.conf.5.xml:3030
 msgid ""
 "Please note that the application domain must still be explicitly enabled in "
 "the <quote>domains</quote> parameter so that the lookup order between the "
@@ -3467,17 +3520,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:2978
+#: sssd.conf.5.xml:3036
 msgid "Application domain parameters"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2980
+#: sssd.conf.5.xml:3038
 msgid "inherit_from (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2983
+#: sssd.conf.5.xml:3041
 msgid ""
 "The SSSD POSIX-type domain the application domain inherits all settings "
 "from. The application domain can moreover add its own settings to the "
@@ -3486,7 +3539,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2997
+#: sssd.conf.5.xml:3055
 msgid ""
 "The following example illustrates the use of an application domain. In this "
 "setup, the POSIX domain is connected to an LDAP server and is used by the OS "
@@ -3496,7 +3549,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting>
-#: sssd.conf.5.xml:3005
+#: sssd.conf.5.xml:3063
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -3516,12 +3569,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:3023
+#: sssd.conf.5.xml:3081
 msgid "The local domain section"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:3025
+#: sssd.conf.5.xml:3083
 msgid ""
 "This section contains settings for domain that stores users and groups in "
 "SSSD native database, that is, a domain that uses "
@@ -3529,73 +3582,73 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3032
+#: sssd.conf.5.xml:3090
 msgid "default_shell (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3035
+#: sssd.conf.5.xml:3093
 msgid "The default shell for users created with SSSD userspace tools."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3039
+#: sssd.conf.5.xml:3097
 msgid "Default: <filename>/bin/bash</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3044
+#: sssd.conf.5.xml:3102
 msgid "base_directory (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3047
+#: sssd.conf.5.xml:3105
 msgid ""
 "The tools append the login name to <replaceable>base_directory</replaceable> "
 "and use that as the home directory."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3052
+#: sssd.conf.5.xml:3110
 msgid "Default: <filename>/home</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3057
+#: sssd.conf.5.xml:3115
 msgid "create_homedir (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3060
+#: sssd.conf.5.xml:3118
 msgid ""
 "Indicate if a home directory should be created by default for new users.  "
 "Can be overridden on command line."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3064 sssd.conf.5.xml:3076
+#: sssd.conf.5.xml:3122 sssd.conf.5.xml:3134
 msgid "Default: TRUE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3069
+#: sssd.conf.5.xml:3127
 msgid "remove_homedir (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3072
+#: sssd.conf.5.xml:3130
 msgid ""
 "Indicate if a home directory should be removed by default for deleted "
 "users.  Can be overridden on command line."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3081
+#: sssd.conf.5.xml:3139
 msgid "homedir_umask (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3084
+#: sssd.conf.5.xml:3142
 msgid ""
 "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
 "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -3603,17 +3656,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3092
+#: sssd.conf.5.xml:3150
 msgid "Default: 077"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3097
+#: sssd.conf.5.xml:3155
 msgid "skel_dir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3100
+#: sssd.conf.5.xml:3158
 msgid ""
 "The skeleton directory, which contains files and directories to be copied in "
 "the user's home directory, when the home directory is created by "
@@ -3622,17 +3675,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3110
+#: sssd.conf.5.xml:3168
 msgid "Default: <filename>/etc/skel</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3115
+#: sssd.conf.5.xml:3173
 msgid "mail_dir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3118
+#: sssd.conf.5.xml:3176
 msgid ""
 "The mail spool directory. This is needed to manipulate the mailbox when its "
 "corresponding user account is modified or deleted.  If not specified, a "
@@ -3640,17 +3693,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3125
+#: sssd.conf.5.xml:3183
 msgid "Default: <filename>/var/mail</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3130
+#: sssd.conf.5.xml:3188
 msgid "userdel_cmd (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3133
+#: sssd.conf.5.xml:3191
 msgid ""
 "The command that is run after a user is removed.  The command us passed the "
 "username of the user being removed as the first and only parameter. The "
@@ -3658,17 +3711,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3139
+#: sssd.conf.5.xml:3197
 msgid "Default: None, no command is run"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:3149
+#: sssd.conf.5.xml:3207
 msgid "TRUSTED DOMAIN SECTION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3151
+#: sssd.conf.5.xml:3209
 msgid ""
 "Some options used in the domain section can also be used in the trusted "
 "domain section, that is, in a section called <quote>[domain/"
@@ -3679,64 +3732,64 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3158
+#: sssd.conf.5.xml:3216
 msgid "ldap_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3159
+#: sssd.conf.5.xml:3217
 msgid "ldap_user_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3160
+#: sssd.conf.5.xml:3218
 msgid "ldap_group_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3161
+#: sssd.conf.5.xml:3219
 msgid "ldap_netgroup_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3162
+#: sssd.conf.5.xml:3220
 msgid "ldap_service_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3163
+#: sssd.conf.5.xml:3221
 msgid "ad_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3164
+#: sssd.conf.5.xml:3222
 msgid "ad_backup_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3165
+#: sssd.conf.5.xml:3223
 msgid "ad_site,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3166
+#: sssd.conf.5.xml:3224
 msgid "use_fully_qualified_names"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3168
+#: sssd.conf.5.xml:3226
 msgid ""
 "For more details about these options see their individual description in the "
 "manual page."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:3174 idmap_sss.8.xml:43
+#: sssd.conf.5.xml:3232 idmap_sss.8.xml:43
 msgid "EXAMPLES"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:3180
+#: sssd.conf.5.xml:3238
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -3766,7 +3819,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3176
+#: sssd.conf.5.xml:3234
 msgid ""
 "1. The following example shows a typical SSSD config. It does not describe "
 "configuration of the domains themselves - refer to documentation on "
@@ -3775,7 +3828,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:3213
+#: sssd.conf.5.xml:3271
 #, no-wrap
 msgid ""
 "[domain/ipa.com/child.ad.com]\n"
@@ -3783,7 +3836,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3207
+#: sssd.conf.5.xml:3265
 msgid ""
 "2. The following example shows configuration of IPA AD trust where the AD "
 "forest consists of two domains in a parent-child structure.  Suppose IPA "
@@ -3831,7 +3884,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:81 sssd-ad.5.xml:112
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:81 sssd-ad.5.xml:115
 #: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44 sssd-files.5.xml:57
 #: sssd-secrets.5.xml:120 sssd-session-recording.5.xml:58 sssd-kcm.8.xml:139
 msgid "CONFIGURATION OPTIONS"
@@ -3932,7 +3985,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:662 sssd-ad.5.xml:283
+#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:662 sssd-ad.5.xml:286
 #: sss_override.8.xml:137 sss_override.8.xml:234
 msgid "Examples:"
 msgstr ""
@@ -5746,7 +5799,7 @@ msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1853 sssd-ad.5.xml:934
+#: sssd-ldap.5.xml:1853 sssd-ad.5.xml:937
 msgid "Default: 86400 (24 hours)"
 msgstr ""
 
@@ -6818,8 +6871,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd-ldap.5.xml:2816 sssd-simple.5.xml:131 sssd-ipa.5.xml:736
-#: sssd-ad.5.xml:1038 sssd-krb5.5.xml:570 sss_rpcidmapd.5.xml:98
-#: sssd-files.5.xml:71 sssd-session-recording.5.xml:144
+#: sssd-ad.5.xml:1041 sssd-krb5.5.xml:570 sss_rpcidmapd.5.xml:98
+#: sssd-files.5.xml:103 sssd-session-recording.5.xml:144
 msgid "EXAMPLE"
 msgstr ""
 
@@ -6846,8 +6899,8 @@ msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para>
 #: sssd-ldap.5.xml:2823 sssd-ldap.5.xml:2841 sssd-simple.5.xml:139
-#: sssd-ipa.5.xml:744 sssd-ad.5.xml:1046 sssd-sudo.5.xml:56 sssd-krb5.5.xml:579
-#: sssd-files.5.xml:78 sssd-session-recording.5.xml:150
+#: sssd-ipa.5.xml:744 sssd-ad.5.xml:1049 sssd-sudo.5.xml:56 sssd-krb5.5.xml:579
+#: sssd-files.5.xml:110 sssd-session-recording.5.xml:150
 #: include/ldap_id_mapping.xml:105
 msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
@@ -6882,7 +6935,7 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd-ldap.5.xml:2857 sssd_krb5_locator_plugin.8.xml:61 sssd-simple.5.xml:148
-#: sssd-ad.5.xml:1061 sssd.8.xml:230 sss_seed.8.xml:163
+#: sssd-ad.5.xml:1064 sssd.8.xml:230 sss_seed.8.xml:163
 msgid "NOTES"
 msgstr ""
 
@@ -7293,7 +7346,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:82 sssd-ad.5.xml:113
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:82 sssd-ad.5.xml:116
 msgid ""
 "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
 "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -7390,23 +7443,24 @@ msgstr ""
 msgid ""
 "The rules are processed by priority while the number '0' (zero)  indicates "
 "the highest priority. The higher the number the lower is the priority. A "
-"missing value indicates the lowest priority."
+"missing value indicates the lowest priority. The rules processing is stopped "
+"when a matched rule is found and no further rules are checked."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:50
+#: sss-certmap.5.xml:52
 msgid ""
 "Internally the priority is treated as unsigned 32bit integer, using a "
 "priority value larger than 4294967295 will cause an error."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sss-certmap.5.xml:55
+#: sss-certmap.5.xml:57
 msgid "MATCHING RULE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:57
+#: sss-certmap.5.xml:59
 msgid ""
 "The matching rule is used to select a certificate to which the mapping rule "
 "should be applied. It uses a system similar to the one used by "
@@ -7418,12 +7472,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:69
+#: sss-certmap.5.xml:71
 msgid "&lt;SUBJECT&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:72
+#: sss-certmap.5.xml:74
 msgid ""
 "With this a part or the whole subject name of the certificate can be "
 "matched. For the matching POSIX Extended Regular Expression syntax is used, "
@@ -7431,7 +7485,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:78
+#: sss-certmap.5.xml:80
 msgid ""
 "For the matching the subject name stored in the certificate in DER encoded "
 "ASN.1 is converted into a string according to RFC 4514. This means the most "
@@ -7444,172 +7498,172 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:91
+#: sss-certmap.5.xml:93
 msgid "Example: &lt;SUBJECT&gt;.*,DC=MY,DC=DOMAIN"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:96
+#: sss-certmap.5.xml:98
 msgid "&lt;ISSUER&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:99
+#: sss-certmap.5.xml:101
 msgid ""
 "With this a part or the whole issuer name of the certificate can be matched. "
 "All comments for &lt;SUBJECT&gt; apply her as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:104
+#: sss-certmap.5.xml:106
 msgid "Example: &lt;ISSUER&gt;^CN=My-CA,DC=MY,DC=DOMAIN$"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:109
+#: sss-certmap.5.xml:111
 msgid "&lt;KU&gt;key-usage"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:112
+#: sss-certmap.5.xml:114
 msgid ""
 "This option can be used to specify which key usage values the certificate "
 "should have. The following values can be used in a comma separated list:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:116
+#: sss-certmap.5.xml:118
 msgid "digitalSignature"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:117
+#: sss-certmap.5.xml:119
 msgid "nonRepudiation"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:118
+#: sss-certmap.5.xml:120
 msgid "keyEncipherment"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:119
+#: sss-certmap.5.xml:121
 msgid "dataEncipherment"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:120
+#: sss-certmap.5.xml:122
 msgid "keyAgreement"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:121
+#: sss-certmap.5.xml:123
 msgid "keyCertSign"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:122
+#: sss-certmap.5.xml:124
 msgid "cRLSign"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:123
+#: sss-certmap.5.xml:125
 msgid "encipherOnly"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:124
+#: sss-certmap.5.xml:126
 msgid "decipherOnly"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:128
+#: sss-certmap.5.xml:130
 msgid ""
 "A numerical value in the range of a 32bit unsigned integer can be used as "
 "well to cover special use cases."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:132
+#: sss-certmap.5.xml:134
 msgid "Example: &lt;KU&gt;digitalSignature,keyEncipherment"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:137
+#: sss-certmap.5.xml:139
 msgid "&lt;EKU&gt;extended-key-usage"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:140
+#: sss-certmap.5.xml:142
 msgid ""
 "This option can be used to specify which extended key usage the certificate "
 "should have. The following value can be used in a comma separated list:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:144
+#: sss-certmap.5.xml:146
 msgid "serverAuth"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:145
+#: sss-certmap.5.xml:147
 msgid "clientAuth"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:146
+#: sss-certmap.5.xml:148
 msgid "codeSigning"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:147
+#: sss-certmap.5.xml:149
 msgid "emailProtection"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:148
+#: sss-certmap.5.xml:150
 msgid "timeStamping"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:149
+#: sss-certmap.5.xml:151
 msgid "OCSPSigning"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:150
+#: sss-certmap.5.xml:152
 msgid "KPClientAuth"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:151
+#: sss-certmap.5.xml:153
 msgid "pkinit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:152
+#: sss-certmap.5.xml:154
 msgid "msScLogin"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:156
+#: sss-certmap.5.xml:158
 msgid ""
 "Extended key usages which are not listed above can be specified with their "
 "OID in dotted-decimal notation."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:160
+#: sss-certmap.5.xml:162
 msgid "Example: &lt;EKU&gt;clientAuth,1.3.6.1.5.2.3.4"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:165
+#: sss-certmap.5.xml:167
 msgid "&lt;SAN&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:168
+#: sss-certmap.5.xml:170
 msgid ""
 "To be compatible with the usage of MIT Kerberos this option will match the "
 "Kerberos principals in the PKINIT or AD NT Principal SAN as &lt;SAN:"
@@ -7617,62 +7671,62 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:173
+#: sss-certmap.5.xml:175
 msgid "Example: &lt;SAN&gt;.*@MY\\.REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:178
+#: sss-certmap.5.xml:180
 msgid "&lt;SAN:Principal&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:181
+#: sss-certmap.5.xml:183
 msgid "Match the Kerberos principals in the PKINIT or AD NT Principal SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:185
+#: sss-certmap.5.xml:187
 msgid "Example: &lt;SAN:Principal&gt;.*@MY\\.REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:190
+#: sss-certmap.5.xml:192
 msgid "&lt;SAN:ntPrincipalName&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:193
+#: sss-certmap.5.xml:195
 msgid "Match the Kerberos principals from the AD NT Principal SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:197
+#: sss-certmap.5.xml:199
 msgid "Example: &lt;SAN:ntPrincipalName&gt;.*@MY.AD.REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:202
+#: sss-certmap.5.xml:204
 msgid "&lt;SAN:pkinit&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:205
+#: sss-certmap.5.xml:207
 msgid "Match the Kerberos principals from the PKINIT SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:208
+#: sss-certmap.5.xml:210
 msgid "Example: &lt;SAN:ntPrincipalName&gt;.*@MY\\.PKINIT\\.REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:213
+#: sss-certmap.5.xml:215
 msgid "&lt;SAN:dotted-decimal-oid&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:216
+#: sss-certmap.5.xml:218
 msgid ""
 "Take the value of the otherName SAN component given by the OID in dotted-"
 "decimal notation, interpret it as string and try to match it against the "
@@ -7680,17 +7734,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:222
+#: sss-certmap.5.xml:224
 msgid "Example: &lt;SAN:1.2.3.4&gt;test"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:227
+#: sss-certmap.5.xml:229
 msgid "&lt;SAN:otherName&gt;base64-string"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:230
+#: sss-certmap.5.xml:232
 msgid ""
 "Do a binary match with the base64 encoded blob against all otherName SAN "
 "components. With this option it is possible to match against custom "
@@ -7699,145 +7753,145 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:237
+#: sss-certmap.5.xml:239
 msgid "Example: &lt;SAN:otherName&gt;MTIz"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:242
+#: sss-certmap.5.xml:244
 msgid "&lt;SAN:rfc822Name&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:245
+#: sss-certmap.5.xml:247
 msgid "Match the value of the rfc822Name SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:248
+#: sss-certmap.5.xml:250
 msgid "Example: &lt;SAN:rfc822Name&gt;.*@email\\.domain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:253
+#: sss-certmap.5.xml:255
 msgid "&lt;SAN:dNSName&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:256
+#: sss-certmap.5.xml:258
 msgid "Match the value of the dNSName SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:259
+#: sss-certmap.5.xml:261
 msgid "Example: &lt;SAN:dNSName&gt;.*\\.my\\.dns\\.domain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:264
+#: sss-certmap.5.xml:266
 msgid "&lt;SAN:x400Address&gt;base64-string"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:267
+#: sss-certmap.5.xml:269
 msgid "Binary match the value of the x400Address SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:270
+#: sss-certmap.5.xml:272
 msgid "Example: &lt;SAN:x400Address&gt;MTIz"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:275
+#: sss-certmap.5.xml:277
 msgid "&lt;SAN:directoryName&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:278
+#: sss-certmap.5.xml:280
 msgid ""
 "Match the value of the directoryName SAN. The same comments as given for &lt;"
 "ISSUER&gt; and &lt;SUBJECT&gt; apply here as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:283
+#: sss-certmap.5.xml:285
 msgid "Example: &lt;SAN:directoryName&gt;.*,DC=com"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:288
+#: sss-certmap.5.xml:290
 msgid "&lt;SAN:ediPartyName&gt;base64-string"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:291
+#: sss-certmap.5.xml:293
 msgid "Binary match the value of the ediPartyName SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:294
+#: sss-certmap.5.xml:296
 msgid "Example: &lt;SAN:ediPartyName&gt;MTIz"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:299
+#: sss-certmap.5.xml:301
 msgid "&lt;SAN:uniformResourceIdentifier&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:302
+#: sss-certmap.5.xml:304
 msgid "Match the value of the uniformResourceIdentifier SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:305
+#: sss-certmap.5.xml:307
 msgid "Example: &lt;SAN:uniformResourceIdentifier&gt;URN:.*"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:310
+#: sss-certmap.5.xml:312
 msgid "&lt;SAN:iPAddress&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:313
+#: sss-certmap.5.xml:315
 msgid "Match the value of the iPAddress SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:316
+#: sss-certmap.5.xml:318
 msgid "Example: &lt;SAN:iPAddress&gt;192\\.168\\..*"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:321
+#: sss-certmap.5.xml:323
 msgid "&lt;SAN:registeredID&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:324
+#: sss-certmap.5.xml:326
 msgid "Match the value of the registeredID SAN as dotted-decimal string."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:328
+#: sss-certmap.5.xml:330
 msgid "Example: &lt;SAN:registeredID&gt;1\\.2\\.3\\..*"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:66
+#: sss-certmap.5.xml:68
 msgid ""
 "The available options are: <placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sss-certmap.5.xml:336
+#: sss-certmap.5.xml:338
 msgid "MAPPING RULE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:338
+#: sss-certmap.5.xml:340
 msgid ""
 "The mapping rule is used to associate a certificate with one or more "
 "accounts. A Smartcard with the certificate and the matching private key can "
@@ -7845,7 +7899,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:343
+#: sss-certmap.5.xml:345
 msgid ""
 "Currently SSSD basically only supports LDAP to lookup user information (the "
 "exception is the proxy provider which is not of relevance here). Because of "
@@ -7857,7 +7911,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:353
+#: sss-certmap.5.xml:355
 msgid ""
 "In general it is recommended to use attributes from the certificate and add "
 "them to special attributes to the LDAP user object. E.g. the "
@@ -7866,7 +7920,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:359
+#: sss-certmap.5.xml:361
 msgid ""
 "This should be preferred to read user specific data from the certificate "
 "like e.g. an email address and search for it in the LDAP server. The reason "
@@ -7876,12 +7930,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:374
+#: sss-certmap.5.xml:376
 msgid "{issuer_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:377
+#: sss-certmap.5.xml:379
 msgid ""
 "This template will add the full issuer DN converted to a string according to "
 "RFC 4514. If X.500 ordering (most specific RDN comes last) an option with "
@@ -7889,40 +7943,40 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:383 sss-certmap.5.xml:409
+#: sss-certmap.5.xml:385 sss-certmap.5.xml:411
 msgid ""
 "The conversion options starting with 'ad_' will use attribute names as used "
 "by AD, e.g. 'S' instead of 'ST'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:387 sss-certmap.5.xml:413
+#: sss-certmap.5.xml:389 sss-certmap.5.xml:415
 msgid ""
 "The conversion options starting with 'nss_' will use attribute names as used "
 "by NSS."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:391 sss-certmap.5.xml:417
+#: sss-certmap.5.xml:393 sss-certmap.5.xml:419
 msgid ""
 "The default conversion option is 'nss', i.e. attribute names according to "
 "NSS and LDAP/RFC 4514 ordering."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:395
+#: sss-certmap.5.xml:397
 msgid ""
 "Example: (ipacertmapdata=X509:&lt;I&gt;{issuer_dn!ad}&lt;S&gt;{subject_dn!"
 "ad})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:400
+#: sss-certmap.5.xml:402
 msgid "{subject_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:403
+#: sss-certmap.5.xml:405
 msgid ""
 "This template will add the full subject DN converted to string according to "
 "RFC 4514. If X.500 ordering (most specific RDN comes last) an option with "
@@ -7930,19 +7984,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:421
+#: sss-certmap.5.xml:423
 msgid ""
 "Example: (ipacertmapdata=X509:&lt;I&gt;{issuer_dn!nss_x500}&lt;S&gt;"
 "{subject_dn!nss_x500})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:426
+#: sss-certmap.5.xml:428
 msgid "{cert[!(bin|base64)]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:429
+#: sss-certmap.5.xml:431
 msgid ""
 "This template will add the whole DER encoded certificate as a string to the "
 "search filter. Depending on the conversion option the binary certificate is "
@@ -7952,17 +8006,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:437
+#: sss-certmap.5.xml:439
 msgid "Example: (userCertificate;binary={cert!bin})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:442
+#: sss-certmap.5.xml:444
 msgid "{subject_principal[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:445
+#: sss-certmap.5.xml:447
 msgid ""
 "This template will add the Kerberos principal which is taken either from the "
 "SAN used by pkinit or the one used by AD. The 'short_name' component "
@@ -7970,19 +8024,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:451 sss-certmap.5.xml:479
+#: sss-certmap.5.xml:453 sss-certmap.5.xml:481
 msgid ""
 "Example: (|(userPrincipal={subject_principal})"
 "(samAccountName={subject_principal.short_name}))"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:456
+#: sss-certmap.5.xml:458
 msgid "{subject_pkinit_principal[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:459
+#: sss-certmap.5.xml:461
 msgid ""
 "This template will add the Kerberos principal which is given by the SAN used "
 "by pkinit. The 'short_name' component represents the first part of the "
@@ -7990,19 +8044,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:465
+#: sss-certmap.5.xml:467
 msgid ""
 "Example: (|(userPrincipal={subject_pkinit_principal})"
 "(uid={subject_pkinit_principal.short_name}))"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:470
+#: sss-certmap.5.xml:472
 msgid "{subject_nt_principal[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:473
+#: sss-certmap.5.xml:475
 msgid ""
 "This template will add the Kerberos principal which is given by the SAN used "
 "by AD. The 'short_name' component represent the first part of the principal "
@@ -8010,12 +8064,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:484
+#: sss-certmap.5.xml:486
 msgid "{subject_rfc822_name[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:487
+#: sss-certmap.5.xml:489
 msgid ""
 "This template will add the string which is stored in the rfc822Name "
 "component of the SAN, typically an email address. The 'short_name' component "
@@ -8023,19 +8077,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:493
+#: sss-certmap.5.xml:495
 msgid ""
 "Example: (|(mail={subject_rfc822_name})(uid={subject_rfc822_name."
 "short_name}))"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:498
+#: sss-certmap.5.xml:500
 msgid "{subject_dns_name[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:501
+#: sss-certmap.5.xml:503
 msgid ""
 "This template will add the string which is stored in the dNSName component "
 "of the SAN, typically a fully-qualified host name.  The 'short_name' "
@@ -8043,116 +8097,116 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:507
+#: sss-certmap.5.xml:509
 msgid ""
 "Example: (|(fqdn={subject_dns_name})(host={subject_dns_name.short_name}))"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:512
+#: sss-certmap.5.xml:514
 msgid "{subject_uri}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:515
+#: sss-certmap.5.xml:517
 msgid ""
 "This template will add the string which is stored in the "
 "uniformResourceIdentifier component of the SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:519
+#: sss-certmap.5.xml:521
 msgid "Example: (uri={subject_uri})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:524
+#: sss-certmap.5.xml:526
 msgid "{subject_ip_address}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:527
+#: sss-certmap.5.xml:529
 msgid ""
 "This template will add the string which is stored in the iPAddress component "
 "of the SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:531
+#: sss-certmap.5.xml:533
 msgid "Example: (ip={subject_ip_address})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:536
+#: sss-certmap.5.xml:538
 msgid "{subject_x400_address}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:539
+#: sss-certmap.5.xml:541
 msgid ""
 "This template will add the value which is stored in the x400Address "
 "component of the SAN as escaped hex sequence."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:544
+#: sss-certmap.5.xml:546
 msgid "Example: (attr:binary={subject_x400_address})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:549
+#: sss-certmap.5.xml:551
 msgid ""
 "{subject_directory_name[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:552
+#: sss-certmap.5.xml:554
 msgid ""
 "This template will add the DN string of the value which is stored in the "
 "directoryName component of the SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:556
+#: sss-certmap.5.xml:558
 msgid "Example: (orig_dn={subject_directory_name})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:561
+#: sss-certmap.5.xml:563
 msgid "{subject_ediparty_name}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:564
+#: sss-certmap.5.xml:566
 msgid ""
 "This template will add the value which is stored in the ediPartyName "
 "component of the SAN as escaped hex sequence."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:569
+#: sss-certmap.5.xml:571
 msgid "Example: (attr:binary={subject_ediparty_name})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:574
+#: sss-certmap.5.xml:576
 msgid "{subject_registered_id}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:577
+#: sss-certmap.5.xml:579
 msgid ""
 "This template will add the OID which is stored in the registeredID component "
 "of the SAN as a dotted-decimal string."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:582
+#: sss-certmap.5.xml:584
 msgid "Example: (oid={subject_registered_id})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:367
+#: sss-certmap.5.xml:369
 msgid ""
 "The templates to add certificate data to the search filter are based on "
 "Python-style formatting strings. They consist of a keyword in curly braces "
@@ -8162,12 +8216,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sss-certmap.5.xml:590
+#: sss-certmap.5.xml:592
 msgid "DOMAIN LIST"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:592
+#: sss-certmap.5.xml:594
 msgid ""
 "If the domain list is not empty users mapped to a given certificate are not "
 "only searched in the local domain but in the listed domains as well as long "
@@ -8288,7 +8342,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:863
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:866
 msgid "dyndns_update (boolean)"
 msgstr ""
 
@@ -8303,7 +8357,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:140 sssd-ad.5.xml:877
+#: sssd-ipa.5.xml:140 sssd-ad.5.xml:880
 msgid ""
 "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
 "the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -8318,12 +8372,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:157 sssd-ad.5.xml:888
+#: sssd-ipa.5.xml:157 sssd-ad.5.xml:891
 msgid "dyndns_ttl (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:160 sssd-ad.5.xml:891
+#: sssd-ipa.5.xml:160 sssd-ad.5.xml:894
 msgid ""
 "The TTL to apply to the client DNS record when updating it.  If "
 "dyndns_update is false this has no effect. This will override the TTL "
@@ -8344,12 +8398,12 @@ msgid "Default: 1200 (seconds)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:177 sssd-ad.5.xml:902
+#: sssd-ipa.5.xml:177 sssd-ad.5.xml:905
 msgid "dyndns_iface (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:180 sssd-ad.5.xml:905
+#: sssd-ipa.5.xml:180 sssd-ad.5.xml:908
 msgid ""
 "Optional. Applicable only when dyndns_update is true. Choose the interface "
 "or a list of interfaces whose IP addresses should be used for dynamic DNS "
@@ -8373,17 +8427,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:197 sssd-ad.5.xml:916
+#: sssd-ipa.5.xml:197 sssd-ad.5.xml:919
 msgid "Example: dyndns_iface = em1, vnet1, vnet2"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:203 sssd-ad.5.xml:967
+#: sssd-ipa.5.xml:203 sssd-ad.5.xml:970
 msgid "dyndns_auth (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:206 sssd-ad.5.xml:970
+#: sssd-ipa.5.xml:206 sssd-ad.5.xml:973
 msgid ""
 "Whether the nsupdate utility should use GSS-TSIG authentication for secure "
 "updates with the DNS server, insecure updates can be sent by setting this "
@@ -8391,7 +8445,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:212 sssd-ad.5.xml:976
+#: sssd-ipa.5.xml:212 sssd-ad.5.xml:979
 msgid "Default: GSS-TSIG"
 msgstr ""
 
@@ -8401,7 +8455,7 @@ msgid "ipa_enable_dns_sites (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:221 sssd-ad.5.xml:210
+#: sssd-ipa.5.xml:221 sssd-ad.5.xml:213
 msgid "Enables DNS sites - location based service discovery."
 msgstr ""
 
@@ -8418,7 +8472,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:244 sssd-ad.5.xml:922
+#: sssd-ipa.5.xml:244 sssd-ad.5.xml:925
 msgid "dyndns_refresh_interval (integer)"
 msgstr ""
 
@@ -8431,12 +8485,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:940
+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:943
 msgid "dyndns_update_ptr (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:263 sssd-ad.5.xml:943
+#: sssd-ipa.5.xml:263 sssd-ad.5.xml:946
 msgid ""
 "Whether the PTR record should also be explicitly updated when updating the "
 "client's DNS records.  Applicable only when dyndns_update is true."
@@ -8455,50 +8509,50 @@ msgid "Default: False (disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:280 sssd-ad.5.xml:954
+#: sssd-ipa.5.xml:280 sssd-ad.5.xml:957
 msgid "dyndns_force_tcp (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:283 sssd-ad.5.xml:957
+#: sssd-ipa.5.xml:283 sssd-ad.5.xml:960
 msgid ""
 "Whether the nsupdate utility should default to using TCP for communicating "
 "with the DNS server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:287 sssd-ad.5.xml:961
+#: sssd-ipa.5.xml:287 sssd-ad.5.xml:964
 msgid "Default: False (let nsupdate choose the protocol)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:293 sssd-ad.5.xml:982
+#: sssd-ipa.5.xml:293 sssd-ad.5.xml:985
 msgid "dyndns_server (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:296 sssd-ad.5.xml:985
+#: sssd-ipa.5.xml:296 sssd-ad.5.xml:988
 msgid ""
 "The DNS server to use when performing a DNS update. In most setups, it's "
 "recommended to leave this option unset."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:301 sssd-ad.5.xml:990
+#: sssd-ipa.5.xml:301 sssd-ad.5.xml:993
 msgid ""
 "Setting this option makes sense for environments where the DNS server is "
 "different from the identity server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:306 sssd-ad.5.xml:995
+#: sssd-ipa.5.xml:306 sssd-ad.5.xml:998
 msgid ""
 "Please note that this option will be only used in fallback attempt when "
 "previous attempt using autodetected settings failed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1000
+#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1003
 msgid "Default: None (let nsupdate choose the server)"
 msgstr ""
 
@@ -8609,26 +8663,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:443 sssd-ad.5.xml:1009
+#: sssd-ipa.5.xml:443 sssd-ad.5.xml:1012
 msgid "krb5_confd_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:446 sssd-ad.5.xml:1012
+#: sssd-ipa.5.xml:446 sssd-ad.5.xml:1015
 msgid ""
 "Absolute path of a directory where SSSD should place Kerberos configuration "
 "snippets."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:450 sssd-ad.5.xml:1016
+#: sssd-ipa.5.xml:450 sssd-ad.5.xml:1019
 msgid ""
 "To disable the creation of the configuration snippets set the parameter to "
 "'none'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454 sssd-ad.5.xml:1020
+#: sssd-ipa.5.xml:454 sssd-ad.5.xml:1023
 msgid ""
 "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
 msgstr ""
@@ -8647,7 +8701,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471 sssd-ipa.5.xml:501 sssd-ipa.5.xml:517 sssd-ad.5.xml:428
+#: sssd-ipa.5.xml:471 sssd-ipa.5.xml:501 sssd-ipa.5.xml:517 sssd-ad.5.xml:431
 msgid "Default: 5 (seconds)"
 msgstr ""
 
@@ -9067,11 +9121,13 @@ msgid ""
 "POSIX attributes are not replicated to the Global Catalog, SSSD must search "
 "all the domains in the forest sequentially. Please note that the "
 "<quote>cache_first</quote> option might be also helpful in speeding up "
-"domainless searches."
+"domainless searches.  Note that if only a subset of POSIX attributes is "
+"present in the Global Catalog, the non-replicated attributes are currently "
+"not read from the LDAP port."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:105
+#: sssd-ad.5.xml:108
 msgid ""
 "Users, groups and other entities served by SSSD are always treated as case-"
 "insensitive in the AD provider for compatibility with Active Directory's "
@@ -9079,38 +9135,38 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:120
+#: sssd-ad.5.xml:123
 msgid "ad_domain (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:123
+#: sssd-ad.5.xml:126
 msgid ""
 "Specifies the name of the Active Directory domain.  This is optional. If not "
 "provided, the configuration domain name is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:128
+#: sssd-ad.5.xml:131
 msgid ""
 "For proper operation, this option should be specified as the lower-case "
 "version of the long version of the Active Directory domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:133
+#: sssd-ad.5.xml:136
 msgid ""
 "The short domain name (also known as the NetBIOS or the flat name) is "
 "autodetected by the SSSD."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:140
+#: sssd-ad.5.xml:143
 msgid "ad_enabled_domains (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:143
+#: sssd-ad.5.xml:146
 msgid ""
 "A comma-separated list of enabled Active Directory domains.  If provided, "
 "SSSD will ignore any domains not listed in this option. If left unset, all "
@@ -9118,7 +9174,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:153
+#: sssd-ad.5.xml:156
 #, no-wrap
 msgid ""
 "ad_enabled_domains = sales.example.com, eng.example.com\n"
@@ -9126,7 +9182,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:149
+#: sssd-ad.5.xml:152
 msgid ""
 "For proper operation, this option must be specified in all lower-case and as "
 "the fully qualified domain name of the Active Directory domain. For example: "
@@ -9134,19 +9190,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:157
+#: sssd-ad.5.xml:160
 msgid ""
 "The short domain name (also known as the NetBIOS or the flat name) will be "
 "autodetected by SSSD."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:167
+#: sssd-ad.5.xml:170
 msgid "ad_server, ad_backup_server (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:170
+#: sssd-ad.5.xml:173
 msgid ""
 "The comma-separated list of hostnames of the AD servers to which SSSD should "
 "connect in order of preference. For more information on failover and server "
@@ -9154,26 +9210,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:177
+#: sssd-ad.5.xml:180
 msgid ""
 "This is optional if autodiscovery is enabled.  For more information on "
 "service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:182
+#: sssd-ad.5.xml:185
 msgid ""
 "Note: Trusted domains will always auto-discover servers even if the primary "
 "server is explicitly defined in the ad_server option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:190
+#: sssd-ad.5.xml:193
 msgid "ad_hostname (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:193
+#: sssd-ad.5.xml:196
 msgid ""
 "Optional. May be set on machines where the hostname(5) does not reflect the "
 "fully qualified name used in the Active Directory domain to identify this "
@@ -9181,19 +9237,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:199
+#: sssd-ad.5.xml:202
 msgid ""
 "This field is used to determine the host principal in use in the keytab. It "
 "must match the hostname for which the keytab was issued."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:207
+#: sssd-ad.5.xml:210
 msgid "ad_enable_dns_sites (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:214
+#: sssd-ad.5.xml:217
 msgid ""
 "If true and service discovery (see Service Discovery paragraph at the bottom "
 "of the man page)  is enabled, the SSSD will first attempt to discover the "
@@ -9204,12 +9260,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:230
+#: sssd-ad.5.xml:233
 msgid "ad_access_filter (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:233
+#: sssd-ad.5.xml:236
 msgid ""
 "This option specifies LDAP access control filter that the user must match in "
 "order to be allowed access. Please note that the <quote>access_provider</"
@@ -9218,7 +9274,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:241
+#: sssd-ad.5.xml:244
 msgid ""
 "The option also supports specifying different filters per domain or forest. "
 "This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>.  "
@@ -9227,7 +9283,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:249
+#: sssd-ad.5.xml:252
 msgid ""
 "If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</"
 "quote> specifies the domain or subdomain the filter applies to.  If the "
@@ -9236,14 +9292,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:257
+#: sssd-ad.5.xml:260
 msgid ""
 "Multiple filters can be separated with the <quote>?</quote> character, "
 "similarly to how search bases work."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:262
+#: sssd-ad.5.xml:265
 msgid ""
 "Nested group membership must be searched for using a special OID "
 "<quote>:1.2.840.113556.1.4.1941:</quote> in addition to the full DOM:domain."
@@ -9256,7 +9312,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:275
+#: sssd-ad.5.xml:278
 msgid ""
 "The most specific match is always used. For example, if the option specified "
 "filter for a domain the user is a member of and a global filter, the per-"
@@ -9265,7 +9321,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ad.5.xml:286
+#: sssd-ad.5.xml:289
 #, no-wrap
 msgid ""
 "# apply filter on domain called dom1 only:\n"
@@ -9283,24 +9339,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:305
+#: sssd-ad.5.xml:308
 msgid "ad_site (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:308
+#: sssd-ad.5.xml:311
 msgid ""
 "Specify AD site to which client should try to connect.  If this option is "
 "not provided, the AD site will be auto-discovered."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:319
+#: sssd-ad.5.xml:322
 msgid "ad_enable_gc (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:322
+#: sssd-ad.5.xml:325
 msgid ""
 "By default, the SSSD connects to the Global Catalog first to retrieve users "
 "from trusted domains and uses the LDAP port to retrieve group memberships or "
@@ -9309,7 +9365,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:330
+#: sssd-ad.5.xml:333
 msgid ""
 "Please note that disabling Global Catalog support does not disable "
 "retrieving users from trusted domains. The SSSD would connect to the LDAP "
@@ -9318,12 +9374,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:344
+#: sssd-ad.5.xml:347
 msgid "ad_gpo_access_control (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:347
+#: sssd-ad.5.xml:350
 msgid ""
 "This option specifies the operation mode for GPO-based access control "
 "functionality: whether it operates in disabled mode, enforcing mode, or "
@@ -9333,14 +9389,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:356
+#: sssd-ad.5.xml:359
 msgid ""
 "GPO-based access control functionality uses GPO policy settings to determine "
 "whether or not a particular user is allowed to logon to a particular host."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:362
+#: sssd-ad.5.xml:365
 msgid ""
 "NOTE: The current version of SSSD does not support host (computer) entries "
 "in the GPO 'Security Filtering' list. Only user and group entries are "
@@ -9348,7 +9404,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:369
+#: sssd-ad.5.xml:372
 msgid ""
 "NOTE: If the operation mode is set to enforcing, it is possible that users "
 "that were previously allowed logon access will now be denied logon access "
@@ -9361,23 +9417,23 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:382
+#: sssd-ad.5.xml:385
 msgid "There are three supported values for this option:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:386
+#: sssd-ad.5.xml:389
 msgid ""
 "disabled: GPO-based access control rules are neither evaluated nor enforced."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:392
+#: sssd-ad.5.xml:395
 msgid "enforcing: GPO-based access control rules are evaluated and enforced."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:398
+#: sssd-ad.5.xml:401
 msgid ""
 "permissive: GPO-based access control rules are evaluated, but not enforced.  "
 "Instead, a syslog message will be emitted indicating that the user would "
@@ -9385,22 +9441,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:409
+#: sssd-ad.5.xml:412
 msgid "Default: permissive"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:412
+#: sssd-ad.5.xml:415
 msgid "Default: enforcing"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:418
+#: sssd-ad.5.xml:421
 msgid "ad_gpo_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:421
+#: sssd-ad.5.xml:424
 msgid ""
 "The amount of time between lookups of GPO policy files against the AD "
 "server. This will reduce the latency and load on the AD server if there are "
@@ -9408,12 +9464,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:434
+#: sssd-ad.5.xml:437
 msgid "ad_gpo_map_interactive (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:437
+#: sssd-ad.5.xml:440
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the InteractiveLogonRight and "
@@ -9421,14 +9477,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:443
+#: sssd-ad.5.xml:446
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Allow "
 "log on locally\" and \"Deny log on locally\"."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:457
+#: sssd-ad.5.xml:460
 #, no-wrap
 msgid ""
 "ad_gpo_map_interactive = +my_pam_service, -login\n"
@@ -9436,7 +9492,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:448
+#: sssd-ad.5.xml:451
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -9448,78 +9504,78 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:461 sssd-ad.5.xml:557 sssd-ad.5.xml:603 sssd-ad.5.xml:648
-#: sssd-ad.5.xml:714
+#: sssd-ad.5.xml:464 sssd-ad.5.xml:560 sssd-ad.5.xml:606 sssd-ad.5.xml:651
+#: sssd-ad.5.xml:717
 msgid "Default: the default set of PAM service names includes:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:465
+#: sssd-ad.5.xml:468
 msgid "login"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:470
+#: sssd-ad.5.xml:473
 msgid "su"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:475
+#: sssd-ad.5.xml:478
 msgid "su-l"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:480
+#: sssd-ad.5.xml:483
 msgid "gdm-fingerprint"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:485
+#: sssd-ad.5.xml:488
 msgid "gdm-password"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:490
+#: sssd-ad.5.xml:493
 msgid "gdm-smartcard"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:495
+#: sssd-ad.5.xml:498
 msgid "kdm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:500
+#: sssd-ad.5.xml:503
 msgid "lightdm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:505
+#: sssd-ad.5.xml:508
 msgid "lxdm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:510
+#: sssd-ad.5.xml:513
 msgid "sddm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:515
+#: sssd-ad.5.xml:518
 msgid "unity"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:520
+#: sssd-ad.5.xml:523
 msgid "xdm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:529
+#: sssd-ad.5.xml:532
 msgid "ad_gpo_map_remote_interactive (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:532
+#: sssd-ad.5.xml:535
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the RemoteInteractiveLogonRight and "
@@ -9527,7 +9583,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:538
+#: sssd-ad.5.xml:541
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Allow "
 "log on through Remote Desktop Services\" and \"Deny log on through Remote "
@@ -9535,7 +9591,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:553
+#: sssd-ad.5.xml:556
 #, no-wrap
 msgid ""
 "ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n"
@@ -9543,7 +9599,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:544
+#: sssd-ad.5.xml:547
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -9555,22 +9611,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:561
+#: sssd-ad.5.xml:564
 msgid "sshd"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:566
+#: sssd-ad.5.xml:569
 msgid "cockpit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:575
+#: sssd-ad.5.xml:578
 msgid "ad_gpo_map_network (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:578
+#: sssd-ad.5.xml:581
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the NetworkLogonRight and "
@@ -9578,7 +9634,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:584
+#: sssd-ad.5.xml:587
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Access "
 "this computer from the network\" and \"Deny access to this computer from the "
@@ -9586,7 +9642,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:599
+#: sssd-ad.5.xml:602
 #, no-wrap
 msgid ""
 "ad_gpo_map_network = +my_pam_service, -ftp\n"
@@ -9594,7 +9650,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:590
+#: sssd-ad.5.xml:593
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -9606,22 +9662,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:607
+#: sssd-ad.5.xml:610
 msgid "ftp"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:612
+#: sssd-ad.5.xml:615
 msgid "samba"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:621
+#: sssd-ad.5.xml:624
 msgid "ad_gpo_map_batch (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:624
+#: sssd-ad.5.xml:627
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the BatchLogonRight and DenyBatchLogonRight "
@@ -9629,14 +9685,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:630
+#: sssd-ad.5.xml:633
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Allow "
 "log on as a batch job\" and \"Deny log on as a batch job\"."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:644
+#: sssd-ad.5.xml:647
 #, no-wrap
 msgid ""
 "ad_gpo_map_batch = +my_pam_service, -crond\n"
@@ -9644,7 +9700,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:635
+#: sssd-ad.5.xml:638
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -9656,17 +9712,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:652
+#: sssd-ad.5.xml:655
 msgid "crond"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:661
+#: sssd-ad.5.xml:664
 msgid "ad_gpo_map_service (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:664
+#: sssd-ad.5.xml:667
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the ServiceLogonRight and "
@@ -9674,14 +9730,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:670
+#: sssd-ad.5.xml:673
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Allow "
 "log on as a service\" and \"Deny log on as a service\"."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:683
+#: sssd-ad.5.xml:686
 #, no-wrap
 msgid ""
 "ad_gpo_map_service = +my_pam_service\n"
@@ -9689,7 +9745,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:675 sssd-ad.5.xml:750
+#: sssd-ad.5.xml:678 sssd-ad.5.xml:753
 msgid ""
 "It is possible to add a PAM service name to the default set by using <quote>"
 "+service_name</quote>.  Since the default set is empty, it is not possible "
@@ -9700,19 +9756,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:693
+#: sssd-ad.5.xml:696
 msgid "ad_gpo_map_permit (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:696
+#: sssd-ad.5.xml:699
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access is "
 "always granted, regardless of any GPO Logon Rights."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:710
+#: sssd-ad.5.xml:713
 #, no-wrap
 msgid ""
 "ad_gpo_map_permit = +my_pam_service, -sudo\n"
@@ -9720,7 +9776,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:701
+#: sssd-ad.5.xml:704
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -9732,39 +9788,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:718
+#: sssd-ad.5.xml:721
 msgid "polkit-1"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:723
+#: sssd-ad.5.xml:726
 msgid "sudo"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:728
+#: sssd-ad.5.xml:731
 msgid "sudo-i"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:733
+#: sssd-ad.5.xml:736
 msgid "systemd-user"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:742
+#: sssd-ad.5.xml:745
 msgid "ad_gpo_map_deny (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:745
+#: sssd-ad.5.xml:748
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access is "
 "always denied, regardless of any GPO Logon Rights."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:758
+#: sssd-ad.5.xml:761
 #, no-wrap
 msgid ""
 "ad_gpo_map_deny = +my_pam_service\n"
@@ -9772,12 +9828,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:768
+#: sssd-ad.5.xml:771
 msgid "ad_gpo_default_right (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:771
+#: sssd-ad.5.xml:774
 msgid ""
 "This option defines how access control is evaluated for PAM service names "
 "that are not explicitly listed in one of the ad_gpo_map_* options. This "
@@ -9790,57 +9846,57 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:784
+#: sssd-ad.5.xml:787
 msgid "Supported values for this option include:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:788
+#: sssd-ad.5.xml:791
 msgid "interactive"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:793
+#: sssd-ad.5.xml:796
 msgid "remote_interactive"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:798
+#: sssd-ad.5.xml:801
 msgid "network"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:803
+#: sssd-ad.5.xml:806
 msgid "batch"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:808
+#: sssd-ad.5.xml:811
 msgid "service"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:813
+#: sssd-ad.5.xml:816
 msgid "permit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:818
+#: sssd-ad.5.xml:821
 msgid "deny"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:824
+#: sssd-ad.5.xml:827
 msgid "Default: deny"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:830
+#: sssd-ad.5.xml:833
 msgid "ad_maximum_machine_account_password_age (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:833
+#: sssd-ad.5.xml:836
 msgid ""
 "SSSD will check once a day if the machine account password is older than the "
 "given age in days and try to renew it. A value of 0 will disable the renewal "
@@ -9848,17 +9904,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:839
+#: sssd-ad.5.xml:842
 msgid "Default: 30 days"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:845
+#: sssd-ad.5.xml:848
 msgid "ad_machine_account_password_renewal_opts (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:848
+#: sssd-ad.5.xml:851
 msgid ""
 "This option should only be used to test the machine account renewal task. "
 "The option expects 2 integers separated by a colon (':'). The first integer "
@@ -9868,12 +9924,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:857
+#: sssd-ad.5.xml:860
 msgid "Default: 86400:750 (24h and 15m)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:866
+#: sssd-ad.5.xml:869
 msgid ""
 "Optional. This option tells SSSD to automatically update the Active "
 "Directory DNS server with the IP address of this client. The update is "
@@ -9884,19 +9940,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:896
+#: sssd-ad.5.xml:899
 msgid "Default: 3600 (seconds)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:912
+#: sssd-ad.5.xml:915
 msgid ""
 "Default: Use the IP addresses of the interface which is used for AD LDAP "
 "connection"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:925
+#: sssd-ad.5.xml:928
 msgid ""
 "How often should the back end perform periodic DNS update in addition to the "
 "automatic update performed when the back end goes online.  This option is "
@@ -9906,12 +9962,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:948 sss_rpcidmapd.5.xml:76
+#: sssd-ad.5.xml:951 sss_rpcidmapd.5.xml:76
 msgid "Default: True"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:1040
+#: sssd-ad.5.xml:1043
 msgid ""
 "The following example assumes that SSSD is correctly configured and example."
 "com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -9919,7 +9975,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:1047
+#: sssd-ad.5.xml:1050
 #, no-wrap
 msgid ""
 "[domain/EXAMPLE]\n"
@@ -9934,7 +9990,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:1067
+#: sssd-ad.5.xml:1070
 #, no-wrap
 msgid ""
 "access_provider = ldap\n"
@@ -9943,7 +9999,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:1063
+#: sssd-ad.5.xml:1066
 msgid ""
 "The AD access control provider checks if the account is expired.  It has the "
 "same effect as the following configuration of the LDAP provider: "
@@ -9951,7 +10007,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:1073
+#: sssd-ad.5.xml:1076
 msgid ""
 "However, unless the <quote>ad</quote> access control provider is explicitly "
 "configured, the default access provider is <quote>permit</quote>. Please "
@@ -9961,15 +10017,15 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:1081
+#: sssd-ad.5.xml:1084
 msgid ""
 "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
 "attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
 "are included in the default Active Directory schema."
 msgstr ""
 
-#. type: Content of: <reference><refentry><refmeta><refentrytitle>
-#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 sssd-session-recording.5.xml:10
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16
 msgid "sssd-sudo"
 msgstr ""
 
@@ -10478,7 +10534,7 @@ msgid "The password to obfuscate will be read from standard input."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:70
+#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:127
 #: sss_ssh_knownhostsproxy.1.xml:78
 msgid ""
 "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
@@ -12495,19 +12551,99 @@ msgid ""
 "\" id=\"0\"/>"
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sss_ssh_authorizedkeys.1.xml:65
+msgid "KEYS FROM CERTIFICATES"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:67
+msgid ""
+"In addition to the public SSH keys for user <replaceable>USER</replaceable> "
+"<command>sss_ssh_authorizedkeys</command> can return public SSH keys derived "
+"from the public key of a X.509 certificate as well."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:73
+msgid ""
+"To enable this the <quote>ssh_use_certificate_keys</quote> option must be "
+"set to true (default) in the [ssh] section of <filename>sssd.conf</"
+"filename>. If the user entry contains certificates (see "
+"<quote>ldap_user_certificate</quote> in <citerefentry><refentrytitle>sssd-"
+"ldap</refentrytitle> <manvolnum>5</manvolnum></citerefentry> for details) or "
+"there is a certificate in an override entry for the user (see "
+"<citerefentry><refentrytitle>sss_override</refentrytitle> <manvolnum>8</"
+"manvolnum></citerefentry> or <citerefentry><refentrytitle>sssd-ipa</"
+"refentrytitle> <manvolnum>5</manvolnum></citerefentry> for details) and the "
+"certificate is valid SSSD will extract the public key from the certificate "
+"and convert it into the format expected by sshd."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:90
+msgid "Besides <quote>ssh_use_certificate_keys</quote> the options"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+#: sss_ssh_authorizedkeys.1.xml:92
+msgid "ca_db"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+#: sss_ssh_authorizedkeys.1.xml:93
+msgid "p11_child_timeout"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+#: sss_ssh_authorizedkeys.1.xml:94
+msgid "certificate_verification"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:96
+msgid ""
+"can be used to control how the certificates are validated (see "
+"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry> for details)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:101
+msgid ""
+"The validation is the benefit of using X.509 certificates instead of SSH "
+"keys directly because e.g. it gives a better control of the lifetime of the "
+"keys. When the ssh client is configured to use the private keys from a "
+"Smartcard with the help of a PKCS#11 shared library (see "
+"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></"
+"citerefentry> for details) it might be irritating that authentication is "
+"still working even if the related X.509 certificate on the Smartcard is "
+"already expired because neither <command>ssh</command> nor <command>sshd</"
+"command> will look at the certificate at all."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:114
+msgid ""
+"It has to be noted that the derived public SSH key can still be added to the "
+"<filename>authorized_keys</filename> file of the user to bypass the "
+"certificate validation if the <command>sshd</command> configuration permits "
+"this."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_authorizedkeys.1.xml:75
+#: sss_ssh_authorizedkeys.1.xml:132
 msgid ""
 "Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_authorizedkeys.1.xml:84 sss_ssh_knownhostsproxy.1.xml:92
+#: sss_ssh_authorizedkeys.1.xml:141 sss_ssh_knownhostsproxy.1.xml:92
 msgid "EXIT STATUS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:86 sss_ssh_knownhostsproxy.1.xml:94
+#: sss_ssh_authorizedkeys.1.xml:143 sss_ssh_knownhostsproxy.1.xml:94
 msgid ""
 "In case of success, an exit value of 0 is returned. Otherwise, 1 is returned."
 msgstr ""
@@ -12708,25 +12844,61 @@ msgid ""
 "manvolnum> </citerefentry>."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-files.5.xml:69
+msgid "passwd_files (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:72
+msgid ""
+"Comma-separated list of one or multiple password filenames to be read and "
+"enumerated by the files provider, inotify monitor watches will be set on "
+"each file to detect changes dynamically."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:78
+msgid "Default: /etc/passwd"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-files.5.xml:84
+msgid "group_files (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:87
+msgid ""
+"Comma-separated list of one or multiple group filenames to be read and "
+"enumerated by the files provider, inotify monitor watches will be set on "
+"each file to detect changes dynamically."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:93
+msgid "Default: /etc/group"
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-files.5.xml:59
 msgid ""
-"The files provider has no specific options of its own, however, generic SSSD "
-"domain options can be set where applicable.  Refer to the section "
-"<quote>DOMAIN SECTIONS</quote> of the <citerefentry> <refentrytitle>sssd."
-"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page "
-"for details on the configuration of an SSSD domain."
+"In addition to the options listed below, generic SSSD domain options can be "
+"set where applicable.  Refer to the section <quote>DOMAIN SECTIONS</quote> "
+"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> manual page for details on the configuration of "
+"an SSSD domain.  <placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-files.5.xml:73
+#: sssd-files.5.xml:105
 msgid ""
 "The following example assumes that SSSD is correctly configured and files is "
 "one of the domains in the <replaceable>[sssd]</replaceable> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-files.5.xml:79
+#: sssd-files.5.xml:111
 #, no-wrap
 msgid ""
 "[domain/files]\n"
@@ -13495,7 +13667,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-session-recording.5.xml:16
+#: sssd-session-recording.5.xml:10 sssd-session-recording.5.xml:16
 msgid "sssd-session-recording"
 msgstr ""
 
@@ -14346,7 +14518,7 @@ msgstr ""
 #: include/failover.xml:100
 msgid ""
 "For LDAP-based providers, the resolve operation is performed as part of an "
-"LDAP connection operation. Thefore, also the <quote>ldap_opt_timeout></"
+"LDAP connection operation. Therefore, also the <quote>ldap_opt_timeout></"
 "quote> timeout should be set to a larger value than "
 "<quote>dns_resolver_timeout</quote> which in turn should be set to a larger "
 "value than <quote>dns_resolver_op_timeout</quote>."
@@ -15184,6 +15356,23 @@ msgstr ""
 msgid "ldap_use_tokengroups = true"
 msgstr ""
 
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ad_modified_defaults.xml:63
+msgid "ldap_sasl_authid = sAMAccountName@REALM (typically SHORTNAME$@REALM)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ad_modified_defaults.xml:66
+msgid ""
+"The AD provider looks for a different principal than the LDAP provider by "
+"default, because in an Active Directory environment the principals are "
+"divided into two groups - User Principals and Service Principals. Only User "
+"Principal can be used to obtain a TGT and by default, computer object's "
+"principal is constructed from its sAMAccountName and the AD realm. The well-"
+"known host/hostname@REALM principal is a Service Principal and thus cannot "
+"be used to get a TGT with."
+msgstr ""
+
 #. type: Content of: <refsect1><para>
 #: include/ipa_modified_defaults.xml:4
 msgid ""
diff --git a/src/man/po/ru.po b/src/man/po/ru.po
index e0f90a8..c73472f 100644
--- a/src/man/po/ru.po
+++ b/src/man/po/ru.po
@@ -6,10 +6,10 @@
 # Artyom Kunyov <artkun@guitarplayer.ru>, 2012
 msgid ""
 msgstr ""
-"Project-Id-Version: sssd-docs 1.15.3\n"
+"Project-Id-Version: sssd-docs 1.16.1\n"
 "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2018-03-09 12:30+0100\n"
-"PO-Revision-Date: 2014-12-15 12:07-0500\n"
+"POT-Creation-Date: 2018-06-08 21:00+0200\n"
+"PO-Revision-Date: 2014-12-15 12:07+0000\n"
 "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
 "Language-Team: Russian (http://www.transifex.com/projects/p/sssd/language/"
 "ru/)\n"
@@ -19,7 +19,7 @@ msgstr ""
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n"
 "%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n"
-"X-Generator: Zanata 3.9.6\n"
+"X-Generator: Zanata 4.4.5\n"
 
 #. type: Content of: <reference><title>
 #: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
@@ -90,7 +90,7 @@ msgstr ""
 #: sss_groupmod.8.xml:39 pam_sss.8.xml:64 sssd.8.xml:42 sss_obfuscate.8.xml:58
 #: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
 #: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
-#: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:66
+#: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:123
 #: sss_ssh_knownhostsproxy.1.xml:62
 msgid "OPTIONS"
 msgstr "ОПЦИИ"
@@ -186,7 +186,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd.conf.5.xml:41
 msgid ""
-"A line comment starts with a hash sign (<quote>#</quote>) or a semicolon "
+"A comment line starts with a hash sign (<quote>#</quote>) or a semicolon "
 "(<quote>;</quote>).  Inline comments are not supported."
 msgstr ""
 
@@ -294,11 +294,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:133 sssd.conf.5.xml:543 sssd.conf.5.xml:837
-#: sssd.conf.5.xml:1474 sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1937
-#: sssd-ldap.5.xml:1999 sssd-ldap.5.xml:2565 sssd-ldap.5.xml:2630
-#: sssd-ldap.5.xml:2648 sssd-ad.5.xml:224 sssd-ad.5.xml:338 sssd-ad.5.xml:882
-#: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
+#: sssd.conf.5.xml:133 sssd.conf.5.xml:543 sssd.conf.5.xml:839
+#: sssd.conf.5.xml:1491 sssd.conf.5.xml:1521 sssd-ldap.5.xml:1840
+#: sssd-ldap.5.xml:1937 sssd-ldap.5.xml:1999 sssd-ldap.5.xml:2565
+#: sssd-ldap.5.xml:2630 sssd-ldap.5.xml:2648 sssd-ad.5.xml:227
+#: sssd-ad.5.xml:341 sssd-ad.5.xml:885 sssd-krb5.5.xml:499
+#: sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
 msgid "Default: true"
 msgstr ""
 
@@ -315,8 +316,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:146 sssd.conf.5.xml:540 sssd.conf.5.xml:721
-#: sssd.conf.5.xml:1407 sssd.conf.5.xml:2925 sssd-ldap.5.xml:708
+#: sssd.conf.5.xml:146 sssd.conf.5.xml:540 sssd.conf.5.xml:722
+#: sssd.conf.5.xml:1424 sssd.conf.5.xml:2983 sssd-ldap.5.xml:708
 #: sssd-ldap.5.xml:1714 sssd-ldap.5.xml:1733 sssd-ldap.5.xml:1909
 #: sssd-ldap.5.xml:2335 sssd-ipa.5.xml:151 sssd-ipa.5.xml:238
 #: sssd-ipa.5.xml:559 sssd-krb5.5.xml:266 sssd-krb5.5.xml:300
@@ -350,7 +351,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:169 sssd.conf.5.xml:1359 sssd.conf.5.xml:2941
+#: sssd.conf.5.xml:169 sssd.conf.5.xml:1376 sssd.conf.5.xml:2999
 #: sssd-ldap.5.xml:1585 include/ldap_id_mapping.xml:264
 msgid "Default: 10"
 msgstr "По умолчанию: 10"
@@ -366,7 +367,7 @@ msgid "The [sssd] section"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:191 sssd.conf.5.xml:3030
+#: sssd.conf.5.xml:191 sssd.conf.5.xml:3088
 msgid "Section parameters"
 msgstr ""
 
@@ -414,19 +415,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231 sssd.conf.5.xml:613
+#: sssd.conf.5.xml:231 sssd.conf.5.xml:614
 msgid "reconnection_retries (integer)"
 msgstr "попыток_соединения (целое число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:234 sssd.conf.5.xml:616
+#: sssd.conf.5.xml:234 sssd.conf.5.xml:617
 msgid ""
 "Number of times services should attempt to reconnect in the event of a Data "
 "Provider crash or restart before they give up"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:239 sssd.conf.5.xml:621
+#: sssd.conf.5.xml:239 sssd.conf.5.xml:622
 msgid "Default: 3"
 msgstr "По умолчанию: 3"
 
@@ -446,7 +447,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:259 sssd.conf.5.xml:2539
+#: sssd.conf.5.xml:259 sssd.conf.5.xml:2597
 msgid "re_expression (string)"
 msgstr ""
 
@@ -466,12 +467,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:276 sssd.conf.5.xml:2590
+#: sssd.conf.5.xml:276 sssd.conf.5.xml:2648
 msgid "full_name_format (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:279 sssd.conf.5.xml:2593
+#: sssd.conf.5.xml:279 sssd.conf.5.xml:2651
 msgid ""
 "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
 "manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -479,39 +480,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:290 sssd.conf.5.xml:2604
+#: sssd.conf.5.xml:290 sssd.conf.5.xml:2662
 msgid "%1$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:291 sssd.conf.5.xml:2605
+#: sssd.conf.5.xml:291 sssd.conf.5.xml:2663
 msgid "user name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:294 sssd.conf.5.xml:2608
+#: sssd.conf.5.xml:294 sssd.conf.5.xml:2666
 msgid "%2$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:297 sssd.conf.5.xml:2611
+#: sssd.conf.5.xml:297 sssd.conf.5.xml:2669
 msgid "domain name as specified in the SSSD config file."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:303 sssd.conf.5.xml:2617
+#: sssd.conf.5.xml:303 sssd.conf.5.xml:2675
 msgid "%3$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:306 sssd.conf.5.xml:2620
+#: sssd.conf.5.xml:306 sssd.conf.5.xml:2678
 msgid ""
 "domain flat name. Mostly usable for Active Directory domains, both directly "
 "configured or discovered via IPA trusts."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:287 sssd.conf.5.xml:2601
+#: sssd.conf.5.xml:287 sssd.conf.5.xml:2659
 msgid ""
 "The following expansions are supported: <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
@@ -635,9 +636,9 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:418 sssd.conf.5.xml:1163 sssd-ldap.5.xml:679
+#: sssd.conf.5.xml:418 sssd.conf.5.xml:1165 sssd-ldap.5.xml:679
 #: sssd-ldap.5.xml:1319 sssd-ldap.5.xml:1673 sssd-ldap.5.xml:1685
-#: sssd-ldap.5.xml:1767 sssd-ad.5.xml:687 sssd-ad.5.xml:762 sssd.8.xml:126
+#: sssd-ldap.5.xml:1767 sssd-ad.5.xml:690 sssd-ad.5.xml:765 sssd.8.xml:126
 #: sssd-krb5.5.xml:410 sssd-krb5.5.xml:556 sssd-secrets.5.xml:339
 #: sssd-secrets.5.xml:377 sssd-secrets.5.xml:390 sssd-secrets.5.xml:404
 #: sssd-secrets.5.xml:415 include/ldap_id_mapping.xml:205
@@ -815,21 +816,22 @@ msgstr ""
 #: sssd.conf.5.xml:563
 msgid ""
 "Please, note that when this option is set the output format of all commands "
-"is always fully-qualified even when using short names for input.  In case "
-"the administrator wants the output not fully-qualified, the full_name_format "
-"option can be used as shown below: <quote>full_name_format=%1$s</quote> "
-"However, keep in mind that during login, login applications often "
-"canonicalize the username by calling <citerefentry> <refentrytitle>getpwnam</"
-"refentrytitle> <manvolnum>3</manvolnum> </citerefentry> which, if a "
-"shortname is returned for a qualified input (while trying to reach a user "
-"which exists in multiple domains) might re-route the login attempt into the "
-"domain which users shortnames, making this workaround totally not "
-"recommended in cases where usernames may overlap between domains."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587 sssd.conf.5.xml:1371 sssd.conf.5.xml:2991
-#: sssd-ad.5.xml:161 sssd-ad.5.xml:299 sssd-ad.5.xml:313
+"is always fully-qualified even when using short names for input, for all "
+"users but the ones managed by the files provider.  In case the administrator "
+"wants the output not fully-qualified, the full_name_format option can be "
+"used as shown below: <quote>full_name_format=%1$s</quote> However, keep in "
+"mind that during login, login applications often canonicalize the username "
+"by calling <citerefentry> <refentrytitle>getpwnam</refentrytitle> "
+"<manvolnum>3</manvolnum> </citerefentry> which, if a shortname is returned "
+"for a qualified input (while trying to reach a user which exists in multiple "
+"domains) might re-route the login attempt into the domain which uses "
+"shortnames, making this workaround totally not recommended in cases where "
+"usernames may overlap between domains."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:588 sssd.conf.5.xml:1388 sssd.conf.5.xml:3049
+#: sssd-ad.5.xml:164 sssd-ad.5.xml:302 sssd-ad.5.xml:316
 msgid "Default: Not set"
 msgstr ""
 
@@ -845,12 +847,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:598
+#: sssd.conf.5.xml:599
 msgid "SERVICES SECTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:600
+#: sssd.conf.5.xml:601
 msgid ""
 "Settings that can be used to configure different services are described in "
 "this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -859,22 +861,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:607
+#: sssd.conf.5.xml:608
 msgid "General service configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:609
+#: sssd.conf.5.xml:610
 msgid "These options can be used to configure any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:626
+#: sssd.conf.5.xml:627
 msgid "fd_limit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:629
+#: sssd.conf.5.xml:630
 msgid ""
 "This option specifies the maximum number of file descriptors that may be "
 "opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -884,17 +886,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:638
+#: sssd.conf.5.xml:639
 msgid "Default: 8192 (or limits.conf \"hard\" limit)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:643
+#: sssd.conf.5.xml:644
 msgid "client_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:646
+#: sssd.conf.5.xml:647
 msgid ""
 "This option specifies the number of seconds that a client of an SSSD process "
 "can hold onto a file descriptor without communicating on it. This value is "
@@ -904,18 +906,18 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:655 sssd.conf.5.xml:687 sssd.conf.5.xml:968
-#: sssd.conf.5.xml:1229 sssd-ldap.5.xml:1412
+#: sssd.conf.5.xml:656 sssd.conf.5.xml:688 sssd.conf.5.xml:970
+#: sssd.conf.5.xml:1231 sssd-ldap.5.xml:1412
 msgid "Default: 60"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:660
+#: sssd.conf.5.xml:661
 msgid "offline_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:663
+#: sssd.conf.5.xml:664
 msgid ""
 "When SSSD switches to offline mode the amount of time before it tries to go "
 "back online will increase based upon the time spent disconnected.  This "
@@ -923,24 +925,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:670
+#: sssd.conf.5.xml:671
 msgid "offline_timeout + random_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:673
+#: sssd.conf.5.xml:674
 msgid ""
 "The random offset can increment up to 30 seconds.  After each unsuccessful "
 "attempt to go online, the new interval is recalculated by the following:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:678
+#: sssd.conf.5.xml:679
 msgid "new_interval = old_interval*2 + random_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:681
+#: sssd.conf.5.xml:682
 msgid ""
 "Note that the maximum length of each interval is currently limited to one "
 "hour. If the calculated length of new_interval is greater than an hour, it "
@@ -948,12 +950,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:692
+#: sssd.conf.5.xml:693
 msgid "responder_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:695
+#: sssd.conf.5.xml:696
 msgid ""
 "This option specifies the number of seconds that an SSSD responder process "
 "can be up without being used. This value is limited in order to avoid "
@@ -965,58 +967,58 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:709 sssd.conf.5.xml:981 sssd.conf.5.xml:1566
+#: sssd.conf.5.xml:710 sssd.conf.5.xml:983 sssd.conf.5.xml:1616
 #: sssd-ldap.5.xml:722
 msgid "Default: 300"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:714
+#: sssd.conf.5.xml:715
 msgid "cache_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:717
+#: sssd.conf.5.xml:718
 msgid ""
 "This option specifies whether the responder should query all caches before "
 "querying the Data Providers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:729
+#: sssd.conf.5.xml:730
 msgid "NSS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:731
+#: sssd.conf.5.xml:732
 msgid ""
 "These options can be used to configure the Name Service Switch (NSS) service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:736
+#: sssd.conf.5.xml:737
 msgid "enum_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:739
+#: sssd.conf.5.xml:740
 msgid ""
 "How many seconds should nss_sss cache enumerations (requests for info about "
 "all users)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:743
+#: sssd.conf.5.xml:744
 msgid "Default: 120"
 msgstr "По умолчанию: 120"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:748
+#: sssd.conf.5.xml:749
 msgid "entry_cache_nowait_percentage (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:751
+#: sssd.conf.5.xml:752
 msgid ""
 "The entry cache can be set to automatically update entries in the background "
 "if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -1024,7 +1026,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:757
+#: sssd.conf.5.xml:758
 msgid ""
 "For example, if the domain's entry_cache_timeout is set to 30s and "
 "entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -1034,7 +1036,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:767
+#: sssd.conf.5.xml:768
 msgid ""
 "Valid values for this option are 0-99 and represent a percentage of the "
 "entry_cache_timeout for each domain. For performance reasons, this "
@@ -1043,17 +1045,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:775 sssd.conf.5.xml:1428
+#: sssd.conf.5.xml:776 sssd.conf.5.xml:1445
 msgid "Default: 50"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:780
+#: sssd.conf.5.xml:781
 msgid "entry_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:784
 msgid ""
 "Specifies for how many seconds nss_sss should cache negative cache hits "
 "(that is, queries for invalid database entries, like nonexistent ones)  "
@@ -1061,34 +1063,37 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:789 sssd.conf.5.xml:1452
+#: sssd.conf.5.xml:790 sssd.conf.5.xml:1469
 msgid "Default: 15"
 msgstr "По умолчанию: 15"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:794
+#: sssd.conf.5.xml:795
 msgid "local_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:797
+#: sssd.conf.5.xml:798
 msgid ""
 "Specifies for how many seconds nss_sss should keep local users and groups in "
-"negative cache before trying to look it up in the back end again."
+"negative cache before trying to look it up in the back end again. Setting "
+"the option to 0 disables this feature."
 msgstr ""
 
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:802 sssd.conf.5.xml:1217 sssd.conf.5.xml:2846 sssd.8.xml:79
-msgid "Default: 0"
-msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:804
+#, fuzzy
+#| msgid "Default: 10"
+msgid "Default: 14400 (4 hours)"
+msgstr "По умолчанию: 10"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:807
+#: sssd.conf.5.xml:809
 msgid "filter_users, filter_groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:810
+#: sssd.conf.5.xml:812
 msgid ""
 "Exclude certain users or groups from being fetched from the sss NSS "
 "database. This is particularly useful for system accounts. This option can "
@@ -1097,7 +1102,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:817
+#: sssd.conf.5.xml:819
 msgid ""
 "NOTE: The filter_groups option doesn't affect inheritance of nested group "
 "members, since filtering happens after they are propagated for returning via "
@@ -1106,41 +1111,41 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:825
+#: sssd.conf.5.xml:827
 msgid "Default: root"
 msgstr "По умолчанию: root"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:830
+#: sssd.conf.5.xml:832
 msgid "filter_users_in_groups (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:833
+#: sssd.conf.5.xml:835
 msgid ""
 "If you want filtered user still be group members set this option to false."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:844
+#: sssd.conf.5.xml:846
 msgid "fallback_homedir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:849
 msgid ""
 "Set a default template for a user's home directory if one is not specified "
 "explicitly by the domain's data provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:852
+#: sssd.conf.5.xml:854
 msgid ""
 "The available values for this option are the same as for override_homedir."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:858
+#: sssd.conf.5.xml:860
 #, no-wrap
 msgid ""
 "fallback_homedir = /home/%u\n"
@@ -1148,23 +1153,23 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:856 sssd.conf.5.xml:1296 sssd.conf.5.xml:1315
+#: sssd.conf.5.xml:858 sssd.conf.5.xml:1298 sssd.conf.5.xml:1317
 #: sssd-krb5.5.xml:539 include/override_homedir.xml:59
 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:862
+#: sssd.conf.5.xml:864
 msgid "Default: not set (no substitution for unset home directories)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:870
 msgid "override_shell (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:873
 msgid ""
 "Override the login shell for all users. This option supersedes any other "
 "shell options if it takes effect and can be set either in the [nss] section "
@@ -1172,47 +1177,47 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:877
+#: sssd.conf.5.xml:879
 msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:883
+#: sssd.conf.5.xml:885
 msgid "allowed_shells (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:886
+#: sssd.conf.5.xml:888
 msgid ""
 "Restrict user shell to one of the listed values. The order of evaluation is:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:889
+#: sssd.conf.5.xml:891
 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:895
 msgid ""
 "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
 "quote>, use the value of the shell_fallback parameter."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:898
+#: sssd.conf.5.xml:900
 msgid ""
 "3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
 "shells</quote>, a nologin shell is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:903
+#: sssd.conf.5.xml:905
 msgid "The wildcard (*) can be used to allow any shell."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:906
+#: sssd.conf.5.xml:908
 msgid ""
 "The (*) is useful if you want to use shell_fallback in case that user's "
 "shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -1220,112 +1225,112 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:913
+#: sssd.conf.5.xml:915
 msgid "An empty string for shell is passed as-is to libc."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:918
 msgid ""
 "The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
 "that a restart of the SSSD is required in case a new shell is installed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:920
+#: sssd.conf.5.xml:922
 msgid "Default: Not set. The user shell is automatically used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:925
+#: sssd.conf.5.xml:927
 msgid "vetoed_shells (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:928
+#: sssd.conf.5.xml:930
 msgid "Replace any instance of these shells with the shell_fallback"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:933
+#: sssd.conf.5.xml:935
 msgid "shell_fallback (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:936
+#: sssd.conf.5.xml:938
 msgid ""
 "The default shell to use if an allowed shell is not installed on the machine."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
+#: sssd.conf.5.xml:942
 msgid "Default: /bin/sh"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:945
+#: sssd.conf.5.xml:947
 msgid "default_shell"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:950
 msgid ""
 "The default shell to use if the provider does not return one during lookup. "
 "This option can be specified globally in the [nss] section or per-domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:956
 msgid ""
 "Default: not set (Return NULL if no shell is specified and rely on libc to "
 "substitute something sensible when necessary, usually /bin/sh)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:961 sssd.conf.5.xml:1222
+#: sssd.conf.5.xml:963 sssd.conf.5.xml:1224
 msgid "get_domains_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:964 sssd.conf.5.xml:1225
+#: sssd.conf.5.xml:966 sssd.conf.5.xml:1227
 msgid ""
 "Specifies time in seconds for which the list of subdomains will be "
 "considered valid."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:973
+#: sssd.conf.5.xml:975
 msgid "memcache_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:976
+#: sssd.conf.5.xml:978
 msgid ""
 "Specifies time in seconds for which records in the in-memory cache will be "
 "valid. Setting this option to zero will disable the in-memory cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:984
+#: sssd.conf.5.xml:986
 msgid ""
 "WARNING: Disabling the in-memory cache will have significant negative impact "
 "on SSSD's performance and should only be used for testing."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:990
+#: sssd.conf.5.xml:992
 msgid ""
 "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
 "client applications will not use the fast in-memory cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:998 sssd-ifp.5.xml:74
+#: sssd.conf.5.xml:1000 sssd-ifp.5.xml:74
 msgid "user_attributes (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1001
+#: sssd.conf.5.xml:1003
 msgid ""
 "Some of the additional NSS responder requests can return more attributes "
 "than just the POSIX ones defined by the NSS interface. The list of "
@@ -1336,96 +1341,96 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1014
+#: sssd.conf.5.xml:1016
 msgid ""
 "To make configuration more easy the NSS responder will check the InfoPipe "
 "option if it is not set for the NSS responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1019
+#: sssd.conf.5.xml:1021
 msgid "Default: not set, fallback to InfoPipe option"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1026
 msgid "pwfield (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1029
 msgid ""
 "The value that NSS operations that return users or groups will return for "
 "the <quote>password</quote> field."
 msgstr ""
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:1032 include/override_homedir.xml:56
+#: sssd.conf.5.xml:1034 include/override_homedir.xml:56
 msgid "This option can also be set per-domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1035
+#: sssd.conf.5.xml:1037
 msgid ""
 "Default: <quote>*</quote> (remote domains)  or <quote>x</quote> (the files "
 "domain)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1043
+#: sssd.conf.5.xml:1045
 msgid "PAM configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1047
 msgid ""
 "These options can be used to configure the Pluggable Authentication Module "
 "(PAM) service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1050
+#: sssd.conf.5.xml:1052
 msgid "offline_credentials_expiration (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1053
+#: sssd.conf.5.xml:1055
 msgid ""
 "If the authentication provider is offline, how long should we allow cached "
 "logins (in days since the last successful online login)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1058 sssd.conf.5.xml:1071
+#: sssd.conf.5.xml:1060 sssd.conf.5.xml:1073
 msgid "Default: 0 (No limit)"
 msgstr "По умолчанию: 0 (неограничено)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1064
+#: sssd.conf.5.xml:1066
 msgid "offline_failed_login_attempts (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1067
+#: sssd.conf.5.xml:1069
 msgid ""
 "If the authentication provider is offline, how many failed login attempts "
 "are allowed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1077
+#: sssd.conf.5.xml:1079
 msgid "offline_failed_login_delay (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1080
+#: sssd.conf.5.xml:1082
 msgid ""
 "The time in minutes which has to pass after offline_failed_login_attempts "
 "has been reached before a new login attempt is possible."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1085
+#: sssd.conf.5.xml:1087
 msgid ""
 "If set to 0 the user cannot authenticate offline if "
 "offline_failed_login_attempts has been reached. Only a successful online "
@@ -1433,59 +1438,59 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1091 sssd.conf.5.xml:1189
+#: sssd.conf.5.xml:1093 sssd.conf.5.xml:1191
 msgid "Default: 5"
 msgstr "По умолчанию: 5"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1097
+#: sssd.conf.5.xml:1099
 msgid "pam_verbosity (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1100
+#: sssd.conf.5.xml:1102
 msgid ""
 "Controls what kind of messages are shown to the user during authentication. "
 "The higher the number to more messages are displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1105
+#: sssd.conf.5.xml:1107
 msgid "Currently sssd supports the following values:"
 msgstr "В настоящее время sssd поддерживает следующие значения:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1108
+#: sssd.conf.5.xml:1110
 msgid "<emphasis>0</emphasis>: do not show any message"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1111
+#: sssd.conf.5.xml:1113
 msgid "<emphasis>1</emphasis>: show only important messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1115
+#: sssd.conf.5.xml:1117
 msgid "<emphasis>2</emphasis>: show informational messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1118
+#: sssd.conf.5.xml:1120
 msgid "<emphasis>3</emphasis>: show all messages and debug information"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1122 sssd.8.xml:63
+#: sssd.conf.5.xml:1124 sssd.8.xml:63
 msgid "Default: 1"
 msgstr "По умолчанию: 1"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1128
+#: sssd.conf.5.xml:1130
 msgid "pam_response_filter (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1131
+#: sssd.conf.5.xml:1133
 msgid ""
 "A comma separated list of strings which allows to remove (filter) data sent "
 "by the PAM responder to pam_sss PAM module. There are different kind of "
@@ -1494,61 +1499,61 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1139
+#: sssd.conf.5.xml:1141
 msgid ""
 "While messages already can be controlled with the help of the pam_verbosity "
 "option this option allows to filter out other kind of responses as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1148
 msgid "ENV"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1147
+#: sssd.conf.5.xml:1149
 msgid "Do not send any environment variables to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1150
+#: sssd.conf.5.xml:1152
 msgid "ENV:var_name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1151
+#: sssd.conf.5.xml:1153
 msgid "Do not send environment variable var_name to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1155
+#: sssd.conf.5.xml:1157
 msgid "ENV:var_name:service"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1156
+#: sssd.conf.5.xml:1158
 msgid "Do not send environment variable var_name to service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1144
+#: sssd.conf.5.xml:1146
 msgid ""
 "Currently the following filters are supported: <placeholder type="
 "\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1166
+#: sssd.conf.5.xml:1168
 msgid "Example: ENV:KRB5CCNAME:sudo-i"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1174
 msgid "pam_id_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1175
+#: sssd.conf.5.xml:1177
 msgid ""
 "For any PAM request while SSSD is online, the SSSD will attempt to "
 "immediately update the cached identity information for the user in order to "
@@ -1556,7 +1561,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1181
+#: sssd.conf.5.xml:1183
 msgid ""
 "A complete PAM conversation may perform multiple PAM requests, such as "
 "account management and session opening. This option controls (on a per-"
@@ -1565,17 +1570,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1195
+#: sssd.conf.5.xml:1197
 msgid "pam_pwd_expiration_warning (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1198 sssd.conf.5.xml:2028
+#: sssd.conf.5.xml:1200 sssd.conf.5.xml:2078
 msgid "Display a warning N days before the password expires."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1201
+#: sssd.conf.5.xml:1203
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -1583,26 +1588,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1207 sssd.conf.5.xml:2031
+#: sssd.conf.5.xml:1209 sssd.conf.5.xml:2081
 msgid ""
 "If zero is set, then this filter is not applied, i.e. if the expiration "
 "warning was received from backend server, it will automatically be displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1212
+#: sssd.conf.5.xml:1214
 msgid ""
 "This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
 "emphasis> for a particular domain."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1219 sssd.conf.5.xml:2904 sssd.8.xml:79
+msgid "Default: 0"
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1234
+#: sssd.conf.5.xml:1236
 msgid "pam_trusted_users (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1237
+#: sssd.conf.5.xml:1239
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to run PAM conversations against trusted domains.  Users not "
@@ -1612,74 +1622,74 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1247
+#: sssd.conf.5.xml:1249
 msgid "Default: All users are considered trusted by default"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1251
+#: sssd.conf.5.xml:1253
 msgid ""
 "Please note that UID 0 is always allowed to access the PAM responder even in "
 "case it is not in the pam_trusted_users list."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1258
+#: sssd.conf.5.xml:1260
 msgid "pam_public_domains (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1261
+#: sssd.conf.5.xml:1263
 msgid ""
 "Specifies the comma-separated list of domain names that are accessible even "
 "to untrusted users."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1265
+#: sssd.conf.5.xml:1267
 msgid "Two special values for pam_public_domains option are defined:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1269
+#: sssd.conf.5.xml:1271
 msgid ""
 "all (Untrusted users are allowed to access all domains in PAM responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1273
+#: sssd.conf.5.xml:1275
 msgid ""
 "none (Untrusted users are not allowed to access any domains PAM in "
 "responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1277 sssd.conf.5.xml:1302 sssd.conf.5.xml:1321
-#: sssd.conf.5.xml:1825 sssd.conf.5.xml:2782 sssd-ldap.5.xml:1968
+#: sssd.conf.5.xml:1279 sssd.conf.5.xml:1304 sssd.conf.5.xml:1323
+#: sssd.conf.5.xml:1875 sssd.conf.5.xml:2840 sssd-ldap.5.xml:1968
 msgid "Default: none"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1282
+#: sssd.conf.5.xml:1284
 msgid "pam_account_expired_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1285
+#: sssd.conf.5.xml:1287
 msgid ""
 "Allows a custom expiration message to be set, replacing the default "
 "'Permission denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1290
+#: sssd.conf.5.xml:1292
 msgid ""
 "Note: Please be aware that message is only printed for the SSH service "
 "unless pam_verbosity is set to 3 (show all messages and debug information)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1298
+#: sssd.conf.5.xml:1300
 #, no-wrap
 msgid ""
 "pam_account_expired_message = Account expired, please contact help desk.\n"
@@ -1687,19 +1697,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1307
+#: sssd.conf.5.xml:1309
 msgid "pam_account_locked_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1310
+#: sssd.conf.5.xml:1312
 msgid ""
 "Allows a custom lockout message to be set, replacing the default 'Permission "
 "denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1317
+#: sssd.conf.5.xml:1319
 #, no-wrap
 msgid ""
 "pam_account_locked_message = Account locked, please contact help desk.\n"
@@ -1707,12 +1717,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1326
+#: sssd.conf.5.xml:1328
 msgid "pam_cert_auth (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1329
+#: sssd.conf.5.xml:1331
 msgid ""
 "Enable certificate based Smartcard authentication.  Since this requires "
 "additional communication with the Smartcard which will delay the "
@@ -1720,58 +1730,82 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1335 sssd.conf.5.xml:2875 sssd-ldap.5.xml:1087
+#: sssd.conf.5.xml:1337 sssd.conf.5.xml:2933 sssd-ldap.5.xml:1087
 #: sssd-ldap.5.xml:1114 sssd-ldap.5.xml:1514 sssd-ldap.5.xml:1535
 #: sssd-ldap.5.xml:2041 include/ldap_id_mapping.xml:244
 msgid "Default: False"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1340
+#: sssd.conf.5.xml:1342
 msgid "pam_cert_db_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1343
+#: sssd.conf.5.xml:1345
 msgid ""
 "The path to the certificate database which contain the PKCS#11 modules to "
 "access the Smartcard."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1347
-msgid "Default: /etc/pki/nssdb (NSS version)"
+#: sssd.conf.5.xml:1349 sssd.conf.5.xml:1534
+#, fuzzy
+#| msgid "Default: 3"
+msgid "Default:"
+msgstr "По умолчанию: 3"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:1351 sssd.conf.5.xml:1536
+msgid "/etc/pki/nssdb (NSS version, path to a NSS database)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:1354 sssd.conf.5.xml:1539
+msgid ""
+"/etc/sssd/pki/sssd_auth_ca_db.pem (OpenSSL version, path to a file with "
+"trusted CA certificates in PEM format)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1361 sssd.conf.5.xml:1546
+msgid "This man page was generated for the NSS version."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1364 sssd.conf.5.xml:1549
+msgid "This man page was generated for the OpenSSL version."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1352
+#: sssd.conf.5.xml:1369
 msgid "p11_child_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1355
+#: sssd.conf.5.xml:1372
 msgid "How many seconds will pam_sss wait for p11_child to finish."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1364
+#: sssd.conf.5.xml:1381
 msgid "pam_app_services (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1367
+#: sssd.conf.5.xml:1384
 msgid ""
 "Which PAM services are permitted to contact domains of type "
 "<quote>application</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1380
+#: sssd.conf.5.xml:1397
 msgid "SUDO configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1382
+#: sssd.conf.5.xml:1399
 msgid ""
 "These options can be used to configure the sudo service.  The detailed "
 "instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -1782,24 +1816,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1399
+#: sssd.conf.5.xml:1416
 msgid "sudo_timed (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1402
+#: sssd.conf.5.xml:1419
 msgid ""
 "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
 "that implement time-dependent sudoers entries."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1414
+#: sssd.conf.5.xml:1431
 msgid "sudo_threshold (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1417
+#: sssd.conf.5.xml:1434
 msgid ""
 "Maximum number of expired rules that can be refreshed at once. If number of "
 "expired rules is below threshold, those rules are refreshed with "
@@ -1809,22 +1843,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1436
+#: sssd.conf.5.xml:1453
 msgid "AUTOFS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1438
+#: sssd.conf.5.xml:1455
 msgid "These options can be used to configure the autofs service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1442
+#: sssd.conf.5.xml:1459
 msgid "autofs_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1445
+#: sssd.conf.5.xml:1462
 msgid ""
 "Specifies for how many seconds should the autofs responder negative cache "
 "hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1832,68 +1866,77 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1461
+#: sssd.conf.5.xml:1478
 msgid "SSH configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1463
+#: sssd.conf.5.xml:1480
 msgid "These options can be used to configure the SSH service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1467
+#: sssd.conf.5.xml:1484
 msgid "ssh_hash_known_hosts (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1470
+#: sssd.conf.5.xml:1487
 msgid ""
 "Whether or not to hash host names and addresses in the managed known_hosts "
 "file."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1479
+#: sssd.conf.5.xml:1496
 msgid "ssh_known_hosts_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1482
+#: sssd.conf.5.xml:1499
 msgid ""
 "How many seconds to keep a host in the managed known_hosts file after its "
 "host keys were requested."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1486
+#: sssd.conf.5.xml:1503
 msgid "Default: 180"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1491
-msgid "ca_db (string)"
+#: sssd.conf.5.xml:1508
+msgid "ssh_use_certificate_keys (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1494
+#: sssd.conf.5.xml:1511
 msgid ""
-"Path to a storage of trusted CA certificates. The option is used to validate "
-"user certificates before deriving public ssh keys from them."
+"If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh "
+"keys derived from the public key of X.509 certificates stored in the user "
+"entry as well. See <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</"
+"refentrytitle> <manvolnum>1</manvolnum> </citerefentry> for details."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1526
+msgid "ca_db (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1499
-msgid "Default: /etc/pki/nssdb"
+#: sssd.conf.5.xml:1529
+msgid ""
+"Path to a storage of trusted CA certificates. The option is used to validate "
+"user certificates before deriving public ssh keys from them."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1507
+#: sssd.conf.5.xml:1557
 msgid "PAC responder configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1509
+#: sssd.conf.5.xml:1559
 msgid ""
 "The PAC responder works together with the authorization data plugin for MIT "
 "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -1904,7 +1947,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1518
+#: sssd.conf.5.xml:1568
 msgid ""
 "If the remote user does not exist in the cache, it is created. The UID is "
 "determined with the help of the SID, trusted domains will have UPGs and the "
@@ -1915,24 +1958,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1526
+#: sssd.conf.5.xml:1576
 msgid ""
 "If there are SIDs of groups from domains sssd knows about, the user will be "
 "added to those groups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1532
+#: sssd.conf.5.xml:1582
 msgid "These options can be used to configure the PAC responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1536 sssd-ifp.5.xml:50
+#: sssd.conf.5.xml:1586 sssd-ifp.5.xml:50
 msgid "allowed_uids (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1539
+#: sssd.conf.5.xml:1589
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -1940,12 +1983,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1545
+#: sssd.conf.5.xml:1595
 msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1549
+#: sssd.conf.5.xml:1599
 msgid ""
 "Please note that although the UID 0 is used as the default it will be "
 "overwritten with this option. If you still want to allow the root user to "
@@ -1954,24 +1997,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1558
+#: sssd.conf.5.xml:1608
 msgid "pac_lifetime (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1561
+#: sssd.conf.5.xml:1611
 msgid ""
 "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
 "data can be used to determine the group memberships of a user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1574
+#: sssd.conf.5.xml:1624
 msgid "Session recording configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1576
+#: sssd.conf.5.xml:1626
 msgid ""
 "Session recording works in conjunction with <citerefentry> "
 "<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </"
@@ -1981,68 +2024,66 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1589
+#: sssd.conf.5.xml:1639
 msgid "These options can be used to configure session recording."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1593 sssd-session-recording.5.xml:64
+#: sssd.conf.5.xml:1643 sssd-session-recording.5.xml:64
 msgid "scope (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1600 sssd-session-recording.5.xml:71
+#: sssd.conf.5.xml:1650 sssd-session-recording.5.xml:71
 msgid "\"none\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1603 sssd-session-recording.5.xml:74
+#: sssd.conf.5.xml:1653 sssd-session-recording.5.xml:74
 msgid "No users are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1608 sssd-session-recording.5.xml:79
+#: sssd.conf.5.xml:1658 sssd-session-recording.5.xml:79
 msgid "\"some\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1611 sssd-session-recording.5.xml:82
+#: sssd.conf.5.xml:1661 sssd-session-recording.5.xml:82
 msgid ""
 "Users/groups specified by <replaceable>users</replaceable> and "
 "<replaceable>groups</replaceable> options are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1620 sssd-session-recording.5.xml:91
+#: sssd.conf.5.xml:1670 sssd-session-recording.5.xml:91
 msgid "\"all\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1623 sssd-session-recording.5.xml:94
+#: sssd.conf.5.xml:1673 sssd-session-recording.5.xml:94
 msgid "All users are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1596 sssd-session-recording.5.xml:67
+#: sssd.conf.5.xml:1646 sssd-session-recording.5.xml:67
 msgid ""
 "One of the following strings specifying the scope of session recording: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1630 sssd-session-recording.5.xml:101
-#, fuzzy
-#| msgid "Default: 3"
+#: sssd.conf.5.xml:1680 sssd-session-recording.5.xml:101
 msgid "Default: \"none\""
-msgstr "По умолчанию: 3"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1635 sssd-session-recording.5.xml:106
+#: sssd.conf.5.xml:1685 sssd-session-recording.5.xml:106
 msgid "users (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1638 sssd-session-recording.5.xml:109
+#: sssd.conf.5.xml:1688 sssd-session-recording.5.xml:109
 msgid ""
 "A comma-separated list of users which should have session recording enabled. "
 "Matches user names as returned by NSS. I.e. after the possible space "
@@ -2050,17 +2091,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1644 sssd-session-recording.5.xml:115
+#: sssd.conf.5.xml:1694 sssd-session-recording.5.xml:115
 msgid "Default: Empty. Matches no users."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1649 sssd-session-recording.5.xml:120
+#: sssd.conf.5.xml:1699 sssd-session-recording.5.xml:120
 msgid "groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1652 sssd-session-recording.5.xml:123
+#: sssd.conf.5.xml:1702 sssd-session-recording.5.xml:123
 msgid ""
 "A comma-separated list of groups, members of which should have session "
 "recording enabled. Matches group names as returned by NSS. I.e. after the "
@@ -2068,7 +2109,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1658 sssd-session-recording.5.xml:129
+#: sssd.conf.5.xml:1708 sssd-session-recording.5.xml:129
 msgid ""
 "NOTE: using this option (having it set to anything) has a considerable "
 "performance cost, because each uncached request for a user requires "
@@ -2076,22 +2117,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1665 sssd-session-recording.5.xml:136
+#: sssd.conf.5.xml:1715 sssd-session-recording.5.xml:136
 msgid "Default: Empty. Matches no groups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1675
+#: sssd.conf.5.xml:1725
 msgid "DOMAIN SECTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1682
+#: sssd.conf.5.xml:1732
 msgid "domain_type (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1685
+#: sssd.conf.5.xml:1735
 msgid ""
 "Specifies whether the domain is meant to be used by POSIX-aware clients such "
 "as the Name Service Switch or by applications that do not need POSIX data to "
@@ -2100,14 +2141,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1693
+#: sssd.conf.5.xml:1743
 msgid ""
 "Allowed values for this option are <quote>posix</quote> and "
 "<quote>application</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1697
+#: sssd.conf.5.xml:1747
 msgid ""
 "POSIX domains are reachable by all services. Application domains are only "
 "reachable from the InfoPipe responder (see <citerefentry> "
@@ -2116,38 +2157,38 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1705
+#: sssd.conf.5.xml:1755
 msgid ""
 "NOTE: The application domains are currently well tested with "
 "<quote>id_provider=ldap</quote> only."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1709
+#: sssd.conf.5.xml:1759
 msgid ""
 "For an easy way to configure a non-POSIX domains, please see the "
 "<quote>Application domains</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1713
+#: sssd.conf.5.xml:1763
 msgid "Default: posix"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1719
+#: sssd.conf.5.xml:1769
 msgid "min_id,max_id (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1722
+#: sssd.conf.5.xml:1772
 msgid ""
 "UID and GID limits for the domain. If a domain contains an entry that is "
 "outside these limits, it is ignored."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1727
+#: sssd.conf.5.xml:1777
 msgid ""
 "For users, this affects the primary GID limit. The user will not be returned "
 "to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -2156,24 +2197,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1734
+#: sssd.conf.5.xml:1784
 msgid ""
 "These ID limits affect even saving entries to cache, not only returning them "
 "by name or ID."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1738
+#: sssd.conf.5.xml:1788
 msgid "Default: 1 for min_id, 0 (no limit) for max_id"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1744
+#: sssd.conf.5.xml:1794
 msgid "enumerate (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1747
+#: sssd.conf.5.xml:1797
 msgid ""
 "Determines if a domain can be enumerated, that is, whether the domain can "
 "list all the users and group it contains. Note that it is not required to "
@@ -2182,29 +2223,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1755
+#: sssd.conf.5.xml:1805
 msgid "TRUE = Users and groups are enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1758
+#: sssd.conf.5.xml:1808
 msgid "FALSE = No enumerations for this domain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1761 sssd.conf.5.xml:1983 sssd.conf.5.xml:2150
+#: sssd.conf.5.xml:1811 sssd.conf.5.xml:2033 sssd.conf.5.xml:2208
 msgid "Default: FALSE"
 msgstr "По умолчанию: FALSE"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1764
+#: sssd.conf.5.xml:1814
 msgid ""
 "Enumerating a domain requires SSSD to download and store ALL user and group "
 "entries from the remote server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1769
+#: sssd.conf.5.xml:1819
 msgid ""
 "Note: Enabling enumeration has a moderate performance impact on SSSD while "
 "enumeration is running. It may take up to several minutes after SSSD startup "
@@ -2218,14 +2259,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1784
+#: sssd.conf.5.xml:1834
 msgid ""
 "While the first enumeration is running, requests for the complete user or "
 "group lists may return no results until it completes."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1789
+#: sssd.conf.5.xml:1839
 msgid ""
 "Further, enabling enumeration may increase the time necessary to detect "
 "network disconnection, as longer timeouts are required to ensure that "
@@ -2234,39 +2275,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1797
+#: sssd.conf.5.xml:1847
 msgid ""
 "For the reasons cited above, enabling enumeration is not recommended, "
 "especially in large environments."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1805
+#: sssd.conf.5.xml:1855
 msgid "subdomain_enumerate (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1812
+#: sssd.conf.5.xml:1862
 msgid "all"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1813
+#: sssd.conf.5.xml:1863
 msgid "All discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1816
+#: sssd.conf.5.xml:1866
 msgid "none"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1817
+#: sssd.conf.5.xml:1867
 msgid "No discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1808
+#: sssd.conf.5.xml:1858
 msgid ""
 "Whether any of autodetected trusted domains should be enumerated. The "
 "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -2275,19 +2316,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1831
+#: sssd.conf.5.xml:1881
 msgid "entry_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1834
+#: sssd.conf.5.xml:1884
 msgid ""
 "How many seconds should nss_sss consider entries valid before asking the "
 "backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1838
+#: sssd.conf.5.xml:1888
 msgid ""
 "The cache expiration timestamps are stored as attributes of individual "
 "objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -2298,151 +2339,151 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1851
+#: sssd.conf.5.xml:1901
 msgid "Default: 5400"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1857
+#: sssd.conf.5.xml:1907
 msgid "entry_cache_user_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1860
+#: sssd.conf.5.xml:1910
 msgid ""
 "How many seconds should nss_sss consider user entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1864 sssd.conf.5.xml:1877 sssd.conf.5.xml:1890
-#: sssd.conf.5.xml:1903 sssd.conf.5.xml:1916 sssd.conf.5.xml:1930
-#: sssd.conf.5.xml:1944
+#: sssd.conf.5.xml:1914 sssd.conf.5.xml:1927 sssd.conf.5.xml:1940
+#: sssd.conf.5.xml:1953 sssd.conf.5.xml:1966 sssd.conf.5.xml:1980
+#: sssd.conf.5.xml:1994
 msgid "Default: entry_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1870
+#: sssd.conf.5.xml:1920
 msgid "entry_cache_group_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1873
+#: sssd.conf.5.xml:1923
 msgid ""
 "How many seconds should nss_sss consider group entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1883
+#: sssd.conf.5.xml:1933
 msgid "entry_cache_netgroup_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1886
+#: sssd.conf.5.xml:1936
 msgid ""
 "How many seconds should nss_sss consider netgroup entries valid before "
 "asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1896
+#: sssd.conf.5.xml:1946
 msgid "entry_cache_service_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1899
+#: sssd.conf.5.xml:1949
 msgid ""
 "How many seconds should nss_sss consider service entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1909
+#: sssd.conf.5.xml:1959
 msgid "entry_cache_sudo_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:1962
 msgid ""
 "How many seconds should sudo consider rules valid before asking the backend "
 "again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1922
+#: sssd.conf.5.xml:1972
 msgid "entry_cache_autofs_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1925
+#: sssd.conf.5.xml:1975
 msgid ""
 "How many seconds should the autofs service consider automounter maps valid "
 "before asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1936
+#: sssd.conf.5.xml:1986
 msgid "entry_cache_ssh_host_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1939
+#: sssd.conf.5.xml:1989
 msgid ""
 "How many seconds to keep a host ssh key after refresh. IE how long to cache "
 "the host key for."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1950
+#: sssd.conf.5.xml:2000
 msgid "refresh_expired_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1953
+#: sssd.conf.5.xml:2003
 msgid ""
 "Specifies how many seconds SSSD has to wait before triggering a background "
 "refresh task which will refresh all expired or nearly expired records."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1958
+#: sssd.conf.5.xml:2008
 msgid ""
 "The background refresh will process users, groups and netgroups in the cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1962
+#: sssd.conf.5.xml:2012
 msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1966 sssd-ldap.5.xml:746 sssd-ipa.5.xml:254
+#: sssd.conf.5.xml:2016 sssd-ldap.5.xml:746 sssd-ipa.5.xml:254
 msgid "Default: 0 (disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1972
+#: sssd.conf.5.xml:2022
 msgid "cache_credentials (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1975
+#: sssd.conf.5.xml:2025
 msgid "Determines if user credentials are also cached in the local LDB cache"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1979
+#: sssd.conf.5.xml:2029
 msgid "User credentials are stored in a SHA512 hash, not in plaintext"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1989
+#: sssd.conf.5.xml:2039
 msgid "cache_credentials_minimal_first_factor_length (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1992
+#: sssd.conf.5.xml:2042
 msgid ""
 "If 2-Factor-Authentication (2FA) is used and credentials should be saved "
 "this value determines the minimal length the first authentication factor "
@@ -2450,24 +2491,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1999
+#: sssd.conf.5.xml:2049
 msgid ""
 "This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
 "the cache which would make them easy targets for brute-force attacks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2004
+#: sssd.conf.5.xml:2054
 msgid "Default: 8"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2010
+#: sssd.conf.5.xml:2060
 msgid "account_cache_expiration (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2013
+#: sssd.conf.5.xml:2063
 msgid ""
 "Number of days entries are left in cache after last successful login before "
 "being removed during a cleanup of the cache. 0 means keep forever.  The "
@@ -2476,17 +2517,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2020
+#: sssd.conf.5.xml:2070
 msgid "Default: 0 (unlimited)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2025
+#: sssd.conf.5.xml:2075
 msgid "pwd_expiration_warning (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2036
+#: sssd.conf.5.xml:2086
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -2495,33 +2536,42 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2043
+#: sssd.conf.5.xml:2093
 msgid "Default: 7 (Kerberos), 0 (LDAP)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2049
+#: sssd.conf.5.xml:2099
 msgid "id_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2052
+#: sssd.conf.5.xml:2102
 msgid ""
 "The identification provider used for the domain.  Supported ID providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2056
-msgid "<quote>proxy</quote>: Support a legacy NSS provider"
+#: sssd.conf.5.xml:2106
+msgid "<quote>proxy</quote>: Support a legacy NSS provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2059 sssd.conf.5.xml:2196
-msgid "<quote>local</quote>: SSSD internal provider for local users"
+#: sssd.conf.5.xml:2109
+msgid ""
+"<quote>local</quote>: SSSD internal provider for local users (DEPRECATED)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2063
+#: sssd.conf.5.xml:2113
+msgid ""
+"<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-"
+"files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
+"information on how to mirror local users and groups into SSSD."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2121
 msgid ""
 "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
 "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -2529,8 +2579,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2071 sssd.conf.5.xml:2176 sssd.conf.5.xml:2231
-#: sssd.conf.5.xml:2294
+#: sssd.conf.5.xml:2129 sssd.conf.5.xml:2234 sssd.conf.5.xml:2289
+#: sssd.conf.5.xml:2352
 msgid ""
 "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
 "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -2539,8 +2589,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2080 sssd.conf.5.xml:2185 sssd.conf.5.xml:2240
-#: sssd.conf.5.xml:2303
+#: sssd.conf.5.xml:2138 sssd.conf.5.xml:2243 sssd.conf.5.xml:2298
+#: sssd.conf.5.xml:2361
 msgid ""
 "<quote>ad</quote>: Active Directory provider. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2548,19 +2598,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2091
+#: sssd.conf.5.xml:2149
 msgid "use_fully_qualified_names (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2094
+#: sssd.conf.5.xml:2152
 msgid ""
 "Use the full name and domain (as formatted by the domain's full_name_format) "
 "as the user's login name reported to NSS."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2099
+#: sssd.conf.5.xml:2157
 msgid ""
 "If set to TRUE, all requests to this domain must use fully qualified names. "
 "For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -2569,7 +2619,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2107
+#: sssd.conf.5.xml:2165
 msgid ""
 "NOTE: This option has no effect on netgroup lookups due to their tendency to "
 "include nested netgroups without qualified names. For netgroups, all domains "
@@ -2577,22 +2627,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2114
+#: sssd.conf.5.xml:2172
 msgid "Default: FALSE (TRUE if default_domain_suffix is used)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2120
+#: sssd.conf.5.xml:2178
 msgid "ignore_group_members (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2123
+#: sssd.conf.5.xml:2181
 msgid "Do not return group members for group lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2126
+#: sssd.conf.5.xml:2184
 msgid ""
 "If set to TRUE, the group membership attribute is not requested from the "
 "ldap server, and group members are not returned when processing group lookup "
@@ -2604,7 +2654,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2144
+#: sssd.conf.5.xml:2202
 msgid ""
 "Enabling this option can also make access provider checks for group "
 "membership significantly faster, especially for groups containing many "
@@ -2612,19 +2662,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2155
+#: sssd.conf.5.xml:2213
 msgid "auth_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2158
+#: sssd.conf.5.xml:2216
 msgid ""
 "The authentication provider used for the domain.  Supported auth providers "
 "are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2162 sssd.conf.5.xml:2224
+#: sssd.conf.5.xml:2220 sssd.conf.5.xml:2282
 msgid ""
 "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2632,7 +2682,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2169
+#: sssd.conf.5.xml:2227
 msgid ""
 "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2640,30 +2690,35 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2193
+#: sssd.conf.5.xml:2251
 msgid ""
 "<quote>proxy</quote> for relaying authentication to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2200
+#: sssd.conf.5.xml:2254
+msgid "<quote>local</quote>: SSSD internal provider for local users"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2258
 msgid "<quote>none</quote> disables authentication explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2203
+#: sssd.conf.5.xml:2261
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "authentication requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2209
+#: sssd.conf.5.xml:2267
 msgid "access_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2212
+#: sssd.conf.5.xml:2270
 msgid ""
 "The access control provider used for the domain.  There are two built-in "
 "access providers (in addition to any included in installed backends)  "
@@ -2671,19 +2726,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2218
+#: sssd.conf.5.xml:2276
 msgid ""
 "<quote>permit</quote> always allow access. It's the only permitted access "
 "provider for a local domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2221
+#: sssd.conf.5.xml:2279
 msgid "<quote>deny</quote> always deny access."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2248
+#: sssd.conf.5.xml:2306
 msgid ""
 "<quote>simple</quote> access control based on access or deny lists. See "
 "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -2692,7 +2747,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2255
+#: sssd.conf.5.xml:2313
 msgid ""
 "<quote>krb5</quote>: .k5login based access control.  See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
@@ -2700,29 +2755,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2262
+#: sssd.conf.5.xml:2320
 msgid "<quote>proxy</quote> for relaying access control to another PAM module."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2265
+#: sssd.conf.5.xml:2323
 msgid "Default: <quote>permit</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2270
+#: sssd.conf.5.xml:2328
 msgid "chpass_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2273
+#: sssd.conf.5.xml:2331
 msgid ""
 "The provider which should handle change password operations for the domain.  "
 "Supported change password providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2278
+#: sssd.conf.5.xml:2336
 msgid ""
 "<quote>ldap</quote> to change a password stored in a LDAP server. See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -2730,7 +2785,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2286
+#: sssd.conf.5.xml:2344
 msgid ""
 "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2738,35 +2793,35 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2311
+#: sssd.conf.5.xml:2369
 msgid ""
 "<quote>proxy</quote> for relaying password changes to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2315
+#: sssd.conf.5.xml:2373
 msgid "<quote>none</quote> disallows password changes explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2318
+#: sssd.conf.5.xml:2376
 msgid ""
 "Default: <quote>auth_provider</quote> is used if it is set and can handle "
 "change password requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2325
+#: sssd.conf.5.xml:2383
 msgid "sudo_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2328
+#: sssd.conf.5.xml:2386
 msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2332
+#: sssd.conf.5.xml:2390
 msgid ""
 "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2774,32 +2829,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2340
+#: sssd.conf.5.xml:2398
 msgid ""
 "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2344
+#: sssd.conf.5.xml:2402
 msgid ""
 "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2348
+#: sssd.conf.5.xml:2406
 msgid "<quote>none</quote> disables SUDO explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2351 sssd.conf.5.xml:2437 sssd.conf.5.xml:2507
-#: sssd.conf.5.xml:2532
+#: sssd.conf.5.xml:2409 sssd.conf.5.xml:2495 sssd.conf.5.xml:2565
+#: sssd.conf.5.xml:2590
 msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2355
+#: sssd.conf.5.xml:2413
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -2810,7 +2865,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2370
+#: sssd.conf.5.xml:2428
 msgid ""
 "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the "
 "background unless the sudo provider is explicitly disabled. Set "
@@ -2819,12 +2874,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2380
+#: sssd.conf.5.xml:2438
 msgid "selinux_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2383
+#: sssd.conf.5.xml:2441
 msgid ""
 "The provider which should handle loading of selinux settings. Note that this "
 "provider will be called right after access provider ends.  Supported selinux "
@@ -2832,7 +2887,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2389
+#: sssd.conf.5.xml:2447
 msgid ""
 "<quote>ipa</quote> to load selinux settings from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2840,31 +2895,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2397
+#: sssd.conf.5.xml:2455
 msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2400
+#: sssd.conf.5.xml:2458
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "selinux loading requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2406
+#: sssd.conf.5.xml:2464
 msgid "subdomains_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2409
+#: sssd.conf.5.xml:2467
 msgid ""
 "The provider which should handle fetching of subdomains. This value should "
 "be always the same as id_provider.  Supported subdomain providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2415
+#: sssd.conf.5.xml:2473
 msgid ""
 "<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2872,7 +2927,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2424
+#: sssd.conf.5.xml:2482
 msgid ""
 "<quote>ad</quote> to load a list of subdomains from an Active Directory "
 "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -2881,17 +2936,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2433
+#: sssd.conf.5.xml:2491
 msgid "<quote>none</quote> disallows fetching subdomains explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2443
+#: sssd.conf.5.xml:2501
 msgid "session_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2446
+#: sssd.conf.5.xml:2504
 msgid ""
 "The provider which configures and manages user session related tasks. The "
 "only user session task currently provided is the integration with Fleet "
@@ -2899,43 +2954,43 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2453
+#: sssd.conf.5.xml:2511
 msgid "<quote>ipa</quote> to allow performing user session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2457
+#: sssd.conf.5.xml:2515
 msgid ""
 "<quote>none</quote> does not perform any kind of user session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2461
+#: sssd.conf.5.xml:2519
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can perform "
 "session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2465
+#: sssd.conf.5.xml:2523
 msgid ""
 "<emphasis>NOTE:</emphasis> In order to have this feature working as expected "
 "SSSD must be running as \"root\" and not as the unprivileged user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2473
+#: sssd.conf.5.xml:2531
 msgid "autofs_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2476
+#: sssd.conf.5.xml:2534
 msgid ""
 "The autofs provider used for the domain.  Supported autofs providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2480
+#: sssd.conf.5.xml:2538
 msgid ""
 "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2943,7 +2998,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2487
+#: sssd.conf.5.xml:2545
 msgid ""
 "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
 "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2951,7 +3006,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2495
+#: sssd.conf.5.xml:2553
 msgid ""
 "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2959,24 +3014,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2504
+#: sssd.conf.5.xml:2562
 msgid "<quote>none</quote> disables autofs explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2514
+#: sssd.conf.5.xml:2572
 msgid "hostid_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2517
+#: sssd.conf.5.xml:2575
 msgid ""
 "The provider used for retrieving host identity information.  Supported "
 "hostid providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2521
+#: sssd.conf.5.xml:2579
 msgid ""
 "<quote>ipa</quote> to load host identity stored in an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2984,12 +3039,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2529
+#: sssd.conf.5.xml:2587
 msgid "<quote>none</quote> disables hostid explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2542
+#: sssd.conf.5.xml:2600
 msgid ""
 "Regular expression for this domain that describes how to parse the string "
 "containing user name and domain into these components.  The \"domain\" can "
@@ -2999,7 +3054,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2551
+#: sssd.conf.5.xml:2609
 msgid ""
 "Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
 "\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -3008,29 +3063,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2556
+#: sssd.conf.5.xml:2614
 msgid "username"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2559
+#: sssd.conf.5.xml:2617
 msgid "username@domain.name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2562
+#: sssd.conf.5.xml:2620
 msgid "domain\\username"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2565
+#: sssd.conf.5.xml:2623
 msgid ""
 "While the first two correspond to the general default the third one is "
 "introduced to allow easy integration of users from Windows domains."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2570
+#: sssd.conf.5.xml:2628
 msgid ""
 "Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
 "which translates to \"the name is everything up to the <quote>@</quote> "
@@ -3038,7 +3093,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2576
+#: sssd.conf.5.xml:2634
 msgid ""
 "PLEASE NOTE: the support for non-unique named subpatterns is not available "
 "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -3046,66 +3101,66 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2583
+#: sssd.conf.5.xml:2641
 msgid ""
 "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
 "P&lt;name&gt;) to label subpatterns."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2630
+#: sssd.conf.5.xml:2688
 msgid "Default: <quote>%1$s@%2$s</quote>."
 msgstr "По умолчанию: <quote>%1$s@%2$s</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2636
+#: sssd.conf.5.xml:2694
 msgid "lookup_family_order (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2639
+#: sssd.conf.5.xml:2697
 msgid ""
 "Provides the ability to select preferred address family to use when "
 "performing DNS lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2643
+#: sssd.conf.5.xml:2701
 msgid "Supported values:"
 msgstr "Поддерживаемые значения:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2646
+#: sssd.conf.5.xml:2704
 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2649
+#: sssd.conf.5.xml:2707
 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2652
+#: sssd.conf.5.xml:2710
 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2655
+#: sssd.conf.5.xml:2713
 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2658
+#: sssd.conf.5.xml:2716
 msgid "Default: ipv4_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2664
+#: sssd.conf.5.xml:2722
 msgid "dns_resolver_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2667
+#: sssd.conf.5.xml:2725
 msgid ""
 "Defines the amount of time (in seconds) to wait for a reply from the "
 "internal fail over service before assuming that the service is unreachable. "
@@ -3114,77 +3169,77 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2674
+#: sssd.conf.5.xml:2732
 msgid ""
 "Please see the section <quote>FAILOVER</quote> for more information about "
 "the service resolution."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2679 sssd-ldap.5.xml:1396 sssd-ldap.5.xml:1438
+#: sssd.conf.5.xml:2737 sssd-ldap.5.xml:1396 sssd-ldap.5.xml:1438
 #: sssd-ldap.5.xml:1456 sssd-krb5.5.xml:248
 msgid "Default: 6"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2685
+#: sssd.conf.5.xml:2743
 msgid "dns_discovery_domain (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2688
+#: sssd.conf.5.xml:2746
 msgid ""
 "If service discovery is used in the back end, specifies the domain part of "
 "the service discovery DNS query."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2692
+#: sssd.conf.5.xml:2750
 msgid "Default: Use the domain part of machine's hostname"
 msgstr "По умолчанию: использовать доменное имя из hostname"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2698
+#: sssd.conf.5.xml:2756
 msgid "override_gid (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2701
+#: sssd.conf.5.xml:2759
 msgid "Override the primary GID value with the one specified."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2707
+#: sssd.conf.5.xml:2765
 msgid "case_sensitive (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2715
+#: sssd.conf.5.xml:2773
 msgid "True"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2718
+#: sssd.conf.5.xml:2776
 msgid "Case sensitive. This value is invalid for AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2724
+#: sssd.conf.5.xml:2782
 msgid "False"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2726
+#: sssd.conf.5.xml:2784
 msgid "Case insensitive."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2730
+#: sssd.conf.5.xml:2788
 msgid "Preserving"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2733
+#: sssd.conf.5.xml:2791
 msgid ""
 "Same as False (case insensitive), but does not lowercase names in the result "
 "of NSS operations. Note that name aliases (and in case of services also "
@@ -3192,7 +3247,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2710
+#: sssd.conf.5.xml:2768
 msgid ""
 "Treat user and group names as case sensitive. At the moment, this option is "
 "not supported in the local provider. Possible option values are: "
@@ -3200,17 +3255,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2745
+#: sssd.conf.5.xml:2803
 msgid "Default: True (False for AD provider)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2751
+#: sssd.conf.5.xml:2809
 msgid "subdomain_inherit (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2754
+#: sssd.conf.5.xml:2812
 msgid ""
 "Specifies a list of configuration parameters that should be inherited by a "
 "subdomain. Please note that only selected parameters can be inherited.  "
@@ -3218,34 +3273,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2760
+#: sssd.conf.5.xml:2818
 msgid "ignore_group_members"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2763
+#: sssd.conf.5.xml:2821
 msgid "ldap_purge_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2766 sssd-ldap.5.xml:1120
+#: sssd.conf.5.xml:2824 sssd-ldap.5.xml:1120
 msgid "ldap_use_tokengroups"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2769
+#: sssd.conf.5.xml:2827
 msgid "ldap_user_principal"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2772
+#: sssd.conf.5.xml:2830
 msgid ""
 "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
 "is not set explicitly)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:2778
+#: sssd.conf.5.xml:2836
 #, no-wrap
 msgid ""
 "subdomain_inherit = ldap_purge_cache_timeout\n"
@@ -3253,32 +3308,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2776 sssd-secrets.5.xml:448
+#: sssd.conf.5.xml:2834 sssd-secrets.5.xml:448
 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2785
+#: sssd.conf.5.xml:2843
 msgid "Note: This option only works with the IPA and AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2792
+#: sssd.conf.5.xml:2850
 msgid "subdomain_homedir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2803
+#: sssd.conf.5.xml:2861
 msgid "%F"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2804
+#: sssd.conf.5.xml:2862
 msgid "flat (NetBIOS) name of a subdomain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2795
+#: sssd.conf.5.xml:2853
 msgid ""
 "Use this homedir as default value for all subdomains within this domain in "
 "IPA AD trust.  See <emphasis>override_homedir</emphasis> for info about "
@@ -3288,34 +3343,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2809
+#: sssd.conf.5.xml:2867
 msgid ""
 "The value can be overridden by <emphasis>override_homedir</emphasis> option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2813
+#: sssd.conf.5.xml:2871
 msgid "Default: <filename>/home/%d/%u</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2818
+#: sssd.conf.5.xml:2876
 msgid "realmd_tags (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2821
+#: sssd.conf.5.xml:2879
 msgid ""
 "Various tags stored by the realmd configuration service for this domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2827
+#: sssd.conf.5.xml:2885
 msgid "cached_auth_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2830
+#: sssd.conf.5.xml:2888
 msgid ""
 "Specifies time in seconds since last successful online authentication for "
 "which user will be authenticated using cached credentials while SSSD is in "
@@ -3323,12 +3378,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2836
+#: sssd.conf.5.xml:2894
 msgid "Special value 0 implies that this feature is disabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2840
+#: sssd.conf.5.xml:2898
 msgid ""
 "Please note that if <quote>cached_auth_timeout</quote> is longer than "
 "<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -3336,26 +3391,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2851
+#: sssd.conf.5.xml:2909
 msgid "auto_private_groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2854
+#: sssd.conf.5.xml:2912
 msgid ""
 "If this option is enabled, SSSD will automatically create user private "
 "groups based on user's UID number. The GID number is ignored in this case."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2859
+#: sssd.conf.5.xml:2917
 msgid ""
 "For POSIX subdomains, setting the option in the main domain is inherited in "
 "the subdomain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2863
+#: sssd.conf.5.xml:2921
 msgid ""
 "For ID-mapping subdomains, auto_private_groups is already enabled for the "
 "subdomains and setting it to false will not have any effect for the "
@@ -3363,7 +3418,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2868
+#: sssd.conf.5.xml:2926
 msgid ""
 "NOTE: Because the GID number and the user private group are inferred from "
 "the UID number, it is not supported to have multiple entries with the same "
@@ -3372,7 +3427,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1677
+#: sssd.conf.5.xml:1727
 msgid ""
 "These configuration options can be present in a domain configuration "
 "section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -3380,29 +3435,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2887
+#: sssd.conf.5.xml:2945
 msgid "proxy_pam_target (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2890
+#: sssd.conf.5.xml:2948
 msgid "The proxy target PAM proxies to."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2893
+#: sssd.conf.5.xml:2951
 msgid ""
 "Default: not set by default, you have to take an existing pam configuration "
 "or create a new one and add the service name here."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2901
+#: sssd.conf.5.xml:2959
 msgid "proxy_lib_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2904
+#: sssd.conf.5.xml:2962
 msgid ""
 "The name of the NSS library to use in proxy domains. The NSS functions "
 "searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -3410,12 +3465,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2914
+#: sssd.conf.5.xml:2972
 msgid "proxy_fast_alias (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2917
+#: sssd.conf.5.xml:2975
 msgid ""
 "When a user or group is looked up by name in the proxy provider, a second "
 "lookup by ID is performed to \"canonicalize\" the name in case the requested "
@@ -3424,12 +3479,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2931
+#: sssd.conf.5.xml:2989
 msgid "proxy_max_children (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2934
+#: sssd.conf.5.xml:2992
 msgid ""
 "This option specifies the number of pre-forked proxy children. It is useful "
 "for high-load SSSD environments where sssd may run out of available child "
@@ -3437,19 +3492,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2883
+#: sssd.conf.5.xml:2941
 msgid ""
 "Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
 "\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2950
+#: sssd.conf.5.xml:3008
 msgid "Application domains"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2952
+#: sssd.conf.5.xml:3010
 msgid ""
 "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</"
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to "
@@ -3466,7 +3521,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2972
+#: sssd.conf.5.xml:3030
 msgid ""
 "Please note that the application domain must still be explicitly enabled in "
 "the <quote>domains</quote> parameter so that the lookup order between the "
@@ -3474,17 +3529,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:2978
+#: sssd.conf.5.xml:3036
 msgid "Application domain parameters"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2980
+#: sssd.conf.5.xml:3038
 msgid "inherit_from (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2983
+#: sssd.conf.5.xml:3041
 msgid ""
 "The SSSD POSIX-type domain the application domain inherits all settings "
 "from. The application domain can moreover add its own settings to the "
@@ -3493,7 +3548,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2997
+#: sssd.conf.5.xml:3055
 msgid ""
 "The following example illustrates the use of an application domain. In this "
 "setup, the POSIX domain is connected to an LDAP server and is used by the OS "
@@ -3503,7 +3558,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting>
-#: sssd.conf.5.xml:3005
+#: sssd.conf.5.xml:3063
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -3523,12 +3578,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:3023
+#: sssd.conf.5.xml:3081
 msgid "The local domain section"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:3025
+#: sssd.conf.5.xml:3083
 msgid ""
 "This section contains settings for domain that stores users and groups in "
 "SSSD native database, that is, a domain that uses "
@@ -3536,73 +3591,73 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3032
+#: sssd.conf.5.xml:3090
 msgid "default_shell (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3035
+#: sssd.conf.5.xml:3093
 msgid "The default shell for users created with SSSD userspace tools."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3039
+#: sssd.conf.5.xml:3097
 msgid "Default: <filename>/bin/bash</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3044
+#: sssd.conf.5.xml:3102
 msgid "base_directory (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3047
+#: sssd.conf.5.xml:3105
 msgid ""
 "The tools append the login name to <replaceable>base_directory</replaceable> "
 "and use that as the home directory."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3052
+#: sssd.conf.5.xml:3110
 msgid "Default: <filename>/home</filename>"
 msgstr "По умолчанию: <filename>/home</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3057
+#: sssd.conf.5.xml:3115
 msgid "create_homedir (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3060
+#: sssd.conf.5.xml:3118
 msgid ""
 "Indicate if a home directory should be created by default for new users.  "
 "Can be overridden on command line."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3064 sssd.conf.5.xml:3076
+#: sssd.conf.5.xml:3122 sssd.conf.5.xml:3134
 msgid "Default: TRUE"
 msgstr "По умолчанию: TRUE"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3069
+#: sssd.conf.5.xml:3127
 msgid "remove_homedir (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3072
+#: sssd.conf.5.xml:3130
 msgid ""
 "Indicate if a home directory should be removed by default for deleted "
 "users.  Can be overridden on command line."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3081
+#: sssd.conf.5.xml:3139
 msgid "homedir_umask (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3084
+#: sssd.conf.5.xml:3142
 msgid ""
 "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
 "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -3610,17 +3665,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3092
+#: sssd.conf.5.xml:3150
 msgid "Default: 077"
 msgstr "По умолчанию: 077"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3097
+#: sssd.conf.5.xml:3155
 msgid "skel_dir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3100
+#: sssd.conf.5.xml:3158
 msgid ""
 "The skeleton directory, which contains files and directories to be copied in "
 "the user's home directory, when the home directory is created by "
@@ -3629,17 +3684,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3110
+#: sssd.conf.5.xml:3168
 msgid "Default: <filename>/etc/skel</filename>"
 msgstr "По умолчанию: <filename>/etc/skel</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3115
+#: sssd.conf.5.xml:3173
 msgid "mail_dir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3118
+#: sssd.conf.5.xml:3176
 msgid ""
 "The mail spool directory. This is needed to manipulate the mailbox when its "
 "corresponding user account is modified or deleted.  If not specified, a "
@@ -3647,17 +3702,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3125
+#: sssd.conf.5.xml:3183
 msgid "Default: <filename>/var/mail</filename>"
 msgstr "По умолчанию: <filename>/var/mail</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3130
+#: sssd.conf.5.xml:3188
 msgid "userdel_cmd (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3133
+#: sssd.conf.5.xml:3191
 msgid ""
 "The command that is run after a user is removed.  The command us passed the "
 "username of the user being removed as the first and only parameter. The "
@@ -3665,17 +3720,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3139
+#: sssd.conf.5.xml:3197
 msgid "Default: None, no command is run"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:3149
+#: sssd.conf.5.xml:3207
 msgid "TRUSTED DOMAIN SECTION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3151
+#: sssd.conf.5.xml:3209
 msgid ""
 "Some options used in the domain section can also be used in the trusted "
 "domain section, that is, in a section called <quote>[domain/"
@@ -3686,64 +3741,64 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3158
+#: sssd.conf.5.xml:3216
 msgid "ldap_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3159
+#: sssd.conf.5.xml:3217
 msgid "ldap_user_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3160
+#: sssd.conf.5.xml:3218
 msgid "ldap_group_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3161
+#: sssd.conf.5.xml:3219
 msgid "ldap_netgroup_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3162
+#: sssd.conf.5.xml:3220
 msgid "ldap_service_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3163
+#: sssd.conf.5.xml:3221
 msgid "ad_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3164
+#: sssd.conf.5.xml:3222
 msgid "ad_backup_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3165
+#: sssd.conf.5.xml:3223
 msgid "ad_site,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3166
+#: sssd.conf.5.xml:3224
 msgid "use_fully_qualified_names"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3168
+#: sssd.conf.5.xml:3226
 msgid ""
 "For more details about these options see their individual description in the "
 "manual page."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:3174 idmap_sss.8.xml:43
+#: sssd.conf.5.xml:3232 idmap_sss.8.xml:43
 msgid "EXAMPLES"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:3180
+#: sssd.conf.5.xml:3238
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -3773,7 +3828,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3176
+#: sssd.conf.5.xml:3234
 msgid ""
 "1. The following example shows a typical SSSD config. It does not describe "
 "configuration of the domains themselves - refer to documentation on "
@@ -3782,7 +3837,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:3213
+#: sssd.conf.5.xml:3271
 #, no-wrap
 msgid ""
 "[domain/ipa.com/child.ad.com]\n"
@@ -3790,7 +3845,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3207
+#: sssd.conf.5.xml:3265
 msgid ""
 "2. The following example shows configuration of IPA AD trust where the AD "
 "forest consists of two domains in a parent-child structure.  Suppose IPA "
@@ -3838,7 +3893,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:81 sssd-ad.5.xml:112
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:81 sssd-ad.5.xml:115
 #: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44 sssd-files.5.xml:57
 #: sssd-secrets.5.xml:120 sssd-session-recording.5.xml:58 sssd-kcm.8.xml:139
 msgid "CONFIGURATION OPTIONS"
@@ -3939,7 +3994,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:662 sssd-ad.5.xml:283
+#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:662 sssd-ad.5.xml:286
 #: sss_override.8.xml:137 sss_override.8.xml:234
 msgid "Examples:"
 msgstr ""
@@ -4765,10 +4820,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:855
-#, fuzzy
-#| msgid "Default: root"
 msgid "Default: rhost"
-msgstr "По умолчанию: root"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:861
@@ -4782,10 +4835,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:868
-#, fuzzy
-#| msgid "Default: homeDirectory"
 msgid "Default: userCertificate;binary"
-msgstr "По умолчанию: homeDirectory"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:874
@@ -5156,10 +5207,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1248
-#, fuzzy
-#| msgid "Default: 3"
 msgid "Default: fqdn"
-msgstr "По умолчанию: 3"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1254
@@ -5168,10 +5217,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1261
-#, fuzzy
-#| msgid "Default: root"
 msgid "Default: serverHostname"
-msgstr "По умолчанию: root"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1267
@@ -5761,7 +5808,7 @@ msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1853 sssd-ad.5.xml:934
+#: sssd-ldap.5.xml:1853 sssd-ad.5.xml:937
 msgid "Default: 86400 (24 hours)"
 msgstr ""
 
@@ -6833,8 +6880,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd-ldap.5.xml:2816 sssd-simple.5.xml:131 sssd-ipa.5.xml:736
-#: sssd-ad.5.xml:1038 sssd-krb5.5.xml:570 sss_rpcidmapd.5.xml:98
-#: sssd-files.5.xml:71 sssd-session-recording.5.xml:144
+#: sssd-ad.5.xml:1041 sssd-krb5.5.xml:570 sss_rpcidmapd.5.xml:98
+#: sssd-files.5.xml:103 sssd-session-recording.5.xml:144
 msgid "EXAMPLE"
 msgstr "ПРИМЕР"
 
@@ -6861,8 +6908,8 @@ msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para>
 #: sssd-ldap.5.xml:2823 sssd-ldap.5.xml:2841 sssd-simple.5.xml:139
-#: sssd-ipa.5.xml:744 sssd-ad.5.xml:1046 sssd-sudo.5.xml:56 sssd-krb5.5.xml:579
-#: sssd-files.5.xml:78 sssd-session-recording.5.xml:150
+#: sssd-ipa.5.xml:744 sssd-ad.5.xml:1049 sssd-sudo.5.xml:56 sssd-krb5.5.xml:579
+#: sssd-files.5.xml:110 sssd-session-recording.5.xml:150
 #: include/ldap_id_mapping.xml:105
 msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
@@ -6897,7 +6944,7 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd-ldap.5.xml:2857 sssd_krb5_locator_plugin.8.xml:61 sssd-simple.5.xml:148
-#: sssd-ad.5.xml:1061 sssd.8.xml:230 sss_seed.8.xml:163
+#: sssd-ad.5.xml:1064 sssd.8.xml:230 sss_seed.8.xml:163
 msgid "NOTES"
 msgstr ""
 
@@ -7308,7 +7355,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:82 sssd-ad.5.xml:113
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:82 sssd-ad.5.xml:116
 msgid ""
 "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
 "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -7405,23 +7452,24 @@ msgstr ""
 msgid ""
 "The rules are processed by priority while the number '0' (zero)  indicates "
 "the highest priority. The higher the number the lower is the priority. A "
-"missing value indicates the lowest priority."
+"missing value indicates the lowest priority. The rules processing is stopped "
+"when a matched rule is found and no further rules are checked."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:50
+#: sss-certmap.5.xml:52
 msgid ""
 "Internally the priority is treated as unsigned 32bit integer, using a "
 "priority value larger than 4294967295 will cause an error."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sss-certmap.5.xml:55
+#: sss-certmap.5.xml:57
 msgid "MATCHING RULE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:57
+#: sss-certmap.5.xml:59
 msgid ""
 "The matching rule is used to select a certificate to which the mapping rule "
 "should be applied. It uses a system similar to the one used by "
@@ -7433,12 +7481,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:69
+#: sss-certmap.5.xml:71
 msgid "&lt;SUBJECT&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:72
+#: sss-certmap.5.xml:74
 msgid ""
 "With this a part or the whole subject name of the certificate can be "
 "matched. For the matching POSIX Extended Regular Expression syntax is used, "
@@ -7446,7 +7494,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:78
+#: sss-certmap.5.xml:80
 msgid ""
 "For the matching the subject name stored in the certificate in DER encoded "
 "ASN.1 is converted into a string according to RFC 4514. This means the most "
@@ -7459,172 +7507,172 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:91
+#: sss-certmap.5.xml:93
 msgid "Example: &lt;SUBJECT&gt;.*,DC=MY,DC=DOMAIN"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:96
+#: sss-certmap.5.xml:98
 msgid "&lt;ISSUER&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:99
+#: sss-certmap.5.xml:101
 msgid ""
 "With this a part or the whole issuer name of the certificate can be matched. "
 "All comments for &lt;SUBJECT&gt; apply her as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:104
+#: sss-certmap.5.xml:106
 msgid "Example: &lt;ISSUER&gt;^CN=My-CA,DC=MY,DC=DOMAIN$"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:109
+#: sss-certmap.5.xml:111
 msgid "&lt;KU&gt;key-usage"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:112
+#: sss-certmap.5.xml:114
 msgid ""
 "This option can be used to specify which key usage values the certificate "
 "should have. The following values can be used in a comma separated list:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:116
+#: sss-certmap.5.xml:118
 msgid "digitalSignature"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:117
+#: sss-certmap.5.xml:119
 msgid "nonRepudiation"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:118
+#: sss-certmap.5.xml:120
 msgid "keyEncipherment"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:119
+#: sss-certmap.5.xml:121
 msgid "dataEncipherment"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:120
+#: sss-certmap.5.xml:122
 msgid "keyAgreement"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:121
+#: sss-certmap.5.xml:123
 msgid "keyCertSign"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:122
+#: sss-certmap.5.xml:124
 msgid "cRLSign"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:123
+#: sss-certmap.5.xml:125
 msgid "encipherOnly"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:124
+#: sss-certmap.5.xml:126
 msgid "decipherOnly"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:128
+#: sss-certmap.5.xml:130
 msgid ""
 "A numerical value in the range of a 32bit unsigned integer can be used as "
 "well to cover special use cases."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:132
+#: sss-certmap.5.xml:134
 msgid "Example: &lt;KU&gt;digitalSignature,keyEncipherment"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:137
+#: sss-certmap.5.xml:139
 msgid "&lt;EKU&gt;extended-key-usage"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:140
+#: sss-certmap.5.xml:142
 msgid ""
 "This option can be used to specify which extended key usage the certificate "
 "should have. The following value can be used in a comma separated list:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:144
+#: sss-certmap.5.xml:146
 msgid "serverAuth"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:145
+#: sss-certmap.5.xml:147
 msgid "clientAuth"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:146
+#: sss-certmap.5.xml:148
 msgid "codeSigning"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:147
+#: sss-certmap.5.xml:149
 msgid "emailProtection"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:148
+#: sss-certmap.5.xml:150
 msgid "timeStamping"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:149
+#: sss-certmap.5.xml:151
 msgid "OCSPSigning"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:150
+#: sss-certmap.5.xml:152
 msgid "KPClientAuth"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:151
+#: sss-certmap.5.xml:153
 msgid "pkinit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:152
+#: sss-certmap.5.xml:154
 msgid "msScLogin"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:156
+#: sss-certmap.5.xml:158
 msgid ""
 "Extended key usages which are not listed above can be specified with their "
 "OID in dotted-decimal notation."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:160
+#: sss-certmap.5.xml:162
 msgid "Example: &lt;EKU&gt;clientAuth,1.3.6.1.5.2.3.4"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:165
+#: sss-certmap.5.xml:167
 msgid "&lt;SAN&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:168
+#: sss-certmap.5.xml:170
 msgid ""
 "To be compatible with the usage of MIT Kerberos this option will match the "
 "Kerberos principals in the PKINIT or AD NT Principal SAN as &lt;SAN:"
@@ -7632,62 +7680,62 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:173
+#: sss-certmap.5.xml:175
 msgid "Example: &lt;SAN&gt;.*@MY\\.REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:178
+#: sss-certmap.5.xml:180
 msgid "&lt;SAN:Principal&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:181
+#: sss-certmap.5.xml:183
 msgid "Match the Kerberos principals in the PKINIT or AD NT Principal SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:185
+#: sss-certmap.5.xml:187
 msgid "Example: &lt;SAN:Principal&gt;.*@MY\\.REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:190
+#: sss-certmap.5.xml:192
 msgid "&lt;SAN:ntPrincipalName&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:193
+#: sss-certmap.5.xml:195
 msgid "Match the Kerberos principals from the AD NT Principal SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:197
+#: sss-certmap.5.xml:199
 msgid "Example: &lt;SAN:ntPrincipalName&gt;.*@MY.AD.REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:202
+#: sss-certmap.5.xml:204
 msgid "&lt;SAN:pkinit&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:205
+#: sss-certmap.5.xml:207
 msgid "Match the Kerberos principals from the PKINIT SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:208
+#: sss-certmap.5.xml:210
 msgid "Example: &lt;SAN:ntPrincipalName&gt;.*@MY\\.PKINIT\\.REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:213
+#: sss-certmap.5.xml:215
 msgid "&lt;SAN:dotted-decimal-oid&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:216
+#: sss-certmap.5.xml:218
 msgid ""
 "Take the value of the otherName SAN component given by the OID in dotted-"
 "decimal notation, interpret it as string and try to match it against the "
@@ -7695,17 +7743,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:222
+#: sss-certmap.5.xml:224
 msgid "Example: &lt;SAN:1.2.3.4&gt;test"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:227
+#: sss-certmap.5.xml:229
 msgid "&lt;SAN:otherName&gt;base64-string"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:230
+#: sss-certmap.5.xml:232
 msgid ""
 "Do a binary match with the base64 encoded blob against all otherName SAN "
 "components. With this option it is possible to match against custom "
@@ -7714,145 +7762,145 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:237
+#: sss-certmap.5.xml:239
 msgid "Example: &lt;SAN:otherName&gt;MTIz"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:242
+#: sss-certmap.5.xml:244
 msgid "&lt;SAN:rfc822Name&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:245
+#: sss-certmap.5.xml:247
 msgid "Match the value of the rfc822Name SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:248
+#: sss-certmap.5.xml:250
 msgid "Example: &lt;SAN:rfc822Name&gt;.*@email\\.domain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:253
+#: sss-certmap.5.xml:255
 msgid "&lt;SAN:dNSName&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:256
+#: sss-certmap.5.xml:258
 msgid "Match the value of the dNSName SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:259
+#: sss-certmap.5.xml:261
 msgid "Example: &lt;SAN:dNSName&gt;.*\\.my\\.dns\\.domain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:264
+#: sss-certmap.5.xml:266
 msgid "&lt;SAN:x400Address&gt;base64-string"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:267
+#: sss-certmap.5.xml:269
 msgid "Binary match the value of the x400Address SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:270
+#: sss-certmap.5.xml:272
 msgid "Example: &lt;SAN:x400Address&gt;MTIz"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:275
+#: sss-certmap.5.xml:277
 msgid "&lt;SAN:directoryName&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:278
+#: sss-certmap.5.xml:280
 msgid ""
 "Match the value of the directoryName SAN. The same comments as given for &lt;"
 "ISSUER&gt; and &lt;SUBJECT&gt; apply here as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:283
+#: sss-certmap.5.xml:285
 msgid "Example: &lt;SAN:directoryName&gt;.*,DC=com"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:288
+#: sss-certmap.5.xml:290
 msgid "&lt;SAN:ediPartyName&gt;base64-string"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:291
+#: sss-certmap.5.xml:293
 msgid "Binary match the value of the ediPartyName SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:294
+#: sss-certmap.5.xml:296
 msgid "Example: &lt;SAN:ediPartyName&gt;MTIz"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:299
+#: sss-certmap.5.xml:301
 msgid "&lt;SAN:uniformResourceIdentifier&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:302
+#: sss-certmap.5.xml:304
 msgid "Match the value of the uniformResourceIdentifier SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:305
+#: sss-certmap.5.xml:307
 msgid "Example: &lt;SAN:uniformResourceIdentifier&gt;URN:.*"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:310
+#: sss-certmap.5.xml:312
 msgid "&lt;SAN:iPAddress&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:313
+#: sss-certmap.5.xml:315
 msgid "Match the value of the iPAddress SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:316
+#: sss-certmap.5.xml:318
 msgid "Example: &lt;SAN:iPAddress&gt;192\\.168\\..*"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:321
+#: sss-certmap.5.xml:323
 msgid "&lt;SAN:registeredID&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:324
+#: sss-certmap.5.xml:326
 msgid "Match the value of the registeredID SAN as dotted-decimal string."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:328
+#: sss-certmap.5.xml:330
 msgid "Example: &lt;SAN:registeredID&gt;1\\.2\\.3\\..*"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:66
+#: sss-certmap.5.xml:68
 msgid ""
 "The available options are: <placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sss-certmap.5.xml:336
+#: sss-certmap.5.xml:338
 msgid "MAPPING RULE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:338
+#: sss-certmap.5.xml:340
 msgid ""
 "The mapping rule is used to associate a certificate with one or more "
 "accounts. A Smartcard with the certificate and the matching private key can "
@@ -7860,7 +7908,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:343
+#: sss-certmap.5.xml:345
 msgid ""
 "Currently SSSD basically only supports LDAP to lookup user information (the "
 "exception is the proxy provider which is not of relevance here). Because of "
@@ -7872,7 +7920,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:353
+#: sss-certmap.5.xml:355
 msgid ""
 "In general it is recommended to use attributes from the certificate and add "
 "them to special attributes to the LDAP user object. E.g. the "
@@ -7881,7 +7929,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:359
+#: sss-certmap.5.xml:361
 msgid ""
 "This should be preferred to read user specific data from the certificate "
 "like e.g. an email address and search for it in the LDAP server. The reason "
@@ -7891,12 +7939,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:374
+#: sss-certmap.5.xml:376
 msgid "{issuer_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:377
+#: sss-certmap.5.xml:379
 msgid ""
 "This template will add the full issuer DN converted to a string according to "
 "RFC 4514. If X.500 ordering (most specific RDN comes last) an option with "
@@ -7904,40 +7952,40 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:383 sss-certmap.5.xml:409
+#: sss-certmap.5.xml:385 sss-certmap.5.xml:411
 msgid ""
 "The conversion options starting with 'ad_' will use attribute names as used "
 "by AD, e.g. 'S' instead of 'ST'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:387 sss-certmap.5.xml:413
+#: sss-certmap.5.xml:389 sss-certmap.5.xml:415
 msgid ""
 "The conversion options starting with 'nss_' will use attribute names as used "
 "by NSS."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:391 sss-certmap.5.xml:417
+#: sss-certmap.5.xml:393 sss-certmap.5.xml:419
 msgid ""
 "The default conversion option is 'nss', i.e. attribute names according to "
 "NSS and LDAP/RFC 4514 ordering."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:395
+#: sss-certmap.5.xml:397
 msgid ""
 "Example: (ipacertmapdata=X509:&lt;I&gt;{issuer_dn!ad}&lt;S&gt;{subject_dn!"
 "ad})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:400
+#: sss-certmap.5.xml:402
 msgid "{subject_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:403
+#: sss-certmap.5.xml:405
 msgid ""
 "This template will add the full subject DN converted to string according to "
 "RFC 4514. If X.500 ordering (most specific RDN comes last) an option with "
@@ -7945,19 +7993,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:421
+#: sss-certmap.5.xml:423
 msgid ""
 "Example: (ipacertmapdata=X509:&lt;I&gt;{issuer_dn!nss_x500}&lt;S&gt;"
 "{subject_dn!nss_x500})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:426
+#: sss-certmap.5.xml:428
 msgid "{cert[!(bin|base64)]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:429
+#: sss-certmap.5.xml:431
 msgid ""
 "This template will add the whole DER encoded certificate as a string to the "
 "search filter. Depending on the conversion option the binary certificate is "
@@ -7967,17 +8015,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:437
+#: sss-certmap.5.xml:439
 msgid "Example: (userCertificate;binary={cert!bin})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:442
+#: sss-certmap.5.xml:444
 msgid "{subject_principal[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:445
+#: sss-certmap.5.xml:447
 msgid ""
 "This template will add the Kerberos principal which is taken either from the "
 "SAN used by pkinit or the one used by AD. The 'short_name' component "
@@ -7985,19 +8033,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:451 sss-certmap.5.xml:479
+#: sss-certmap.5.xml:453 sss-certmap.5.xml:481
 msgid ""
 "Example: (|(userPrincipal={subject_principal})"
 "(samAccountName={subject_principal.short_name}))"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:456
+#: sss-certmap.5.xml:458
 msgid "{subject_pkinit_principal[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:459
+#: sss-certmap.5.xml:461
 msgid ""
 "This template will add the Kerberos principal which is given by the SAN used "
 "by pkinit. The 'short_name' component represents the first part of the "
@@ -8005,19 +8053,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:465
+#: sss-certmap.5.xml:467
 msgid ""
 "Example: (|(userPrincipal={subject_pkinit_principal})"
 "(uid={subject_pkinit_principal.short_name}))"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:470
+#: sss-certmap.5.xml:472
 msgid "{subject_nt_principal[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:473
+#: sss-certmap.5.xml:475
 msgid ""
 "This template will add the Kerberos principal which is given by the SAN used "
 "by AD. The 'short_name' component represent the first part of the principal "
@@ -8025,12 +8073,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:484
+#: sss-certmap.5.xml:486
 msgid "{subject_rfc822_name[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:487
+#: sss-certmap.5.xml:489
 msgid ""
 "This template will add the string which is stored in the rfc822Name "
 "component of the SAN, typically an email address. The 'short_name' component "
@@ -8038,19 +8086,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:493
+#: sss-certmap.5.xml:495
 msgid ""
 "Example: (|(mail={subject_rfc822_name})(uid={subject_rfc822_name."
 "short_name}))"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:498
+#: sss-certmap.5.xml:500
 msgid "{subject_dns_name[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:501
+#: sss-certmap.5.xml:503
 msgid ""
 "This template will add the string which is stored in the dNSName component "
 "of the SAN, typically a fully-qualified host name.  The 'short_name' "
@@ -8058,116 +8106,116 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:507
+#: sss-certmap.5.xml:509
 msgid ""
 "Example: (|(fqdn={subject_dns_name})(host={subject_dns_name.short_name}))"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:512
+#: sss-certmap.5.xml:514
 msgid "{subject_uri}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:515
+#: sss-certmap.5.xml:517
 msgid ""
 "This template will add the string which is stored in the "
 "uniformResourceIdentifier component of the SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:519
+#: sss-certmap.5.xml:521
 msgid "Example: (uri={subject_uri})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:524
+#: sss-certmap.5.xml:526
 msgid "{subject_ip_address}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:527
+#: sss-certmap.5.xml:529
 msgid ""
 "This template will add the string which is stored in the iPAddress component "
 "of the SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:531
+#: sss-certmap.5.xml:533
 msgid "Example: (ip={subject_ip_address})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:536
+#: sss-certmap.5.xml:538
 msgid "{subject_x400_address}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:539
+#: sss-certmap.5.xml:541
 msgid ""
 "This template will add the value which is stored in the x400Address "
 "component of the SAN as escaped hex sequence."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:544
+#: sss-certmap.5.xml:546
 msgid "Example: (attr:binary={subject_x400_address})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:549
+#: sss-certmap.5.xml:551
 msgid ""
 "{subject_directory_name[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:552
+#: sss-certmap.5.xml:554
 msgid ""
 "This template will add the DN string of the value which is stored in the "
 "directoryName component of the SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:556
+#: sss-certmap.5.xml:558
 msgid "Example: (orig_dn={subject_directory_name})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:561
+#: sss-certmap.5.xml:563
 msgid "{subject_ediparty_name}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:564
+#: sss-certmap.5.xml:566
 msgid ""
 "This template will add the value which is stored in the ediPartyName "
 "component of the SAN as escaped hex sequence."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:569
+#: sss-certmap.5.xml:571
 msgid "Example: (attr:binary={subject_ediparty_name})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:574
+#: sss-certmap.5.xml:576
 msgid "{subject_registered_id}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:577
+#: sss-certmap.5.xml:579
 msgid ""
 "This template will add the OID which is stored in the registeredID component "
 "of the SAN as a dotted-decimal string."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:582
+#: sss-certmap.5.xml:584
 msgid "Example: (oid={subject_registered_id})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:367
+#: sss-certmap.5.xml:369
 msgid ""
 "The templates to add certificate data to the search filter are based on "
 "Python-style formatting strings. They consist of a keyword in curly braces "
@@ -8177,12 +8225,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sss-certmap.5.xml:590
+#: sss-certmap.5.xml:592
 msgid "DOMAIN LIST"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:592
+#: sss-certmap.5.xml:594
 msgid ""
 "If the domain list is not empty users mapped to a given certificate are not "
 "only searched in the local domain but in the listed domains as well as long "
@@ -8303,7 +8351,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:863
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:866
 msgid "dyndns_update (boolean)"
 msgstr ""
 
@@ -8318,7 +8366,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:140 sssd-ad.5.xml:877
+#: sssd-ipa.5.xml:140 sssd-ad.5.xml:880
 msgid ""
 "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
 "the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -8333,12 +8381,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:157 sssd-ad.5.xml:888
+#: sssd-ipa.5.xml:157 sssd-ad.5.xml:891
 msgid "dyndns_ttl (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:160 sssd-ad.5.xml:891
+#: sssd-ipa.5.xml:160 sssd-ad.5.xml:894
 msgid ""
 "The TTL to apply to the client DNS record when updating it.  If "
 "dyndns_update is false this has no effect. This will override the TTL "
@@ -8359,12 +8407,12 @@ msgid "Default: 1200 (seconds)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:177 sssd-ad.5.xml:902
+#: sssd-ipa.5.xml:177 sssd-ad.5.xml:905
 msgid "dyndns_iface (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:180 sssd-ad.5.xml:905
+#: sssd-ipa.5.xml:180 sssd-ad.5.xml:908
 msgid ""
 "Optional. Applicable only when dyndns_update is true. Choose the interface "
 "or a list of interfaces whose IP addresses should be used for dynamic DNS "
@@ -8388,17 +8436,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:197 sssd-ad.5.xml:916
+#: sssd-ipa.5.xml:197 sssd-ad.5.xml:919
 msgid "Example: dyndns_iface = em1, vnet1, vnet2"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:203 sssd-ad.5.xml:967
+#: sssd-ipa.5.xml:203 sssd-ad.5.xml:970
 msgid "dyndns_auth (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:206 sssd-ad.5.xml:970
+#: sssd-ipa.5.xml:206 sssd-ad.5.xml:973
 msgid ""
 "Whether the nsupdate utility should use GSS-TSIG authentication for secure "
 "updates with the DNS server, insecure updates can be sent by setting this "
@@ -8406,7 +8454,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:212 sssd-ad.5.xml:976
+#: sssd-ipa.5.xml:212 sssd-ad.5.xml:979
 msgid "Default: GSS-TSIG"
 msgstr ""
 
@@ -8416,7 +8464,7 @@ msgid "ipa_enable_dns_sites (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:221 sssd-ad.5.xml:210
+#: sssd-ipa.5.xml:221 sssd-ad.5.xml:213
 msgid "Enables DNS sites - location based service discovery."
 msgstr ""
 
@@ -8433,7 +8481,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:244 sssd-ad.5.xml:922
+#: sssd-ipa.5.xml:244 sssd-ad.5.xml:925
 msgid "dyndns_refresh_interval (integer)"
 msgstr ""
 
@@ -8446,12 +8494,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:940
+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:943
 msgid "dyndns_update_ptr (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:263 sssd-ad.5.xml:943
+#: sssd-ipa.5.xml:263 sssd-ad.5.xml:946
 msgid ""
 "Whether the PTR record should also be explicitly updated when updating the "
 "client's DNS records.  Applicable only when dyndns_update is true."
@@ -8470,50 +8518,50 @@ msgid "Default: False (disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:280 sssd-ad.5.xml:954
+#: sssd-ipa.5.xml:280 sssd-ad.5.xml:957
 msgid "dyndns_force_tcp (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:283 sssd-ad.5.xml:957
+#: sssd-ipa.5.xml:283 sssd-ad.5.xml:960
 msgid ""
 "Whether the nsupdate utility should default to using TCP for communicating "
 "with the DNS server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:287 sssd-ad.5.xml:961
+#: sssd-ipa.5.xml:287 sssd-ad.5.xml:964
 msgid "Default: False (let nsupdate choose the protocol)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:293 sssd-ad.5.xml:982
+#: sssd-ipa.5.xml:293 sssd-ad.5.xml:985
 msgid "dyndns_server (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:296 sssd-ad.5.xml:985
+#: sssd-ipa.5.xml:296 sssd-ad.5.xml:988
 msgid ""
 "The DNS server to use when performing a DNS update. In most setups, it's "
 "recommended to leave this option unset."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:301 sssd-ad.5.xml:990
+#: sssd-ipa.5.xml:301 sssd-ad.5.xml:993
 msgid ""
 "Setting this option makes sense for environments where the DNS server is "
 "different from the identity server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:306 sssd-ad.5.xml:995
+#: sssd-ipa.5.xml:306 sssd-ad.5.xml:998
 msgid ""
 "Please note that this option will be only used in fallback attempt when "
 "previous attempt using autodetected settings failed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1000
+#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1003
 msgid "Default: None (let nsupdate choose the server)"
 msgstr ""
 
@@ -8624,36 +8672,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:443 sssd-ad.5.xml:1009
+#: sssd-ipa.5.xml:443 sssd-ad.5.xml:1012
 msgid "krb5_confd_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:446 sssd-ad.5.xml:1012
+#: sssd-ipa.5.xml:446 sssd-ad.5.xml:1015
 msgid ""
 "Absolute path of a directory where SSSD should place Kerberos configuration "
 "snippets."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:450 sssd-ad.5.xml:1016
+#: sssd-ipa.5.xml:450 sssd-ad.5.xml:1019
 msgid ""
 "To disable the creation of the configuration snippets set the parameter to "
 "'none'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454 sssd-ad.5.xml:1020
+#: sssd-ipa.5.xml:454 sssd-ad.5.xml:1023
 msgid ""
 "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:461
-#, fuzzy
-#| msgid "reconnection_retries (integer)"
 msgid "ipa_deskprofile_refresh (integer)"
-msgstr "попыток_соединения (целое число)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:464
@@ -8664,7 +8710,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471 sssd-ipa.5.xml:501 sssd-ipa.5.xml:517 sssd-ad.5.xml:428
+#: sssd-ipa.5.xml:471 sssd-ipa.5.xml:501 sssd-ipa.5.xml:517 sssd-ad.5.xml:431
 msgid "Default: 5 (seconds)"
 msgstr ""
 
@@ -8682,10 +8728,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:485
-#, fuzzy
-#| msgid "Default: 0 (No limit)"
 msgid "Default: 60 (minutes)"
-msgstr "По умолчанию: 0 (неограничено)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:491
@@ -9086,11 +9130,13 @@ msgid ""
 "POSIX attributes are not replicated to the Global Catalog, SSSD must search "
 "all the domains in the forest sequentially. Please note that the "
 "<quote>cache_first</quote> option might be also helpful in speeding up "
-"domainless searches."
+"domainless searches.  Note that if only a subset of POSIX attributes is "
+"present in the Global Catalog, the non-replicated attributes are currently "
+"not read from the LDAP port."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:105
+#: sssd-ad.5.xml:108
 msgid ""
 "Users, groups and other entities served by SSSD are always treated as case-"
 "insensitive in the AD provider for compatibility with Active Directory's "
@@ -9098,38 +9144,38 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:120
+#: sssd-ad.5.xml:123
 msgid "ad_domain (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:123
+#: sssd-ad.5.xml:126
 msgid ""
 "Specifies the name of the Active Directory domain.  This is optional. If not "
 "provided, the configuration domain name is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:128
+#: sssd-ad.5.xml:131
 msgid ""
 "For proper operation, this option should be specified as the lower-case "
 "version of the long version of the Active Directory domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:133
+#: sssd-ad.5.xml:136
 msgid ""
 "The short domain name (also known as the NetBIOS or the flat name) is "
 "autodetected by the SSSD."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:140
+#: sssd-ad.5.xml:143
 msgid "ad_enabled_domains (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:143
+#: sssd-ad.5.xml:146
 msgid ""
 "A comma-separated list of enabled Active Directory domains.  If provided, "
 "SSSD will ignore any domains not listed in this option. If left unset, all "
@@ -9137,7 +9183,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:153
+#: sssd-ad.5.xml:156
 #, no-wrap
 msgid ""
 "ad_enabled_domains = sales.example.com, eng.example.com\n"
@@ -9145,7 +9191,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:149
+#: sssd-ad.5.xml:152
 msgid ""
 "For proper operation, this option must be specified in all lower-case and as "
 "the fully qualified domain name of the Active Directory domain. For example: "
@@ -9153,19 +9199,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:157
+#: sssd-ad.5.xml:160
 msgid ""
 "The short domain name (also known as the NetBIOS or the flat name) will be "
 "autodetected by SSSD."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:167
+#: sssd-ad.5.xml:170
 msgid "ad_server, ad_backup_server (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:170
+#: sssd-ad.5.xml:173
 msgid ""
 "The comma-separated list of hostnames of the AD servers to which SSSD should "
 "connect in order of preference. For more information on failover and server "
@@ -9173,26 +9219,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:177
+#: sssd-ad.5.xml:180
 msgid ""
 "This is optional if autodiscovery is enabled.  For more information on "
 "service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:182
+#: sssd-ad.5.xml:185
 msgid ""
 "Note: Trusted domains will always auto-discover servers even if the primary "
 "server is explicitly defined in the ad_server option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:190
+#: sssd-ad.5.xml:193
 msgid "ad_hostname (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:193
+#: sssd-ad.5.xml:196
 msgid ""
 "Optional. May be set on machines where the hostname(5) does not reflect the "
 "fully qualified name used in the Active Directory domain to identify this "
@@ -9200,19 +9246,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:199
+#: sssd-ad.5.xml:202
 msgid ""
 "This field is used to determine the host principal in use in the keytab. It "
 "must match the hostname for which the keytab was issued."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:207
+#: sssd-ad.5.xml:210
 msgid "ad_enable_dns_sites (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:214
+#: sssd-ad.5.xml:217
 msgid ""
 "If true and service discovery (see Service Discovery paragraph at the bottom "
 "of the man page)  is enabled, the SSSD will first attempt to discover the "
@@ -9223,12 +9269,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:230
+#: sssd-ad.5.xml:233
 msgid "ad_access_filter (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:233
+#: sssd-ad.5.xml:236
 msgid ""
 "This option specifies LDAP access control filter that the user must match in "
 "order to be allowed access. Please note that the <quote>access_provider</"
@@ -9237,7 +9283,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:241
+#: sssd-ad.5.xml:244
 msgid ""
 "The option also supports specifying different filters per domain or forest. "
 "This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>.  "
@@ -9246,7 +9292,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:249
+#: sssd-ad.5.xml:252
 msgid ""
 "If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</"
 "quote> specifies the domain or subdomain the filter applies to.  If the "
@@ -9255,14 +9301,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:257
+#: sssd-ad.5.xml:260
 msgid ""
 "Multiple filters can be separated with the <quote>?</quote> character, "
 "similarly to how search bases work."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:262
+#: sssd-ad.5.xml:265
 msgid ""
 "Nested group membership must be searched for using a special OID "
 "<quote>:1.2.840.113556.1.4.1941:</quote> in addition to the full DOM:domain."
@@ -9275,7 +9321,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:275
+#: sssd-ad.5.xml:278
 msgid ""
 "The most specific match is always used. For example, if the option specified "
 "filter for a domain the user is a member of and a global filter, the per-"
@@ -9284,7 +9330,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ad.5.xml:286
+#: sssd-ad.5.xml:289
 #, no-wrap
 msgid ""
 "# apply filter on domain called dom1 only:\n"
@@ -9302,24 +9348,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:305
+#: sssd-ad.5.xml:308
 msgid "ad_site (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:308
+#: sssd-ad.5.xml:311
 msgid ""
 "Specify AD site to which client should try to connect.  If this option is "
 "not provided, the AD site will be auto-discovered."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:319
+#: sssd-ad.5.xml:322
 msgid "ad_enable_gc (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:322
+#: sssd-ad.5.xml:325
 msgid ""
 "By default, the SSSD connects to the Global Catalog first to retrieve users "
 "from trusted domains and uses the LDAP port to retrieve group memberships or "
@@ -9328,7 +9374,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:330
+#: sssd-ad.5.xml:333
 msgid ""
 "Please note that disabling Global Catalog support does not disable "
 "retrieving users from trusted domains. The SSSD would connect to the LDAP "
@@ -9337,12 +9383,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:344
+#: sssd-ad.5.xml:347
 msgid "ad_gpo_access_control (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:347
+#: sssd-ad.5.xml:350
 msgid ""
 "This option specifies the operation mode for GPO-based access control "
 "functionality: whether it operates in disabled mode, enforcing mode, or "
@@ -9352,14 +9398,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:356
+#: sssd-ad.5.xml:359
 msgid ""
 "GPO-based access control functionality uses GPO policy settings to determine "
 "whether or not a particular user is allowed to logon to a particular host."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:362
+#: sssd-ad.5.xml:365
 msgid ""
 "NOTE: The current version of SSSD does not support host (computer) entries "
 "in the GPO 'Security Filtering' list. Only user and group entries are "
@@ -9367,7 +9413,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:369
+#: sssd-ad.5.xml:372
 msgid ""
 "NOTE: If the operation mode is set to enforcing, it is possible that users "
 "that were previously allowed logon access will now be denied logon access "
@@ -9380,23 +9426,23 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:382
+#: sssd-ad.5.xml:385
 msgid "There are three supported values for this option:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:386
+#: sssd-ad.5.xml:389
 msgid ""
 "disabled: GPO-based access control rules are neither evaluated nor enforced."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:392
+#: sssd-ad.5.xml:395
 msgid "enforcing: GPO-based access control rules are evaluated and enforced."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:398
+#: sssd-ad.5.xml:401
 msgid ""
 "permissive: GPO-based access control rules are evaluated, but not enforced.  "
 "Instead, a syslog message will be emitted indicating that the user would "
@@ -9404,22 +9450,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:409
+#: sssd-ad.5.xml:412
 msgid "Default: permissive"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:412
+#: sssd-ad.5.xml:415
 msgid "Default: enforcing"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:418
+#: sssd-ad.5.xml:421
 msgid "ad_gpo_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:421
+#: sssd-ad.5.xml:424
 msgid ""
 "The amount of time between lookups of GPO policy files against the AD "
 "server. This will reduce the latency and load on the AD server if there are "
@@ -9427,12 +9473,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:434
+#: sssd-ad.5.xml:437
 msgid "ad_gpo_map_interactive (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:437
+#: sssd-ad.5.xml:440
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the InteractiveLogonRight and "
@@ -9440,14 +9486,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:443
+#: sssd-ad.5.xml:446
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Allow "
 "log on locally\" and \"Deny log on locally\"."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:457
+#: sssd-ad.5.xml:460
 #, no-wrap
 msgid ""
 "ad_gpo_map_interactive = +my_pam_service, -login\n"
@@ -9455,7 +9501,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:448
+#: sssd-ad.5.xml:451
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -9467,78 +9513,78 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:461 sssd-ad.5.xml:557 sssd-ad.5.xml:603 sssd-ad.5.xml:648
-#: sssd-ad.5.xml:714
+#: sssd-ad.5.xml:464 sssd-ad.5.xml:560 sssd-ad.5.xml:606 sssd-ad.5.xml:651
+#: sssd-ad.5.xml:717
 msgid "Default: the default set of PAM service names includes:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:465
+#: sssd-ad.5.xml:468
 msgid "login"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:470
+#: sssd-ad.5.xml:473
 msgid "su"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:475
+#: sssd-ad.5.xml:478
 msgid "su-l"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:480
+#: sssd-ad.5.xml:483
 msgid "gdm-fingerprint"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:485
+#: sssd-ad.5.xml:488
 msgid "gdm-password"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:490
+#: sssd-ad.5.xml:493
 msgid "gdm-smartcard"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:495
+#: sssd-ad.5.xml:498
 msgid "kdm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:500
+#: sssd-ad.5.xml:503
 msgid "lightdm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:505
+#: sssd-ad.5.xml:508
 msgid "lxdm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:510
+#: sssd-ad.5.xml:513
 msgid "sddm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:515
+#: sssd-ad.5.xml:518
 msgid "unity"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:520
+#: sssd-ad.5.xml:523
 msgid "xdm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:529
+#: sssd-ad.5.xml:532
 msgid "ad_gpo_map_remote_interactive (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:532
+#: sssd-ad.5.xml:535
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the RemoteInteractiveLogonRight and "
@@ -9546,7 +9592,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:538
+#: sssd-ad.5.xml:541
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Allow "
 "log on through Remote Desktop Services\" and \"Deny log on through Remote "
@@ -9554,7 +9600,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:553
+#: sssd-ad.5.xml:556
 #, no-wrap
 msgid ""
 "ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n"
@@ -9562,7 +9608,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:544
+#: sssd-ad.5.xml:547
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -9574,22 +9620,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:561
+#: sssd-ad.5.xml:564
 msgid "sshd"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:566
+#: sssd-ad.5.xml:569
 msgid "cockpit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:575
+#: sssd-ad.5.xml:578
 msgid "ad_gpo_map_network (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:578
+#: sssd-ad.5.xml:581
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the NetworkLogonRight and "
@@ -9597,7 +9643,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:584
+#: sssd-ad.5.xml:587
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Access "
 "this computer from the network\" and \"Deny access to this computer from the "
@@ -9605,7 +9651,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:599
+#: sssd-ad.5.xml:602
 #, no-wrap
 msgid ""
 "ad_gpo_map_network = +my_pam_service, -ftp\n"
@@ -9613,7 +9659,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:590
+#: sssd-ad.5.xml:593
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -9625,22 +9671,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:607
+#: sssd-ad.5.xml:610
 msgid "ftp"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:612
+#: sssd-ad.5.xml:615
 msgid "samba"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:621
+#: sssd-ad.5.xml:624
 msgid "ad_gpo_map_batch (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:624
+#: sssd-ad.5.xml:627
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the BatchLogonRight and DenyBatchLogonRight "
@@ -9648,14 +9694,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:630
+#: sssd-ad.5.xml:633
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Allow "
 "log on as a batch job\" and \"Deny log on as a batch job\"."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:644
+#: sssd-ad.5.xml:647
 #, no-wrap
 msgid ""
 "ad_gpo_map_batch = +my_pam_service, -crond\n"
@@ -9663,7 +9709,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:635
+#: sssd-ad.5.xml:638
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -9675,17 +9721,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:652
+#: sssd-ad.5.xml:655
 msgid "crond"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:661
+#: sssd-ad.5.xml:664
 msgid "ad_gpo_map_service (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:664
+#: sssd-ad.5.xml:667
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the ServiceLogonRight and "
@@ -9693,14 +9739,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:670
+#: sssd-ad.5.xml:673
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Allow "
 "log on as a service\" and \"Deny log on as a service\"."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:683
+#: sssd-ad.5.xml:686
 #, no-wrap
 msgid ""
 "ad_gpo_map_service = +my_pam_service\n"
@@ -9708,7 +9754,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:675 sssd-ad.5.xml:750
+#: sssd-ad.5.xml:678 sssd-ad.5.xml:753
 msgid ""
 "It is possible to add a PAM service name to the default set by using <quote>"
 "+service_name</quote>.  Since the default set is empty, it is not possible "
@@ -9719,19 +9765,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:693
+#: sssd-ad.5.xml:696
 msgid "ad_gpo_map_permit (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:696
+#: sssd-ad.5.xml:699
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access is "
 "always granted, regardless of any GPO Logon Rights."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:710
+#: sssd-ad.5.xml:713
 #, no-wrap
 msgid ""
 "ad_gpo_map_permit = +my_pam_service, -sudo\n"
@@ -9739,7 +9785,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:701
+#: sssd-ad.5.xml:704
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -9751,39 +9797,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:718
+#: sssd-ad.5.xml:721
 msgid "polkit-1"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:723
+#: sssd-ad.5.xml:726
 msgid "sudo"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:728
+#: sssd-ad.5.xml:731
 msgid "sudo-i"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:733
+#: sssd-ad.5.xml:736
 msgid "systemd-user"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:742
+#: sssd-ad.5.xml:745
 msgid "ad_gpo_map_deny (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:745
+#: sssd-ad.5.xml:748
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access is "
 "always denied, regardless of any GPO Logon Rights."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:758
+#: sssd-ad.5.xml:761
 #, no-wrap
 msgid ""
 "ad_gpo_map_deny = +my_pam_service\n"
@@ -9791,12 +9837,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:768
+#: sssd-ad.5.xml:771
 msgid "ad_gpo_default_right (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:771
+#: sssd-ad.5.xml:774
 msgid ""
 "This option defines how access control is evaluated for PAM service names "
 "that are not explicitly listed in one of the ad_gpo_map_* options. This "
@@ -9809,57 +9855,57 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:784
+#: sssd-ad.5.xml:787
 msgid "Supported values for this option include:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:788
+#: sssd-ad.5.xml:791
 msgid "interactive"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:793
+#: sssd-ad.5.xml:796
 msgid "remote_interactive"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:798
+#: sssd-ad.5.xml:801
 msgid "network"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:803
+#: sssd-ad.5.xml:806
 msgid "batch"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:808
+#: sssd-ad.5.xml:811
 msgid "service"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:813
+#: sssd-ad.5.xml:816
 msgid "permit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:818
+#: sssd-ad.5.xml:821
 msgid "deny"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:824
+#: sssd-ad.5.xml:827
 msgid "Default: deny"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:830
+#: sssd-ad.5.xml:833
 msgid "ad_maximum_machine_account_password_age (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:833
+#: sssd-ad.5.xml:836
 msgid ""
 "SSSD will check once a day if the machine account password is older than the "
 "given age in days and try to renew it. A value of 0 will disable the renewal "
@@ -9867,17 +9913,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:839
+#: sssd-ad.5.xml:842
 msgid "Default: 30 days"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:845
+#: sssd-ad.5.xml:848
 msgid "ad_machine_account_password_renewal_opts (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:848
+#: sssd-ad.5.xml:851
 msgid ""
 "This option should only be used to test the machine account renewal task. "
 "The option expects 2 integers separated by a colon (':'). The first integer "
@@ -9887,12 +9933,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:857
+#: sssd-ad.5.xml:860
 msgid "Default: 86400:750 (24h and 15m)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:866
+#: sssd-ad.5.xml:869
 msgid ""
 "Optional. This option tells SSSD to automatically update the Active "
 "Directory DNS server with the IP address of this client. The update is "
@@ -9903,19 +9949,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:896
+#: sssd-ad.5.xml:899
 msgid "Default: 3600 (seconds)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:912
+#: sssd-ad.5.xml:915
 msgid ""
 "Default: Use the IP addresses of the interface which is used for AD LDAP "
 "connection"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:925
+#: sssd-ad.5.xml:928
 msgid ""
 "How often should the back end perform periodic DNS update in addition to the "
 "automatic update performed when the back end goes online.  This option is "
@@ -9925,12 +9971,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:948 sss_rpcidmapd.5.xml:76
+#: sssd-ad.5.xml:951 sss_rpcidmapd.5.xml:76
 msgid "Default: True"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:1040
+#: sssd-ad.5.xml:1043
 msgid ""
 "The following example assumes that SSSD is correctly configured and example."
 "com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -9938,7 +9984,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:1047
+#: sssd-ad.5.xml:1050
 #, no-wrap
 msgid ""
 "[domain/EXAMPLE]\n"
@@ -9953,7 +9999,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:1067
+#: sssd-ad.5.xml:1070
 #, no-wrap
 msgid ""
 "access_provider = ldap\n"
@@ -9962,7 +10008,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:1063
+#: sssd-ad.5.xml:1066
 msgid ""
 "The AD access control provider checks if the account is expired.  It has the "
 "same effect as the following configuration of the LDAP provider: "
@@ -9970,7 +10016,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:1073
+#: sssd-ad.5.xml:1076
 msgid ""
 "However, unless the <quote>ad</quote> access control provider is explicitly "
 "configured, the default access provider is <quote>permit</quote>. Please "
@@ -9980,15 +10026,15 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:1081
+#: sssd-ad.5.xml:1084
 msgid ""
 "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
 "attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
 "are included in the default Active Directory schema."
 msgstr ""
 
-#. type: Content of: <reference><refentry><refmeta><refentrytitle>
-#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 sssd-session-recording.5.xml:10
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16
 msgid "sssd-sudo"
 msgstr ""
 
@@ -10497,7 +10543,7 @@ msgid "The password to obfuscate will be read from standard input."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:70
+#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:127
 #: sss_ssh_knownhostsproxy.1.xml:78
 msgid ""
 "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
@@ -12514,19 +12560,99 @@ msgid ""
 "\" id=\"0\"/>"
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sss_ssh_authorizedkeys.1.xml:65
+msgid "KEYS FROM CERTIFICATES"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:67
+msgid ""
+"In addition to the public SSH keys for user <replaceable>USER</replaceable> "
+"<command>sss_ssh_authorizedkeys</command> can return public SSH keys derived "
+"from the public key of a X.509 certificate as well."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:73
+msgid ""
+"To enable this the <quote>ssh_use_certificate_keys</quote> option must be "
+"set to true (default) in the [ssh] section of <filename>sssd.conf</"
+"filename>. If the user entry contains certificates (see "
+"<quote>ldap_user_certificate</quote> in <citerefentry><refentrytitle>sssd-"
+"ldap</refentrytitle> <manvolnum>5</manvolnum></citerefentry> for details) or "
+"there is a certificate in an override entry for the user (see "
+"<citerefentry><refentrytitle>sss_override</refentrytitle> <manvolnum>8</"
+"manvolnum></citerefentry> or <citerefentry><refentrytitle>sssd-ipa</"
+"refentrytitle> <manvolnum>5</manvolnum></citerefentry> for details) and the "
+"certificate is valid SSSD will extract the public key from the certificate "
+"and convert it into the format expected by sshd."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:90
+msgid "Besides <quote>ssh_use_certificate_keys</quote> the options"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+#: sss_ssh_authorizedkeys.1.xml:92
+msgid "ca_db"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+#: sss_ssh_authorizedkeys.1.xml:93
+msgid "p11_child_timeout"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+#: sss_ssh_authorizedkeys.1.xml:94
+msgid "certificate_verification"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:96
+msgid ""
+"can be used to control how the certificates are validated (see "
+"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry> for details)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:101
+msgid ""
+"The validation is the benefit of using X.509 certificates instead of SSH "
+"keys directly because e.g. it gives a better control of the lifetime of the "
+"keys. When the ssh client is configured to use the private keys from a "
+"Smartcard with the help of a PKCS#11 shared library (see "
+"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></"
+"citerefentry> for details) it might be irritating that authentication is "
+"still working even if the related X.509 certificate on the Smartcard is "
+"already expired because neither <command>ssh</command> nor <command>sshd</"
+"command> will look at the certificate at all."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:114
+msgid ""
+"It has to be noted that the derived public SSH key can still be added to the "
+"<filename>authorized_keys</filename> file of the user to bypass the "
+"certificate validation if the <command>sshd</command> configuration permits "
+"this."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_authorizedkeys.1.xml:75
+#: sss_ssh_authorizedkeys.1.xml:132
 msgid ""
 "Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_authorizedkeys.1.xml:84 sss_ssh_knownhostsproxy.1.xml:92
+#: sss_ssh_authorizedkeys.1.xml:141 sss_ssh_knownhostsproxy.1.xml:92
 msgid "EXIT STATUS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:86 sss_ssh_knownhostsproxy.1.xml:94
+#: sss_ssh_authorizedkeys.1.xml:143 sss_ssh_knownhostsproxy.1.xml:94
 msgid ""
 "In case of success, an exit value of 0 is returned. Otherwise, 1 is returned."
 msgstr ""
@@ -12727,25 +12853,65 @@ msgid ""
 "manvolnum> </citerefentry>."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-files.5.xml:69
+msgid "passwd_files (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:72
+msgid ""
+"Comma-separated list of one or multiple password filenames to be read and "
+"enumerated by the files provider, inotify monitor watches will be set on "
+"each file to detect changes dynamically."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:78
+#, fuzzy
+#| msgid "Default: gecos"
+msgid "Default: /etc/passwd"
+msgstr "По умолчанию: gecos"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-files.5.xml:84
+msgid "group_files (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:87
+msgid ""
+"Comma-separated list of one or multiple group filenames to be read and "
+"enumerated by the files provider, inotify monitor watches will be set on "
+"each file to detect changes dynamically."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:93
+#, fuzzy
+#| msgid "Default: gecos"
+msgid "Default: /etc/group"
+msgstr "По умолчанию: gecos"
+
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-files.5.xml:59
 msgid ""
-"The files provider has no specific options of its own, however, generic SSSD "
-"domain options can be set where applicable.  Refer to the section "
-"<quote>DOMAIN SECTIONS</quote> of the <citerefentry> <refentrytitle>sssd."
-"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page "
-"for details on the configuration of an SSSD domain."
+"In addition to the options listed below, generic SSSD domain options can be "
+"set where applicable.  Refer to the section <quote>DOMAIN SECTIONS</quote> "
+"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> manual page for details on the configuration of "
+"an SSSD domain.  <placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-files.5.xml:73
+#: sssd-files.5.xml:105
 msgid ""
 "The following example assumes that SSSD is correctly configured and files is "
 "one of the domains in the <replaceable>[sssd]</replaceable> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-files.5.xml:79
+#: sssd-files.5.xml:111
 #, no-wrap
 msgid ""
 "[domain/files]\n"
@@ -13514,7 +13680,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-session-recording.5.xml:16
+#: sssd-session-recording.5.xml:10 sssd-session-recording.5.xml:16
 msgid "sssd-session-recording"
 msgstr ""
 
@@ -14365,7 +14531,7 @@ msgstr ""
 #: include/failover.xml:100
 msgid ""
 "For LDAP-based providers, the resolve operation is performed as part of an "
-"LDAP connection operation. Thefore, also the <quote>ldap_opt_timeout></"
+"LDAP connection operation. Therefore, also the <quote>ldap_opt_timeout></"
 "quote> timeout should be set to a larger value than "
 "<quote>dns_resolver_timeout</quote> which in turn should be set to a larger "
 "value than <quote>dns_resolver_op_timeout</quote>."
@@ -15203,6 +15369,23 @@ msgstr ""
 msgid "ldap_use_tokengroups = true"
 msgstr ""
 
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ad_modified_defaults.xml:63
+msgid "ldap_sasl_authid = sAMAccountName@REALM (typically SHORTNAME$@REALM)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ad_modified_defaults.xml:66
+msgid ""
+"The AD provider looks for a different principal than the LDAP provider by "
+"default, because in an Active Directory environment the principals are "
+"divided into two groups - User Principals and Service Principals. Only User "
+"Principal can be used to obtain a TGT and by default, computer object's "
+"principal is constructed from its sAMAccountName and the AD realm. The well-"
+"known host/hostname@REALM principal is a Service Principal and thus cannot "
+"be used to get a TGT with."
+msgstr ""
+
 #. type: Content of: <refsect1><para>
 #: include/ipa_modified_defaults.xml:4
 msgid ""
diff --git a/src/man/po/sssd-docs.pot b/src/man/po/sssd-docs.pot
index 2062228..60a006e 100644
--- a/src/man/po/sssd-docs.pot
+++ b/src/man/po/sssd-docs.pot
@@ -6,9 +6,9 @@
 #, fuzzy
 msgid ""
 msgstr ""
-"Project-Id-Version: sssd-docs 1.16.1\n"
+"Project-Id-Version: sssd-docs 1.16.2\n"
 "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2018-03-09 12:30+0100\n"
+"POT-Creation-Date: 2018-06-08 21:00+0200\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -58,7 +58,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:64 sssd.8.xml:42 sss_obfuscate.8.xml:58 sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39 sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39 sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:66 sss_ssh_knownhostsproxy.1.xml:62
+#: sss_groupmod.8.xml:39 pam_sss.8.xml:64 sssd.8.xml:42 sss_obfuscate.8.xml:58 sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39 sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39 sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:123 sss_ssh_knownhostsproxy.1.xml:62
 msgid "OPTIONS"
 msgstr ""
 
@@ -146,7 +146,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd.conf.5.xml:41
 msgid ""
-"A line comment starts with a hash sign (<quote>#</quote>) or a semicolon "
+"A comment line starts with a hash sign (<quote>#</quote>) or a semicolon "
 "(<quote>;</quote>).  Inline comments are not supported."
 msgstr ""
 
@@ -254,7 +254,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:133 sssd.conf.5.xml:543 sssd.conf.5.xml:837 sssd.conf.5.xml:1474 sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1937 sssd-ldap.5.xml:1999 sssd-ldap.5.xml:2565 sssd-ldap.5.xml:2630 sssd-ldap.5.xml:2648 sssd-ad.5.xml:224 sssd-ad.5.xml:338 sssd-ad.5.xml:882 sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
+#: sssd.conf.5.xml:133 sssd.conf.5.xml:543 sssd.conf.5.xml:839 sssd.conf.5.xml:1491 sssd.conf.5.xml:1521 sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1937 sssd-ldap.5.xml:1999 sssd-ldap.5.xml:2565 sssd-ldap.5.xml:2630 sssd-ldap.5.xml:2648 sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:885 sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
 msgid "Default: true"
 msgstr ""
 
@@ -271,7 +271,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:146 sssd.conf.5.xml:540 sssd.conf.5.xml:721 sssd.conf.5.xml:1407 sssd.conf.5.xml:2925 sssd-ldap.5.xml:708 sssd-ldap.5.xml:1714 sssd-ldap.5.xml:1733 sssd-ldap.5.xml:1909 sssd-ldap.5.xml:2335 sssd-ipa.5.xml:151 sssd-ipa.5.xml:238 sssd-ipa.5.xml:559 sssd-krb5.5.xml:266 sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
+#: sssd.conf.5.xml:146 sssd.conf.5.xml:540 sssd.conf.5.xml:722 sssd.conf.5.xml:1424 sssd.conf.5.xml:2983 sssd-ldap.5.xml:708 sssd-ldap.5.xml:1714 sssd-ldap.5.xml:1733 sssd-ldap.5.xml:1909 sssd-ldap.5.xml:2335 sssd-ipa.5.xml:151 sssd-ipa.5.xml:238 sssd-ipa.5.xml:559 sssd-krb5.5.xml:266 sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
 msgid "Default: false"
 msgstr ""
 
@@ -299,7 +299,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:169 sssd.conf.5.xml:1359 sssd.conf.5.xml:2941 sssd-ldap.5.xml:1585 include/ldap_id_mapping.xml:264
+#: sssd.conf.5.xml:169 sssd.conf.5.xml:1376 sssd.conf.5.xml:2999 sssd-ldap.5.xml:1585 include/ldap_id_mapping.xml:264
 msgid "Default: 10"
 msgstr ""
 
@@ -314,7 +314,7 @@ msgid "The [sssd] section"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:191 sssd.conf.5.xml:3030
+#: sssd.conf.5.xml:191 sssd.conf.5.xml:3088
 msgid "Section parameters"
 msgstr ""
 
@@ -363,19 +363,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231 sssd.conf.5.xml:613
+#: sssd.conf.5.xml:231 sssd.conf.5.xml:614
 msgid "reconnection_retries (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:234 sssd.conf.5.xml:616
+#: sssd.conf.5.xml:234 sssd.conf.5.xml:617
 msgid ""
 "Number of times services should attempt to reconnect in the event of a Data "
 "Provider crash or restart before they give up"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:239 sssd.conf.5.xml:621
+#: sssd.conf.5.xml:239 sssd.conf.5.xml:622
 msgid "Default: 3"
 msgstr ""
 
@@ -395,7 +395,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:259 sssd.conf.5.xml:2539
+#: sssd.conf.5.xml:259 sssd.conf.5.xml:2597
 msgid "re_expression (string)"
 msgstr ""
 
@@ -415,12 +415,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:276 sssd.conf.5.xml:2590
+#: sssd.conf.5.xml:276 sssd.conf.5.xml:2648
 msgid "full_name_format (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:279 sssd.conf.5.xml:2593
+#: sssd.conf.5.xml:279 sssd.conf.5.xml:2651
 msgid ""
 "A <citerefentry> <refentrytitle>printf</refentrytitle> "
 "<manvolnum>3</manvolnum> </citerefentry>-compatible format that describes "
@@ -429,39 +429,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:290 sssd.conf.5.xml:2604
+#: sssd.conf.5.xml:290 sssd.conf.5.xml:2662
 msgid "%1$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:291 sssd.conf.5.xml:2605
+#: sssd.conf.5.xml:291 sssd.conf.5.xml:2663
 msgid "user name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:294 sssd.conf.5.xml:2608
+#: sssd.conf.5.xml:294 sssd.conf.5.xml:2666
 msgid "%2$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:297 sssd.conf.5.xml:2611
+#: sssd.conf.5.xml:297 sssd.conf.5.xml:2669
 msgid "domain name as specified in the SSSD config file."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:303 sssd.conf.5.xml:2617
+#: sssd.conf.5.xml:303 sssd.conf.5.xml:2675
 msgid "%3$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:306 sssd.conf.5.xml:2620
+#: sssd.conf.5.xml:306 sssd.conf.5.xml:2678
 msgid ""
 "domain flat name. Mostly usable for Active Directory domains, both directly "
 "configured or discovered via IPA trusts."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:287 sssd.conf.5.xml:2601
+#: sssd.conf.5.xml:287 sssd.conf.5.xml:2659
 msgid ""
 "The following expansions are supported: <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
@@ -585,7 +585,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:418 sssd.conf.5.xml:1163 sssd-ldap.5.xml:679 sssd-ldap.5.xml:1319 sssd-ldap.5.xml:1673 sssd-ldap.5.xml:1685 sssd-ldap.5.xml:1767 sssd-ad.5.xml:687 sssd-ad.5.xml:762 sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:556 sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390 sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216
+#: sssd.conf.5.xml:418 sssd.conf.5.xml:1165 sssd-ldap.5.xml:679 sssd-ldap.5.xml:1319 sssd-ldap.5.xml:1673 sssd-ldap.5.xml:1685 sssd-ldap.5.xml:1767 sssd-ad.5.xml:690 sssd-ad.5.xml:765 sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:556 sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390 sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216
 msgid "Default: not set"
 msgstr ""
 
@@ -758,21 +758,21 @@ msgstr ""
 #: sssd.conf.5.xml:563
 msgid ""
 "Please, note that when this option is set the output format of all commands "
-"is always fully-qualified even when using short names for input.  In case "
-"the administrator wants the output not fully-qualified, the full_name_format "
-"option can be used as shown below: <quote>full_name_format=%1$s</quote> "
-"However, keep in mind that during login, login applications often "
-"canonicalize the username by calling <citerefentry> "
-"<refentrytitle>getpwnam</refentrytitle> <manvolnum>3</manvolnum> "
-"</citerefentry> which, if a shortname is returned for a qualified input "
-"(while trying to reach a user which exists in multiple domains) might "
-"re-route the login attempt into the domain which users shortnames, making "
-"this workaround totally not recommended in cases where usernames may overlap "
-"between domains."
+"is always fully-qualified even when using short names for input, for all "
+"users but the ones managed by the files provider.  In case the administrator "
+"wants the output not fully-qualified, the full_name_format option can be "
+"used as shown below: <quote>full_name_format=%1$s</quote> However, keep in "
+"mind that during login, login applications often canonicalize the username "
+"by calling <citerefentry> <refentrytitle>getpwnam</refentrytitle> "
+"<manvolnum>3</manvolnum> </citerefentry> which, if a shortname is returned "
+"for a qualified input (while trying to reach a user which exists in multiple "
+"domains) might re-route the login attempt into the domain which uses "
+"shortnames, making this workaround totally not recommended in cases where "
+"usernames may overlap between domains."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587 sssd.conf.5.xml:1371 sssd.conf.5.xml:2991 sssd-ad.5.xml:161 sssd-ad.5.xml:299 sssd-ad.5.xml:313
+#: sssd.conf.5.xml:588 sssd.conf.5.xml:1388 sssd.conf.5.xml:3049 sssd-ad.5.xml:164 sssd-ad.5.xml:302 sssd-ad.5.xml:316
 msgid "Default: Not set"
 msgstr ""
 
@@ -788,12 +788,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:598
+#: sssd.conf.5.xml:599
 msgid "SERVICES SECTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:600
+#: sssd.conf.5.xml:601
 msgid ""
 "Settings that can be used to configure different services are described in "
 "this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -802,22 +802,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:607
+#: sssd.conf.5.xml:608
 msgid "General service configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:609
+#: sssd.conf.5.xml:610
 msgid "These options can be used to configure any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:626
+#: sssd.conf.5.xml:627
 msgid "fd_limit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:629
+#: sssd.conf.5.xml:630
 msgid ""
 "This option specifies the maximum number of file descriptors that may be "
 "opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -827,17 +827,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:638
+#: sssd.conf.5.xml:639
 msgid "Default: 8192 (or limits.conf \"hard\" limit)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:643
+#: sssd.conf.5.xml:644
 msgid "client_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:646
+#: sssd.conf.5.xml:647
 msgid ""
 "This option specifies the number of seconds that a client of an SSSD process "
 "can hold onto a file descriptor without communicating on it. This value is "
@@ -847,17 +847,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:655 sssd.conf.5.xml:687 sssd.conf.5.xml:968 sssd.conf.5.xml:1229 sssd-ldap.5.xml:1412
+#: sssd.conf.5.xml:656 sssd.conf.5.xml:688 sssd.conf.5.xml:970 sssd.conf.5.xml:1231 sssd-ldap.5.xml:1412
 msgid "Default: 60"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:660
+#: sssd.conf.5.xml:661
 msgid "offline_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:663
+#: sssd.conf.5.xml:664
 msgid ""
 "When SSSD switches to offline mode the amount of time before it tries to go "
 "back online will increase based upon the time spent disconnected.  This "
@@ -865,24 +865,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:670
+#: sssd.conf.5.xml:671
 msgid "offline_timeout + random_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:673
+#: sssd.conf.5.xml:674
 msgid ""
 "The random offset can increment up to 30 seconds.  After each unsuccessful "
 "attempt to go online, the new interval is recalculated by the following:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:678
+#: sssd.conf.5.xml:679
 msgid "new_interval = old_interval*2 + random_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:681
+#: sssd.conf.5.xml:682
 msgid ""
 "Note that the maximum length of each interval is currently limited to one "
 "hour. If the calculated length of new_interval is greater than an hour, it "
@@ -890,12 +890,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:692
+#: sssd.conf.5.xml:693
 msgid "responder_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:695
+#: sssd.conf.5.xml:696
 msgid ""
 "This option specifies the number of seconds that an SSSD responder process "
 "can be up without being used. This value is limited in order to avoid "
@@ -907,58 +907,58 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:709 sssd.conf.5.xml:981 sssd.conf.5.xml:1566 sssd-ldap.5.xml:722
+#: sssd.conf.5.xml:710 sssd.conf.5.xml:983 sssd.conf.5.xml:1616 sssd-ldap.5.xml:722
 msgid "Default: 300"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:714
+#: sssd.conf.5.xml:715
 msgid "cache_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:717
+#: sssd.conf.5.xml:718
 msgid ""
 "This option specifies whether the responder should query all caches before "
 "querying the Data Providers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:729
+#: sssd.conf.5.xml:730
 msgid "NSS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:731
+#: sssd.conf.5.xml:732
 msgid ""
 "These options can be used to configure the Name Service Switch (NSS) "
 "service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:736
+#: sssd.conf.5.xml:737
 msgid "enum_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:739
+#: sssd.conf.5.xml:740
 msgid ""
 "How many seconds should nss_sss cache enumerations (requests for info about "
 "all users)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:743
+#: sssd.conf.5.xml:744
 msgid "Default: 120"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:748
+#: sssd.conf.5.xml:749
 msgid "entry_cache_nowait_percentage (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:751
+#: sssd.conf.5.xml:752
 msgid ""
 "The entry cache can be set to automatically update entries in the background "
 "if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -966,7 +966,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:757
+#: sssd.conf.5.xml:758
 msgid ""
 "For example, if the domain's entry_cache_timeout is set to 30s and "
 "entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -976,7 +976,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:767
+#: sssd.conf.5.xml:768
 msgid ""
 "Valid values for this option are 0-99 and represent a percentage of the "
 "entry_cache_timeout for each domain. For performance reasons, this "
@@ -985,17 +985,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:775 sssd.conf.5.xml:1428
+#: sssd.conf.5.xml:776 sssd.conf.5.xml:1445
 msgid "Default: 50"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:780
+#: sssd.conf.5.xml:781
 msgid "entry_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:784
 msgid ""
 "Specifies for how many seconds nss_sss should cache negative cache hits "
 "(that is, queries for invalid database entries, like nonexistent ones)  "
@@ -1003,34 +1003,35 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:789 sssd.conf.5.xml:1452
+#: sssd.conf.5.xml:790 sssd.conf.5.xml:1469
 msgid "Default: 15"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:794
+#: sssd.conf.5.xml:795
 msgid "local_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:797
+#: sssd.conf.5.xml:798
 msgid ""
 "Specifies for how many seconds nss_sss should keep local users and groups in "
-"negative cache before trying to look it up in the back end again."
+"negative cache before trying to look it up in the back end again. Setting "
+"the option to 0 disables this feature."
 msgstr ""
 
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:802 sssd.conf.5.xml:1217 sssd.conf.5.xml:2846 sssd.8.xml:79
-msgid "Default: 0"
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:804
+msgid "Default: 14400 (4 hours)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:807
+#: sssd.conf.5.xml:809
 msgid "filter_users, filter_groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:810
+#: sssd.conf.5.xml:812
 msgid ""
 "Exclude certain users or groups from being fetched from the sss NSS "
 "database. This is particularly useful for system accounts. This option can "
@@ -1039,7 +1040,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:817
+#: sssd.conf.5.xml:819
 msgid ""
 "NOTE: The filter_groups option doesn't affect inheritance of nested group "
 "members, since filtering happens after they are propagated for returning via "
@@ -1048,39 +1049,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:825
+#: sssd.conf.5.xml:827
 msgid "Default: root"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:830
+#: sssd.conf.5.xml:832
 msgid "filter_users_in_groups (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:833
+#: sssd.conf.5.xml:835
 msgid "If you want filtered user still be group members set this option to false."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:844
+#: sssd.conf.5.xml:846
 msgid "fallback_homedir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:849
 msgid ""
 "Set a default template for a user's home directory if one is not specified "
 "explicitly by the domain's data provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:852
+#: sssd.conf.5.xml:854
 msgid "The available values for this option are the same as for override_homedir."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:858
+#: sssd.conf.5.xml:860
 #, no-wrap
 msgid ""
 "fallback_homedir = /home/%u\n"
@@ -1088,22 +1089,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:856 sssd.conf.5.xml:1296 sssd.conf.5.xml:1315 sssd-krb5.5.xml:539 include/override_homedir.xml:59
+#: sssd.conf.5.xml:858 sssd.conf.5.xml:1298 sssd.conf.5.xml:1317 sssd-krb5.5.xml:539 include/override_homedir.xml:59
 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:862
+#: sssd.conf.5.xml:864
 msgid "Default: not set (no substitution for unset home directories)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:870
 msgid "override_shell (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:873
 msgid ""
 "Override the login shell for all users. This option supersedes any other "
 "shell options if it takes effect and can be set either in the [nss] section "
@@ -1111,46 +1112,46 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:877
+#: sssd.conf.5.xml:879
 msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:883
+#: sssd.conf.5.xml:885
 msgid "allowed_shells (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:886
+#: sssd.conf.5.xml:888
 msgid "Restrict user shell to one of the listed values. The order of evaluation is:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:889
+#: sssd.conf.5.xml:891
 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:895
 msgid ""
 "2. If the shell is in the allowed_shells list but not in "
 "<quote>/etc/shells</quote>, use the value of the shell_fallback parameter."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:898
+#: sssd.conf.5.xml:900
 msgid ""
 "3. If the shell is not in the allowed_shells list and not in "
 "<quote>/etc/shells</quote>, a nologin shell is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:903
+#: sssd.conf.5.xml:905
 msgid "The wildcard (*) can be used to allow any shell."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:906
+#: sssd.conf.5.xml:908
 msgid ""
 "The (*) is useful if you want to use shell_fallback in case that user's "
 "shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -1158,56 +1159,56 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:913
+#: sssd.conf.5.xml:915
 msgid "An empty string for shell is passed as-is to libc."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:918
 msgid ""
 "The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
 "that a restart of the SSSD is required in case a new shell is installed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:920
+#: sssd.conf.5.xml:922
 msgid "Default: Not set. The user shell is automatically used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:925
+#: sssd.conf.5.xml:927
 msgid "vetoed_shells (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:928
+#: sssd.conf.5.xml:930
 msgid "Replace any instance of these shells with the shell_fallback"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:933
+#: sssd.conf.5.xml:935
 msgid "shell_fallback (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:936
+#: sssd.conf.5.xml:938
 msgid ""
 "The default shell to use if an allowed shell is not installed on the "
 "machine."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
+#: sssd.conf.5.xml:942
 msgid "Default: /bin/sh"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:945
+#: sssd.conf.5.xml:947
 msgid "default_shell"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:950
 msgid ""
 "The default shell to use if the provider does not return one during "
 "lookup. This option can be specified globally in the [nss] section or "
@@ -1215,57 +1216,57 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:956
 msgid ""
 "Default: not set (Return NULL if no shell is specified and rely on libc to "
 "substitute something sensible when necessary, usually /bin/sh)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:961 sssd.conf.5.xml:1222
+#: sssd.conf.5.xml:963 sssd.conf.5.xml:1224
 msgid "get_domains_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:964 sssd.conf.5.xml:1225
+#: sssd.conf.5.xml:966 sssd.conf.5.xml:1227
 msgid ""
 "Specifies time in seconds for which the list of subdomains will be "
 "considered valid."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:973
+#: sssd.conf.5.xml:975
 msgid "memcache_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:976
+#: sssd.conf.5.xml:978
 msgid ""
 "Specifies time in seconds for which records in the in-memory cache will be "
 "valid. Setting this option to zero will disable the in-memory cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:984
+#: sssd.conf.5.xml:986
 msgid ""
 "WARNING: Disabling the in-memory cache will have significant negative impact "
 "on SSSD's performance and should only be used for testing."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:990
+#: sssd.conf.5.xml:992
 msgid ""
 "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
 "client applications will not use the fast in-memory cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:998 sssd-ifp.5.xml:74
+#: sssd.conf.5.xml:1000 sssd-ifp.5.xml:74
 msgid "user_attributes (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1001
+#: sssd.conf.5.xml:1003
 msgid ""
 "Some of the additional NSS responder requests can return more attributes "
 "than just the POSIX ones defined by the NSS interface. The list of "
@@ -1277,96 +1278,96 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1014
+#: sssd.conf.5.xml:1016
 msgid ""
 "To make configuration more easy the NSS responder will check the InfoPipe "
 "option if it is not set for the NSS responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1019
+#: sssd.conf.5.xml:1021
 msgid "Default: not set, fallback to InfoPipe option"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1026
 msgid "pwfield (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1029
 msgid ""
 "The value that NSS operations that return users or groups will return for "
 "the <quote>password</quote> field."
 msgstr ""
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:1032 include/override_homedir.xml:56
+#: sssd.conf.5.xml:1034 include/override_homedir.xml:56
 msgid "This option can also be set per-domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1035
+#: sssd.conf.5.xml:1037
 msgid ""
 "Default: <quote>*</quote> (remote domains)  or <quote>x</quote> (the files "
 "domain)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1043
+#: sssd.conf.5.xml:1045
 msgid "PAM configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1047
 msgid ""
 "These options can be used to configure the Pluggable Authentication Module "
 "(PAM) service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1050
+#: sssd.conf.5.xml:1052
 msgid "offline_credentials_expiration (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1053
+#: sssd.conf.5.xml:1055
 msgid ""
 "If the authentication provider is offline, how long should we allow cached "
 "logins (in days since the last successful online login)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1058 sssd.conf.5.xml:1071
+#: sssd.conf.5.xml:1060 sssd.conf.5.xml:1073
 msgid "Default: 0 (No limit)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1064
+#: sssd.conf.5.xml:1066
 msgid "offline_failed_login_attempts (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1067
+#: sssd.conf.5.xml:1069
 msgid ""
 "If the authentication provider is offline, how many failed login attempts "
 "are allowed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1077
+#: sssd.conf.5.xml:1079
 msgid "offline_failed_login_delay (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1080
+#: sssd.conf.5.xml:1082
 msgid ""
 "The time in minutes which has to pass after offline_failed_login_attempts "
 "has been reached before a new login attempt is possible."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1085
+#: sssd.conf.5.xml:1087
 msgid ""
 "If set to 0 the user cannot authenticate offline if "
 "offline_failed_login_attempts has been reached. Only a successful online "
@@ -1374,59 +1375,59 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1091 sssd.conf.5.xml:1189
+#: sssd.conf.5.xml:1093 sssd.conf.5.xml:1191
 msgid "Default: 5"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1097
+#: sssd.conf.5.xml:1099
 msgid "pam_verbosity (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1100
+#: sssd.conf.5.xml:1102
 msgid ""
 "Controls what kind of messages are shown to the user during "
 "authentication. The higher the number to more messages are displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1105
+#: sssd.conf.5.xml:1107
 msgid "Currently sssd supports the following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1108
+#: sssd.conf.5.xml:1110
 msgid "<emphasis>0</emphasis>: do not show any message"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1111
+#: sssd.conf.5.xml:1113
 msgid "<emphasis>1</emphasis>: show only important messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1115
+#: sssd.conf.5.xml:1117
 msgid "<emphasis>2</emphasis>: show informational messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1118
+#: sssd.conf.5.xml:1120
 msgid "<emphasis>3</emphasis>: show all messages and debug information"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1122 sssd.8.xml:63
+#: sssd.conf.5.xml:1124 sssd.8.xml:63
 msgid "Default: 1"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1128
+#: sssd.conf.5.xml:1130
 msgid "pam_response_filter (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1131
+#: sssd.conf.5.xml:1133
 msgid ""
 "A comma separated list of strings which allows to remove (filter) data sent "
 "by the PAM responder to pam_sss PAM module. There are different kind of "
@@ -1435,61 +1436,61 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1139
+#: sssd.conf.5.xml:1141
 msgid ""
 "While messages already can be controlled with the help of the pam_verbosity "
 "option this option allows to filter out other kind of responses as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1148
 msgid "ENV"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1147
+#: sssd.conf.5.xml:1149
 msgid "Do not send any environment variables to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1150
+#: sssd.conf.5.xml:1152
 msgid "ENV:var_name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1151
+#: sssd.conf.5.xml:1153
 msgid "Do not send environment variable var_name to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1155
+#: sssd.conf.5.xml:1157
 msgid "ENV:var_name:service"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1156
+#: sssd.conf.5.xml:1158
 msgid "Do not send environment variable var_name to service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1144
+#: sssd.conf.5.xml:1146
 msgid ""
 "Currently the following filters are supported: <placeholder "
 "type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1166
+#: sssd.conf.5.xml:1168
 msgid "Example: ENV:KRB5CCNAME:sudo-i"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1174
 msgid "pam_id_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1175
+#: sssd.conf.5.xml:1177
 msgid ""
 "For any PAM request while SSSD is online, the SSSD will attempt to "
 "immediately update the cached identity information for the user in order to "
@@ -1497,7 +1498,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1181
+#: sssd.conf.5.xml:1183
 msgid ""
 "A complete PAM conversation may perform multiple PAM requests, such as "
 "account management and session opening. This option controls (on a "
@@ -1507,17 +1508,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1195
+#: sssd.conf.5.xml:1197
 msgid "pam_pwd_expiration_warning (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1198 sssd.conf.5.xml:2028
+#: sssd.conf.5.xml:1200 sssd.conf.5.xml:2078
 msgid "Display a warning N days before the password expires."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1201
+#: sssd.conf.5.xml:1203
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -1525,7 +1526,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1207 sssd.conf.5.xml:2031
+#: sssd.conf.5.xml:1209 sssd.conf.5.xml:2081
 msgid ""
 "If zero is set, then this filter is not applied, i.e. if the expiration "
 "warning was received from backend server, it will automatically be "
@@ -1533,19 +1534,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1212
+#: sssd.conf.5.xml:1214
 msgid ""
 "This setting can be overridden by setting "
 "<emphasis>pwd_expiration_warning</emphasis> for a particular domain."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1219 sssd.conf.5.xml:2904 sssd.8.xml:79
+msgid "Default: 0"
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1234
+#: sssd.conf.5.xml:1236
 msgid "pam_trusted_users (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1237
+#: sssd.conf.5.xml:1239
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to run PAM conversations against trusted domains.  Users not "
@@ -1555,72 +1561,72 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1247
+#: sssd.conf.5.xml:1249
 msgid "Default: All users are considered trusted by default"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1251
+#: sssd.conf.5.xml:1253
 msgid ""
 "Please note that UID 0 is always allowed to access the PAM responder even in "
 "case it is not in the pam_trusted_users list."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1258
+#: sssd.conf.5.xml:1260
 msgid "pam_public_domains (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1261
+#: sssd.conf.5.xml:1263
 msgid ""
 "Specifies the comma-separated list of domain names that are accessible even "
 "to untrusted users."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1265
+#: sssd.conf.5.xml:1267
 msgid "Two special values for pam_public_domains option are defined:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1269
+#: sssd.conf.5.xml:1271
 msgid "all (Untrusted users are allowed to access all domains in PAM responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1273
+#: sssd.conf.5.xml:1275
 msgid ""
 "none (Untrusted users are not allowed to access any domains PAM in "
 "responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1277 sssd.conf.5.xml:1302 sssd.conf.5.xml:1321 sssd.conf.5.xml:1825 sssd.conf.5.xml:2782 sssd-ldap.5.xml:1968
+#: sssd.conf.5.xml:1279 sssd.conf.5.xml:1304 sssd.conf.5.xml:1323 sssd.conf.5.xml:1875 sssd.conf.5.xml:2840 sssd-ldap.5.xml:1968
 msgid "Default: none"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1282
+#: sssd.conf.5.xml:1284
 msgid "pam_account_expired_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1285
+#: sssd.conf.5.xml:1287
 msgid ""
 "Allows a custom expiration message to be set, replacing the default "
 "'Permission denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1290
+#: sssd.conf.5.xml:1292
 msgid ""
 "Note: Please be aware that message is only printed for the SSH service "
 "unless pam_verbosity is set to 3 (show all messages and debug information)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1298
+#: sssd.conf.5.xml:1300
 #, no-wrap
 msgid ""
 "pam_account_expired_message = Account expired, please contact help desk.\n"
@@ -1628,19 +1634,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1307
+#: sssd.conf.5.xml:1309
 msgid "pam_account_locked_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1310
+#: sssd.conf.5.xml:1312
 msgid ""
 "Allows a custom lockout message to be set, replacing the default 'Permission "
 "denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1317
+#: sssd.conf.5.xml:1319
 #, no-wrap
 msgid ""
 "pam_account_locked_message = Account locked, please contact help desk.\n"
@@ -1648,12 +1654,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1326
+#: sssd.conf.5.xml:1328
 msgid "pam_cert_auth (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1329
+#: sssd.conf.5.xml:1331
 msgid ""
 "Enable certificate based Smartcard authentication.  Since this requires "
 "additional communication with the Smartcard which will delay the "
@@ -1661,56 +1667,78 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1335 sssd.conf.5.xml:2875 sssd-ldap.5.xml:1087 sssd-ldap.5.xml:1114 sssd-ldap.5.xml:1514 sssd-ldap.5.xml:1535 sssd-ldap.5.xml:2041 include/ldap_id_mapping.xml:244
+#: sssd.conf.5.xml:1337 sssd.conf.5.xml:2933 sssd-ldap.5.xml:1087 sssd-ldap.5.xml:1114 sssd-ldap.5.xml:1514 sssd-ldap.5.xml:1535 sssd-ldap.5.xml:2041 include/ldap_id_mapping.xml:244
 msgid "Default: False"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1340
+#: sssd.conf.5.xml:1342
 msgid "pam_cert_db_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1343
+#: sssd.conf.5.xml:1345
 msgid ""
 "The path to the certificate database which contain the PKCS#11 modules to "
 "access the Smartcard."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1347
-msgid "Default: /etc/pki/nssdb (NSS version)"
+#: sssd.conf.5.xml:1349 sssd.conf.5.xml:1534
+msgid "Default:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:1351 sssd.conf.5.xml:1536
+msgid "/etc/pki/nssdb (NSS version, path to a NSS database)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:1354 sssd.conf.5.xml:1539
+msgid ""
+"/etc/sssd/pki/sssd_auth_ca_db.pem (OpenSSL version, path to a file with "
+"trusted CA certificates in PEM format)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1361 sssd.conf.5.xml:1546
+msgid "This man page was generated for the NSS version."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1364 sssd.conf.5.xml:1549
+msgid "This man page was generated for the OpenSSL version."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1352
+#: sssd.conf.5.xml:1369
 msgid "p11_child_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1355
+#: sssd.conf.5.xml:1372
 msgid "How many seconds will pam_sss wait for p11_child to finish."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1364
+#: sssd.conf.5.xml:1381
 msgid "pam_app_services (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1367
+#: sssd.conf.5.xml:1384
 msgid ""
 "Which PAM services are permitted to contact domains of type "
 "<quote>application</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1380
+#: sssd.conf.5.xml:1397
 msgid "SUDO configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1382
+#: sssd.conf.5.xml:1399
 msgid ""
 "These options can be used to configure the sudo service.  The detailed "
 "instructions for configuration of <citerefentry> "
@@ -1722,24 +1750,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1399
+#: sssd.conf.5.xml:1416
 msgid "sudo_timed (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1402
+#: sssd.conf.5.xml:1419
 msgid ""
 "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
 "that implement time-dependent sudoers entries."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1414
+#: sssd.conf.5.xml:1431
 msgid "sudo_threshold (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1417
+#: sssd.conf.5.xml:1434
 msgid ""
 "Maximum number of expired rules that can be refreshed at once. If number of "
 "expired rules is below threshold, those rules are refreshed with "
@@ -1750,22 +1778,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1436
+#: sssd.conf.5.xml:1453
 msgid "AUTOFS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1438
+#: sssd.conf.5.xml:1455
 msgid "These options can be used to configure the autofs service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1442
+#: sssd.conf.5.xml:1459
 msgid "autofs_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1445
+#: sssd.conf.5.xml:1462
 msgid ""
 "Specifies for how many seconds should the autofs responder negative cache "
 "hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1773,68 +1801,78 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1461
+#: sssd.conf.5.xml:1478
 msgid "SSH configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1463
+#: sssd.conf.5.xml:1480
 msgid "These options can be used to configure the SSH service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1467
+#: sssd.conf.5.xml:1484
 msgid "ssh_hash_known_hosts (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1470
+#: sssd.conf.5.xml:1487
 msgid ""
 "Whether or not to hash host names and addresses in the managed known_hosts "
 "file."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1479
+#: sssd.conf.5.xml:1496
 msgid "ssh_known_hosts_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1482
+#: sssd.conf.5.xml:1499
 msgid ""
 "How many seconds to keep a host in the managed known_hosts file after its "
 "host keys were requested."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1486
+#: sssd.conf.5.xml:1503
 msgid "Default: 180"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1491
-msgid "ca_db (string)"
+#: sssd.conf.5.xml:1508
+msgid "ssh_use_certificate_keys (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1494
+#: sssd.conf.5.xml:1511
 msgid ""
-"Path to a storage of trusted CA certificates. The option is used to validate "
-"user certificates before deriving public ssh keys from them."
+"If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh "
+"keys derived from the public key of X.509 certificates stored in the user "
+"entry as well. See <citerefentry> "
+"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> "
+"<manvolnum>1</manvolnum> </citerefentry> for details."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1526
+msgid "ca_db (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1499
-msgid "Default: /etc/pki/nssdb"
+#: sssd.conf.5.xml:1529
+msgid ""
+"Path to a storage of trusted CA certificates. The option is used to validate "
+"user certificates before deriving public ssh keys from them."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1507
+#: sssd.conf.5.xml:1557
 msgid "PAC responder configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1509
+#: sssd.conf.5.xml:1559
 msgid ""
 "The PAC responder works together with the authorization data plugin for MIT "
 "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -1845,7 +1883,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1518
+#: sssd.conf.5.xml:1568
 msgid ""
 "If the remote user does not exist in the cache, it is created. The UID is "
 "determined with the help of the SID, trusted domains will have UPGs and the "
@@ -1856,24 +1894,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1526
+#: sssd.conf.5.xml:1576
 msgid ""
 "If there are SIDs of groups from domains sssd knows about, the user will be "
 "added to those groups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1532
+#: sssd.conf.5.xml:1582
 msgid "These options can be used to configure the PAC responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1536 sssd-ifp.5.xml:50
+#: sssd.conf.5.xml:1586 sssd-ifp.5.xml:50
 msgid "allowed_uids (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1539
+#: sssd.conf.5.xml:1589
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -1881,12 +1919,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1545
+#: sssd.conf.5.xml:1595
 msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1549
+#: sssd.conf.5.xml:1599
 msgid ""
 "Please note that although the UID 0 is used as the default it will be "
 "overwritten with this option. If you still want to allow the root user to "
@@ -1895,24 +1933,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1558
+#: sssd.conf.5.xml:1608
 msgid "pac_lifetime (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1561
+#: sssd.conf.5.xml:1611
 msgid ""
 "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
 "data can be used to determine the group memberships of a user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1574
+#: sssd.conf.5.xml:1624
 msgid "Session recording configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1576
+#: sssd.conf.5.xml:1626
 msgid ""
 "Session recording works in conjunction with <citerefentry> "
 "<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> "
@@ -1923,66 +1961,66 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1589
+#: sssd.conf.5.xml:1639
 msgid "These options can be used to configure session recording."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1593 sssd-session-recording.5.xml:64
+#: sssd.conf.5.xml:1643 sssd-session-recording.5.xml:64
 msgid "scope (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1600 sssd-session-recording.5.xml:71
+#: sssd.conf.5.xml:1650 sssd-session-recording.5.xml:71
 msgid "\"none\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1603 sssd-session-recording.5.xml:74
+#: sssd.conf.5.xml:1653 sssd-session-recording.5.xml:74
 msgid "No users are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1608 sssd-session-recording.5.xml:79
+#: sssd.conf.5.xml:1658 sssd-session-recording.5.xml:79
 msgid "\"some\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1611 sssd-session-recording.5.xml:82
+#: sssd.conf.5.xml:1661 sssd-session-recording.5.xml:82
 msgid ""
 "Users/groups specified by <replaceable>users</replaceable> and "
 "<replaceable>groups</replaceable> options are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1620 sssd-session-recording.5.xml:91
+#: sssd.conf.5.xml:1670 sssd-session-recording.5.xml:91
 msgid "\"all\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1623 sssd-session-recording.5.xml:94
+#: sssd.conf.5.xml:1673 sssd-session-recording.5.xml:94
 msgid "All users are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1596 sssd-session-recording.5.xml:67
+#: sssd.conf.5.xml:1646 sssd-session-recording.5.xml:67
 msgid ""
 "One of the following strings specifying the scope of session recording: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1630 sssd-session-recording.5.xml:101
+#: sssd.conf.5.xml:1680 sssd-session-recording.5.xml:101
 msgid "Default: \"none\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1635 sssd-session-recording.5.xml:106
+#: sssd.conf.5.xml:1685 sssd-session-recording.5.xml:106
 msgid "users (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1638 sssd-session-recording.5.xml:109
+#: sssd.conf.5.xml:1688 sssd-session-recording.5.xml:109
 msgid ""
 "A comma-separated list of users which should have session recording "
 "enabled. Matches user names as returned by NSS. I.e. after the possible "
@@ -1990,17 +2028,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1644 sssd-session-recording.5.xml:115
+#: sssd.conf.5.xml:1694 sssd-session-recording.5.xml:115
 msgid "Default: Empty. Matches no users."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1649 sssd-session-recording.5.xml:120
+#: sssd.conf.5.xml:1699 sssd-session-recording.5.xml:120
 msgid "groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1652 sssd-session-recording.5.xml:123
+#: sssd.conf.5.xml:1702 sssd-session-recording.5.xml:123
 msgid ""
 "A comma-separated list of groups, members of which should have session "
 "recording enabled. Matches group names as returned by NSS. I.e. after the "
@@ -2008,7 +2046,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1658 sssd-session-recording.5.xml:129
+#: sssd.conf.5.xml:1708 sssd-session-recording.5.xml:129
 msgid ""
 "NOTE: using this option (having it set to anything) has a considerable "
 "performance cost, because each uncached request for a user requires "
@@ -2016,22 +2054,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1665 sssd-session-recording.5.xml:136
+#: sssd.conf.5.xml:1715 sssd-session-recording.5.xml:136
 msgid "Default: Empty. Matches no groups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1675
+#: sssd.conf.5.xml:1725
 msgid "DOMAIN SECTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1682
+#: sssd.conf.5.xml:1732
 msgid "domain_type (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1685
+#: sssd.conf.5.xml:1735
 msgid ""
 "Specifies whether the domain is meant to be used by POSIX-aware clients such "
 "as the Name Service Switch or by applications that do not need POSIX data to "
@@ -2040,14 +2078,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1693
+#: sssd.conf.5.xml:1743
 msgid ""
 "Allowed values for this option are <quote>posix</quote> and "
 "<quote>application</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1697
+#: sssd.conf.5.xml:1747
 msgid ""
 "POSIX domains are reachable by all services. Application domains are only "
 "reachable from the InfoPipe responder (see <citerefentry> "
@@ -2056,38 +2094,38 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1705
+#: sssd.conf.5.xml:1755
 msgid ""
 "NOTE: The application domains are currently well tested with "
 "<quote>id_provider=ldap</quote> only."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1709
+#: sssd.conf.5.xml:1759
 msgid ""
 "For an easy way to configure a non-POSIX domains, please see the "
 "<quote>Application domains</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1713
+#: sssd.conf.5.xml:1763
 msgid "Default: posix"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1719
+#: sssd.conf.5.xml:1769
 msgid "min_id,max_id (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1722
+#: sssd.conf.5.xml:1772
 msgid ""
 "UID and GID limits for the domain. If a domain contains an entry that is "
 "outside these limits, it is ignored."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1727
+#: sssd.conf.5.xml:1777
 msgid ""
 "For users, this affects the primary GID limit. The user will not be returned "
 "to NSS if either the UID or the primary GID is outside the range. For "
@@ -2096,24 +2134,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1734
+#: sssd.conf.5.xml:1784
 msgid ""
 "These ID limits affect even saving entries to cache, not only returning them "
 "by name or ID."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1738
+#: sssd.conf.5.xml:1788
 msgid "Default: 1 for min_id, 0 (no limit) for max_id"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1744
+#: sssd.conf.5.xml:1794
 msgid "enumerate (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1747
+#: sssd.conf.5.xml:1797
 msgid ""
 "Determines if a domain can be enumerated, that is, whether the domain can "
 "list all the users and group it contains. Note that it is not required to "
@@ -2122,29 +2160,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1755
+#: sssd.conf.5.xml:1805
 msgid "TRUE = Users and groups are enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1758
+#: sssd.conf.5.xml:1808
 msgid "FALSE = No enumerations for this domain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1761 sssd.conf.5.xml:1983 sssd.conf.5.xml:2150
+#: sssd.conf.5.xml:1811 sssd.conf.5.xml:2033 sssd.conf.5.xml:2208
 msgid "Default: FALSE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1764
+#: sssd.conf.5.xml:1814
 msgid ""
 "Enumerating a domain requires SSSD to download and store ALL user and group "
 "entries from the remote server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1769
+#: sssd.conf.5.xml:1819
 msgid ""
 "Note: Enabling enumeration has a moderate performance impact on SSSD while "
 "enumeration is running. It may take up to several minutes after SSSD startup "
@@ -2158,14 +2196,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1784
+#: sssd.conf.5.xml:1834
 msgid ""
 "While the first enumeration is running, requests for the complete user or "
 "group lists may return no results until it completes."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1789
+#: sssd.conf.5.xml:1839
 msgid ""
 "Further, enabling enumeration may increase the time necessary to detect "
 "network disconnection, as longer timeouts are required to ensure that "
@@ -2174,39 +2212,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1797
+#: sssd.conf.5.xml:1847
 msgid ""
 "For the reasons cited above, enabling enumeration is not recommended, "
 "especially in large environments."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1805
+#: sssd.conf.5.xml:1855
 msgid "subdomain_enumerate (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1812
+#: sssd.conf.5.xml:1862
 msgid "all"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1813
+#: sssd.conf.5.xml:1863
 msgid "All discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1816
+#: sssd.conf.5.xml:1866
 msgid "none"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1817
+#: sssd.conf.5.xml:1867
 msgid "No discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1808
+#: sssd.conf.5.xml:1858
 msgid ""
 "Whether any of autodetected trusted domains should be enumerated. The "
 "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -2215,19 +2253,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1831
+#: sssd.conf.5.xml:1881
 msgid "entry_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1834
+#: sssd.conf.5.xml:1884
 msgid ""
 "How many seconds should nss_sss consider entries valid before asking the "
 "backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1838
+#: sssd.conf.5.xml:1888
 msgid ""
 "The cache expiration timestamps are stored as attributes of individual "
 "objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -2238,150 +2276,150 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1851
+#: sssd.conf.5.xml:1901
 msgid "Default: 5400"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1857
+#: sssd.conf.5.xml:1907
 msgid "entry_cache_user_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1860
+#: sssd.conf.5.xml:1910
 msgid ""
 "How many seconds should nss_sss consider user entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1864 sssd.conf.5.xml:1877 sssd.conf.5.xml:1890 sssd.conf.5.xml:1903 sssd.conf.5.xml:1916 sssd.conf.5.xml:1930 sssd.conf.5.xml:1944
+#: sssd.conf.5.xml:1914 sssd.conf.5.xml:1927 sssd.conf.5.xml:1940 sssd.conf.5.xml:1953 sssd.conf.5.xml:1966 sssd.conf.5.xml:1980 sssd.conf.5.xml:1994
 msgid "Default: entry_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1870
+#: sssd.conf.5.xml:1920
 msgid "entry_cache_group_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1873
+#: sssd.conf.5.xml:1923
 msgid ""
 "How many seconds should nss_sss consider group entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1883
+#: sssd.conf.5.xml:1933
 msgid "entry_cache_netgroup_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1886
+#: sssd.conf.5.xml:1936
 msgid ""
 "How many seconds should nss_sss consider netgroup entries valid before "
 "asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1896
+#: sssd.conf.5.xml:1946
 msgid "entry_cache_service_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1899
+#: sssd.conf.5.xml:1949
 msgid ""
 "How many seconds should nss_sss consider service entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1909
+#: sssd.conf.5.xml:1959
 msgid "entry_cache_sudo_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:1962
 msgid ""
 "How many seconds should sudo consider rules valid before asking the backend "
 "again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1922
+#: sssd.conf.5.xml:1972
 msgid "entry_cache_autofs_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1925
+#: sssd.conf.5.xml:1975
 msgid ""
 "How many seconds should the autofs service consider automounter maps valid "
 "before asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1936
+#: sssd.conf.5.xml:1986
 msgid "entry_cache_ssh_host_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1939
+#: sssd.conf.5.xml:1989
 msgid ""
 "How many seconds to keep a host ssh key after refresh. IE how long to cache "
 "the host key for."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1950
+#: sssd.conf.5.xml:2000
 msgid "refresh_expired_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1953
+#: sssd.conf.5.xml:2003
 msgid ""
 "Specifies how many seconds SSSD has to wait before triggering a background "
 "refresh task which will refresh all expired or nearly expired records."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1958
+#: sssd.conf.5.xml:2008
 msgid ""
 "The background refresh will process users, groups and netgroups in the "
 "cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1962
+#: sssd.conf.5.xml:2012
 msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1966 sssd-ldap.5.xml:746 sssd-ipa.5.xml:254
+#: sssd.conf.5.xml:2016 sssd-ldap.5.xml:746 sssd-ipa.5.xml:254
 msgid "Default: 0 (disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1972
+#: sssd.conf.5.xml:2022
 msgid "cache_credentials (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1975
+#: sssd.conf.5.xml:2025
 msgid "Determines if user credentials are also cached in the local LDB cache"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1979
+#: sssd.conf.5.xml:2029
 msgid "User credentials are stored in a SHA512 hash, not in plaintext"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1989
+#: sssd.conf.5.xml:2039
 msgid "cache_credentials_minimal_first_factor_length (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1992
+#: sssd.conf.5.xml:2042
 msgid ""
 "If 2-Factor-Authentication (2FA) is used and credentials should be saved "
 "this value determines the minimal length the first authentication factor "
@@ -2389,24 +2427,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1999
+#: sssd.conf.5.xml:2049
 msgid ""
 "This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
 "the cache which would make them easy targets for brute-force attacks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2004
+#: sssd.conf.5.xml:2054
 msgid "Default: 8"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2010
+#: sssd.conf.5.xml:2060
 msgid "account_cache_expiration (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2013
+#: sssd.conf.5.xml:2063
 msgid ""
 "Number of days entries are left in cache after last successful login before "
 "being removed during a cleanup of the cache. 0 means keep forever.  The "
@@ -2415,17 +2453,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2020
+#: sssd.conf.5.xml:2070
 msgid "Default: 0 (unlimited)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2025
+#: sssd.conf.5.xml:2075
 msgid "pwd_expiration_warning (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2036
+#: sssd.conf.5.xml:2086
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -2434,34 +2472,43 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2043
+#: sssd.conf.5.xml:2093
 msgid "Default: 7 (Kerberos), 0 (LDAP)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2049
+#: sssd.conf.5.xml:2099
 msgid "id_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2052
+#: sssd.conf.5.xml:2102
 msgid ""
 "The identification provider used for the domain.  Supported ID providers "
 "are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2056
-msgid "<quote>proxy</quote>: Support a legacy NSS provider"
+#: sssd.conf.5.xml:2106
+msgid "<quote>proxy</quote>: Support a legacy NSS provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2059 sssd.conf.5.xml:2196
-msgid "<quote>local</quote>: SSSD internal provider for local users"
+#: sssd.conf.5.xml:2109
+msgid "<quote>local</quote>: SSSD internal provider for local users (DEPRECATED)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2063
+#: sssd.conf.5.xml:2113
+msgid ""
+"<quote>files</quote>: FILES provider. See <citerefentry> "
+"<refentrytitle>sssd-files</refentrytitle> <manvolnum>5</manvolnum> "
+"</citerefentry> for more information on how to mirror local users and groups "
+"into SSSD."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2121
 msgid ""
 "<quote>ldap</quote>: LDAP provider. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> "
@@ -2469,7 +2516,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2071 sssd.conf.5.xml:2176 sssd.conf.5.xml:2231 sssd.conf.5.xml:2294
+#: sssd.conf.5.xml:2129 sssd.conf.5.xml:2234 sssd.conf.5.xml:2289 sssd.conf.5.xml:2352
 msgid ""
 "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
 "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -2478,7 +2525,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2080 sssd.conf.5.xml:2185 sssd.conf.5.xml:2240 sssd.conf.5.xml:2303
+#: sssd.conf.5.xml:2138 sssd.conf.5.xml:2243 sssd.conf.5.xml:2298 sssd.conf.5.xml:2361
 msgid ""
 "<quote>ad</quote>: Active Directory provider. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> "
@@ -2486,19 +2533,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2091
+#: sssd.conf.5.xml:2149
 msgid "use_fully_qualified_names (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2094
+#: sssd.conf.5.xml:2152
 msgid ""
 "Use the full name and domain (as formatted by the domain's full_name_format) "
 "as the user's login name reported to NSS."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2099
+#: sssd.conf.5.xml:2157
 msgid ""
 "If set to TRUE, all requests to this domain must use fully qualified "
 "names. For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -2507,7 +2554,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2107
+#: sssd.conf.5.xml:2165
 msgid ""
 "NOTE: This option has no effect on netgroup lookups due to their tendency to "
 "include nested netgroups without qualified names. For netgroups, all domains "
@@ -2515,22 +2562,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2114
+#: sssd.conf.5.xml:2172
 msgid "Default: FALSE (TRUE if default_domain_suffix is used)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2120
+#: sssd.conf.5.xml:2178
 msgid "ignore_group_members (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2123
+#: sssd.conf.5.xml:2181
 msgid "Do not return group members for group lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2126
+#: sssd.conf.5.xml:2184
 msgid ""
 "If set to TRUE, the group membership attribute is not requested from the "
 "ldap server, and group members are not returned when processing group lookup "
@@ -2542,7 +2589,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2144
+#: sssd.conf.5.xml:2202
 msgid ""
 "Enabling this option can also make access provider checks for group "
 "membership significantly faster, especially for groups containing many "
@@ -2550,19 +2597,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2155
+#: sssd.conf.5.xml:2213
 msgid "auth_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2158
+#: sssd.conf.5.xml:2216
 msgid ""
 "The authentication provider used for the domain.  Supported auth providers "
 "are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2162 sssd.conf.5.xml:2224
+#: sssd.conf.5.xml:2220 sssd.conf.5.xml:2282
 msgid ""
 "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> "
@@ -2570,7 +2617,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2169
+#: sssd.conf.5.xml:2227
 msgid ""
 "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> "
@@ -2578,29 +2625,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2193
+#: sssd.conf.5.xml:2251
 msgid "<quote>proxy</quote> for relaying authentication to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2200
+#: sssd.conf.5.xml:2254
+msgid "<quote>local</quote>: SSSD internal provider for local users"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2258
 msgid "<quote>none</quote> disables authentication explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2203
+#: sssd.conf.5.xml:2261
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "authentication requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2209
+#: sssd.conf.5.xml:2267
 msgid "access_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2212
+#: sssd.conf.5.xml:2270
 msgid ""
 "The access control provider used for the domain.  There are two built-in "
 "access providers (in addition to any included in installed backends)  "
@@ -2608,19 +2660,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2218
+#: sssd.conf.5.xml:2276
 msgid ""
 "<quote>permit</quote> always allow access. It's the only permitted access "
 "provider for a local domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2221
+#: sssd.conf.5.xml:2279
 msgid "<quote>deny</quote> always deny access."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2248
+#: sssd.conf.5.xml:2306
 msgid ""
 "<quote>simple</quote> access control based on access or deny lists. See "
 "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> "
@@ -2629,7 +2681,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2255
+#: sssd.conf.5.xml:2313
 msgid ""
 "<quote>krb5</quote>: .k5login based access control.  See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> "
@@ -2638,29 +2690,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2262
+#: sssd.conf.5.xml:2320
 msgid "<quote>proxy</quote> for relaying access control to another PAM module."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2265
+#: sssd.conf.5.xml:2323
 msgid "Default: <quote>permit</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2270
+#: sssd.conf.5.xml:2328
 msgid "chpass_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2273
+#: sssd.conf.5.xml:2331
 msgid ""
 "The provider which should handle change password operations for the domain.  "
 "Supported change password providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2278
+#: sssd.conf.5.xml:2336
 msgid ""
 "<quote>ldap</quote> to change a password stored in a LDAP server. See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> "
@@ -2669,7 +2721,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2286
+#: sssd.conf.5.xml:2344
 msgid ""
 "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> "
@@ -2677,34 +2729,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2311
+#: sssd.conf.5.xml:2369
 msgid "<quote>proxy</quote> for relaying password changes to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2315
+#: sssd.conf.5.xml:2373
 msgid "<quote>none</quote> disallows password changes explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2318
+#: sssd.conf.5.xml:2376
 msgid ""
 "Default: <quote>auth_provider</quote> is used if it is set and can handle "
 "change password requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2325
+#: sssd.conf.5.xml:2383
 msgid "sudo_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2328
+#: sssd.conf.5.xml:2386
 msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2332
+#: sssd.conf.5.xml:2390
 msgid ""
 "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> "
@@ -2712,31 +2764,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2340
+#: sssd.conf.5.xml:2398
 msgid ""
 "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2344
+#: sssd.conf.5.xml:2402
 msgid ""
 "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2348
+#: sssd.conf.5.xml:2406
 msgid "<quote>none</quote> disables SUDO explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2351 sssd.conf.5.xml:2437 sssd.conf.5.xml:2507 sssd.conf.5.xml:2532
+#: sssd.conf.5.xml:2409 sssd.conf.5.xml:2495 sssd.conf.5.xml:2565 sssd.conf.5.xml:2590
 msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2355
+#: sssd.conf.5.xml:2413
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -2747,7 +2799,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2370
+#: sssd.conf.5.xml:2428
 msgid ""
 "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the "
 "background unless the sudo provider is explicitly disabled. Set "
@@ -2756,12 +2808,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2380
+#: sssd.conf.5.xml:2438
 msgid "selinux_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2383
+#: sssd.conf.5.xml:2441
 msgid ""
 "The provider which should handle loading of selinux settings. Note that this "
 "provider will be called right after access provider ends.  Supported selinux "
@@ -2769,7 +2821,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2389
+#: sssd.conf.5.xml:2447
 msgid ""
 "<quote>ipa</quote> to load selinux settings from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -2778,31 +2830,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2397
+#: sssd.conf.5.xml:2455
 msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2400
+#: sssd.conf.5.xml:2458
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "selinux loading requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2406
+#: sssd.conf.5.xml:2464
 msgid "subdomains_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2409
+#: sssd.conf.5.xml:2467
 msgid ""
 "The provider which should handle fetching of subdomains. This value should "
 "be always the same as id_provider.  Supported subdomain providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2415
+#: sssd.conf.5.xml:2473
 msgid ""
 "<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -2811,7 +2863,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2424
+#: sssd.conf.5.xml:2482
 msgid ""
 "<quote>ad</quote> to load a list of subdomains from an Active Directory "
 "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -2820,17 +2872,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2433
+#: sssd.conf.5.xml:2491
 msgid "<quote>none</quote> disallows fetching subdomains explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2443
+#: sssd.conf.5.xml:2501
 msgid "session_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2446
+#: sssd.conf.5.xml:2504
 msgid ""
 "The provider which configures and manages user session related tasks. The "
 "only user session task currently provided is the integration with Fleet "
@@ -2838,41 +2890,41 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2453
+#: sssd.conf.5.xml:2511
 msgid "<quote>ipa</quote> to allow performing user session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2457
+#: sssd.conf.5.xml:2515
 msgid "<quote>none</quote> does not perform any kind of user session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2461
+#: sssd.conf.5.xml:2519
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can perform "
 "session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2465
+#: sssd.conf.5.xml:2523
 msgid ""
 "<emphasis>NOTE:</emphasis> In order to have this feature working as expected "
 "SSSD must be running as \"root\" and not as the unprivileged user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2473
+#: sssd.conf.5.xml:2531
 msgid "autofs_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2476
+#: sssd.conf.5.xml:2534
 msgid "The autofs provider used for the domain.  Supported autofs providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2480
+#: sssd.conf.5.xml:2538
 msgid ""
 "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> "
@@ -2880,7 +2932,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2487
+#: sssd.conf.5.xml:2545
 msgid ""
 "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
 "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> "
@@ -2888,7 +2940,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2495
+#: sssd.conf.5.xml:2553
 msgid ""
 "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> "
@@ -2896,24 +2948,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2504
+#: sssd.conf.5.xml:2562
 msgid "<quote>none</quote> disables autofs explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2514
+#: sssd.conf.5.xml:2572
 msgid "hostid_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2517
+#: sssd.conf.5.xml:2575
 msgid ""
 "The provider used for retrieving host identity information.  Supported "
 "hostid providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2521
+#: sssd.conf.5.xml:2579
 msgid ""
 "<quote>ipa</quote> to load host identity stored in an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -2922,12 +2974,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2529
+#: sssd.conf.5.xml:2587
 msgid "<quote>none</quote> disables hostid explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2542
+#: sssd.conf.5.xml:2600
 msgid ""
 "Regular expression for this domain that describes how to parse the string "
 "containing user name and domain into these components.  The \"domain\" can "
@@ -2937,7 +2989,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2551
+#: sssd.conf.5.xml:2609
 msgid ""
 "Default for the AD and IPA provider: "
 "<quote>(((?P&lt;domain&gt;[^\\\\]+)\\\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?P&lt;name&gt;[^@\\\\]+)$))</quote> "
@@ -2945,29 +2997,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2556
+#: sssd.conf.5.xml:2614
 msgid "username"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2559
+#: sssd.conf.5.xml:2617
 msgid "username@domain.name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2562
+#: sssd.conf.5.xml:2620
 msgid "domain\\username"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2565
+#: sssd.conf.5.xml:2623
 msgid ""
 "While the first two correspond to the general default the third one is "
 "introduced to allow easy integration of users from Windows domains."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2570
+#: sssd.conf.5.xml:2628
 msgid ""
 "Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
 "which translates to \"the name is everything up to the <quote>@</quote> "
@@ -2975,7 +3027,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2576
+#: sssd.conf.5.xml:2634
 msgid ""
 "PLEASE NOTE: the support for non-unique named subpatterns is not available "
 "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -2983,66 +3035,66 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2583
+#: sssd.conf.5.xml:2641
 msgid ""
 "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax "
 "(?P&lt;name&gt;) to label subpatterns."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2630
+#: sssd.conf.5.xml:2688
 msgid "Default: <quote>%1$s@%2$s</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2636
+#: sssd.conf.5.xml:2694
 msgid "lookup_family_order (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2639
+#: sssd.conf.5.xml:2697
 msgid ""
 "Provides the ability to select preferred address family to use when "
 "performing DNS lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2643
+#: sssd.conf.5.xml:2701
 msgid "Supported values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2646
+#: sssd.conf.5.xml:2704
 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2649
+#: sssd.conf.5.xml:2707
 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2652
+#: sssd.conf.5.xml:2710
 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2655
+#: sssd.conf.5.xml:2713
 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2658
+#: sssd.conf.5.xml:2716
 msgid "Default: ipv4_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2664
+#: sssd.conf.5.xml:2722
 msgid "dns_resolver_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2667
+#: sssd.conf.5.xml:2725
 msgid ""
 "Defines the amount of time (in seconds) to wait for a reply from the "
 "internal fail over service before assuming that the service is "
@@ -3051,76 +3103,76 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2674
+#: sssd.conf.5.xml:2732
 msgid ""
 "Please see the section <quote>FAILOVER</quote> for more information about "
 "the service resolution."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2679 sssd-ldap.5.xml:1396 sssd-ldap.5.xml:1438 sssd-ldap.5.xml:1456 sssd-krb5.5.xml:248
+#: sssd.conf.5.xml:2737 sssd-ldap.5.xml:1396 sssd-ldap.5.xml:1438 sssd-ldap.5.xml:1456 sssd-krb5.5.xml:248
 msgid "Default: 6"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2685
+#: sssd.conf.5.xml:2743
 msgid "dns_discovery_domain (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2688
+#: sssd.conf.5.xml:2746
 msgid ""
 "If service discovery is used in the back end, specifies the domain part of "
 "the service discovery DNS query."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2692
+#: sssd.conf.5.xml:2750
 msgid "Default: Use the domain part of machine's hostname"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2698
+#: sssd.conf.5.xml:2756
 msgid "override_gid (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2701
+#: sssd.conf.5.xml:2759
 msgid "Override the primary GID value with the one specified."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2707
+#: sssd.conf.5.xml:2765
 msgid "case_sensitive (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2715
+#: sssd.conf.5.xml:2773
 msgid "True"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2718
+#: sssd.conf.5.xml:2776
 msgid "Case sensitive. This value is invalid for AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2724
+#: sssd.conf.5.xml:2782
 msgid "False"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2726
+#: sssd.conf.5.xml:2784
 msgid "Case insensitive."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2730
+#: sssd.conf.5.xml:2788
 msgid "Preserving"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2733
+#: sssd.conf.5.xml:2791
 msgid ""
 "Same as False (case insensitive), but does not lowercase names in the result "
 "of NSS operations. Note that name aliases (and in case of services also "
@@ -3128,7 +3180,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2710
+#: sssd.conf.5.xml:2768
 msgid ""
 "Treat user and group names as case sensitive. At the moment, this option is "
 "not supported in the local provider. Possible option values are: "
@@ -3136,17 +3188,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2745
+#: sssd.conf.5.xml:2803
 msgid "Default: True (False for AD provider)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2751
+#: sssd.conf.5.xml:2809
 msgid "subdomain_inherit (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2754
+#: sssd.conf.5.xml:2812
 msgid ""
 "Specifies a list of configuration parameters that should be inherited by a "
 "subdomain. Please note that only selected parameters can be inherited.  "
@@ -3154,34 +3206,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2760
+#: sssd.conf.5.xml:2818
 msgid "ignore_group_members"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2763
+#: sssd.conf.5.xml:2821
 msgid "ldap_purge_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2766 sssd-ldap.5.xml:1120
+#: sssd.conf.5.xml:2824 sssd-ldap.5.xml:1120
 msgid "ldap_use_tokengroups"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2769
+#: sssd.conf.5.xml:2827
 msgid "ldap_user_principal"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2772
+#: sssd.conf.5.xml:2830
 msgid ""
 "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
 "is not set explicitly)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:2778
+#: sssd.conf.5.xml:2836
 #, no-wrap
 msgid ""
 "subdomain_inherit = ldap_purge_cache_timeout\n"
@@ -3189,32 +3241,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2776 sssd-secrets.5.xml:448
+#: sssd.conf.5.xml:2834 sssd-secrets.5.xml:448
 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2785
+#: sssd.conf.5.xml:2843
 msgid "Note: This option only works with the IPA and AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2792
+#: sssd.conf.5.xml:2850
 msgid "subdomain_homedir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2803
+#: sssd.conf.5.xml:2861
 msgid "%F"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2804
+#: sssd.conf.5.xml:2862
 msgid "flat (NetBIOS) name of a subdomain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2795
+#: sssd.conf.5.xml:2853
 msgid ""
 "Use this homedir as default value for all subdomains within this domain in "
 "IPA AD trust.  See <emphasis>override_homedir</emphasis> for info about "
@@ -3224,32 +3276,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2809
+#: sssd.conf.5.xml:2867
 msgid "The value can be overridden by <emphasis>override_homedir</emphasis> option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2813
+#: sssd.conf.5.xml:2871
 msgid "Default: <filename>/home/%d/%u</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2818
+#: sssd.conf.5.xml:2876
 msgid "realmd_tags (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2821
+#: sssd.conf.5.xml:2879
 msgid "Various tags stored by the realmd configuration service for this domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2827
+#: sssd.conf.5.xml:2885
 msgid "cached_auth_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2830
+#: sssd.conf.5.xml:2888
 msgid ""
 "Specifies time in seconds since last successful online authentication for "
 "which user will be authenticated using cached credentials while SSSD is in "
@@ -3257,12 +3309,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2836
+#: sssd.conf.5.xml:2894
 msgid "Special value 0 implies that this feature is disabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2840
+#: sssd.conf.5.xml:2898
 msgid ""
 "Please note that if <quote>cached_auth_timeout</quote> is longer than "
 "<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -3270,26 +3322,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2851
+#: sssd.conf.5.xml:2909
 msgid "auto_private_groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2854
+#: sssd.conf.5.xml:2912
 msgid ""
 "If this option is enabled, SSSD will automatically create user private "
 "groups based on user's UID number. The GID number is ignored in this case."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2859
+#: sssd.conf.5.xml:2917
 msgid ""
 "For POSIX subdomains, setting the option in the main domain is inherited in "
 "the subdomain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2863
+#: sssd.conf.5.xml:2921
 msgid ""
 "For ID-mapping subdomains, auto_private_groups is already enabled for the "
 "subdomains and setting it to false will not have any effect for the "
@@ -3297,7 +3349,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2868
+#: sssd.conf.5.xml:2926
 msgid ""
 "NOTE: Because the GID number and the user private group are inferred from "
 "the UID number, it is not supported to have multiple entries with the same "
@@ -3306,7 +3358,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1677
+#: sssd.conf.5.xml:1727
 msgid ""
 "These configuration options can be present in a domain configuration "
 "section, that is, in a section called "
@@ -3315,29 +3367,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2887
+#: sssd.conf.5.xml:2945
 msgid "proxy_pam_target (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2890
+#: sssd.conf.5.xml:2948
 msgid "The proxy target PAM proxies to."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2893
+#: sssd.conf.5.xml:2951
 msgid ""
 "Default: not set by default, you have to take an existing pam configuration "
 "or create a new one and add the service name here."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2901
+#: sssd.conf.5.xml:2959
 msgid "proxy_lib_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2904
+#: sssd.conf.5.xml:2962
 msgid ""
 "The name of the NSS library to use in proxy domains. The NSS functions "
 "searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -3345,12 +3397,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2914
+#: sssd.conf.5.xml:2972
 msgid "proxy_fast_alias (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2917
+#: sssd.conf.5.xml:2975
 msgid ""
 "When a user or group is looked up by name in the proxy provider, a second "
 "lookup by ID is performed to \"canonicalize\" the name in case the requested "
@@ -3359,12 +3411,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2931
+#: sssd.conf.5.xml:2989
 msgid "proxy_max_children (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2934
+#: sssd.conf.5.xml:2992
 msgid ""
 "This option specifies the number of pre-forked proxy children. It is useful "
 "for high-load SSSD environments where sssd may run out of available child "
@@ -3372,19 +3424,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2883
+#: sssd.conf.5.xml:2941
 msgid ""
 "Options valid for proxy domains.  <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2950
+#: sssd.conf.5.xml:3008
 msgid "Application domains"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2952
+#: sssd.conf.5.xml:3010
 msgid ""
 "SSSD, with its D-Bus interface (see <citerefentry> "
 "<refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</manvolnum> "
@@ -3402,7 +3454,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2972
+#: sssd.conf.5.xml:3030
 msgid ""
 "Please note that the application domain must still be explicitly enabled in "
 "the <quote>domains</quote> parameter so that the lookup order between the "
@@ -3410,17 +3462,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:2978
+#: sssd.conf.5.xml:3036
 msgid "Application domain parameters"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2980
+#: sssd.conf.5.xml:3038
 msgid "inherit_from (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2983
+#: sssd.conf.5.xml:3041
 msgid ""
 "The SSSD POSIX-type domain the application domain inherits all settings "
 "from. The application domain can moreover add its own settings to the "
@@ -3429,7 +3481,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2997
+#: sssd.conf.5.xml:3055
 msgid ""
 "The following example illustrates the use of an application domain. In this "
 "setup, the POSIX domain is connected to an LDAP server and is used by the OS "
@@ -3439,7 +3491,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting>
-#: sssd.conf.5.xml:3005
+#: sssd.conf.5.xml:3063
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -3459,12 +3511,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:3023
+#: sssd.conf.5.xml:3081
 msgid "The local domain section"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:3025
+#: sssd.conf.5.xml:3083
 msgid ""
 "This section contains settings for domain that stores users and groups in "
 "SSSD native database, that is, a domain that uses "
@@ -3472,73 +3524,73 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3032
+#: sssd.conf.5.xml:3090
 msgid "default_shell (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3035
+#: sssd.conf.5.xml:3093
 msgid "The default shell for users created with SSSD userspace tools."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3039
+#: sssd.conf.5.xml:3097
 msgid "Default: <filename>/bin/bash</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3044
+#: sssd.conf.5.xml:3102
 msgid "base_directory (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3047
+#: sssd.conf.5.xml:3105
 msgid ""
 "The tools append the login name to <replaceable>base_directory</replaceable> "
 "and use that as the home directory."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3052
+#: sssd.conf.5.xml:3110
 msgid "Default: <filename>/home</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3057
+#: sssd.conf.5.xml:3115
 msgid "create_homedir (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3060
+#: sssd.conf.5.xml:3118
 msgid ""
 "Indicate if a home directory should be created by default for new users.  "
 "Can be overridden on command line."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3064 sssd.conf.5.xml:3076
+#: sssd.conf.5.xml:3122 sssd.conf.5.xml:3134
 msgid "Default: TRUE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3069
+#: sssd.conf.5.xml:3127
 msgid "remove_homedir (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3072
+#: sssd.conf.5.xml:3130
 msgid ""
 "Indicate if a home directory should be removed by default for deleted "
 "users.  Can be overridden on command line."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3081
+#: sssd.conf.5.xml:3139
 msgid "homedir_umask (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3084
+#: sssd.conf.5.xml:3142
 msgid ""
 "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
 "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -3546,17 +3598,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3092
+#: sssd.conf.5.xml:3150
 msgid "Default: 077"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3097
+#: sssd.conf.5.xml:3155
 msgid "skel_dir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3100
+#: sssd.conf.5.xml:3158
 msgid ""
 "The skeleton directory, which contains files and directories to be copied in "
 "the user's home directory, when the home directory is created by "
@@ -3565,17 +3617,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3110
+#: sssd.conf.5.xml:3168
 msgid "Default: <filename>/etc/skel</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3115
+#: sssd.conf.5.xml:3173
 msgid "mail_dir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3118
+#: sssd.conf.5.xml:3176
 msgid ""
 "The mail spool directory. This is needed to manipulate the mailbox when its "
 "corresponding user account is modified or deleted.  If not specified, a "
@@ -3583,17 +3635,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3125
+#: sssd.conf.5.xml:3183
 msgid "Default: <filename>/var/mail</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3130
+#: sssd.conf.5.xml:3188
 msgid "userdel_cmd (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3133
+#: sssd.conf.5.xml:3191
 msgid ""
 "The command that is run after a user is removed.  The command us passed the "
 "username of the user being removed as the first and only parameter. The "
@@ -3601,17 +3653,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3139
+#: sssd.conf.5.xml:3197
 msgid "Default: None, no command is run"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:3149
+#: sssd.conf.5.xml:3207
 msgid "TRUSTED DOMAIN SECTION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3151
+#: sssd.conf.5.xml:3209
 msgid ""
 "Some options used in the domain section can also be used in the trusted "
 "domain section, that is, in a section called "
@@ -3622,64 +3674,64 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3158
+#: sssd.conf.5.xml:3216
 msgid "ldap_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3159
+#: sssd.conf.5.xml:3217
 msgid "ldap_user_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3160
+#: sssd.conf.5.xml:3218
 msgid "ldap_group_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3161
+#: sssd.conf.5.xml:3219
 msgid "ldap_netgroup_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3162
+#: sssd.conf.5.xml:3220
 msgid "ldap_service_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3163
+#: sssd.conf.5.xml:3221
 msgid "ad_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3164
+#: sssd.conf.5.xml:3222
 msgid "ad_backup_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3165
+#: sssd.conf.5.xml:3223
 msgid "ad_site,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3166
+#: sssd.conf.5.xml:3224
 msgid "use_fully_qualified_names"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3168
+#: sssd.conf.5.xml:3226
 msgid ""
 "For more details about these options see their individual description in the "
 "manual page."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:3174 idmap_sss.8.xml:43
+#: sssd.conf.5.xml:3232 idmap_sss.8.xml:43
 msgid "EXAMPLES"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:3180
+#: sssd.conf.5.xml:3238
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -3709,7 +3761,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3176
+#: sssd.conf.5.xml:3234
 msgid ""
 "1. The following example shows a typical SSSD config. It does not describe "
 "configuration of the domains themselves - refer to documentation on "
@@ -3718,7 +3770,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:3213
+#: sssd.conf.5.xml:3271
 #, no-wrap
 msgid ""
 "[domain/ipa.com/child.ad.com]\n"
@@ -3726,7 +3778,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3207
+#: sssd.conf.5.xml:3265
 msgid ""
 "2. The following example shows configuration of IPA AD trust where the AD "
 "forest consists of two domains in a parent-child structure.  Suppose IPA "
@@ -3775,7 +3827,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:81 sssd-ad.5.xml:112 sssd-krb5.5.xml:63 sssd-ifp.5.xml:44 sssd-files.5.xml:57 sssd-secrets.5.xml:120 sssd-session-recording.5.xml:58 sssd-kcm.8.xml:139
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:81 sssd-ad.5.xml:115 sssd-krb5.5.xml:63 sssd-ifp.5.xml:44 sssd-files.5.xml:57 sssd-secrets.5.xml:120 sssd-session-recording.5.xml:58 sssd-kcm.8.xml:139
 msgid "CONFIGURATION OPTIONS"
 msgstr ""
 
@@ -3874,7 +3926,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:662 sssd-ad.5.xml:283 sss_override.8.xml:137 sss_override.8.xml:234
+#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:662 sssd-ad.5.xml:286 sss_override.8.xml:137 sss_override.8.xml:234
 msgid "Examples:"
 msgstr ""
 
@@ -5686,7 +5738,7 @@ msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1853 sssd-ad.5.xml:934
+#: sssd-ldap.5.xml:1853 sssd-ad.5.xml:937
 msgid "Default: 86400 (24 hours)"
 msgstr ""
 
@@ -6763,7 +6815,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2816 sssd-simple.5.xml:131 sssd-ipa.5.xml:736 sssd-ad.5.xml:1038 sssd-krb5.5.xml:570 sss_rpcidmapd.5.xml:98 sssd-files.5.xml:71 sssd-session-recording.5.xml:144
+#: sssd-ldap.5.xml:2816 sssd-simple.5.xml:131 sssd-ipa.5.xml:736 sssd-ad.5.xml:1041 sssd-krb5.5.xml:570 sss_rpcidmapd.5.xml:98 sssd-files.5.xml:103 sssd-session-recording.5.xml:144
 msgid "EXAMPLE"
 msgstr ""
 
@@ -6789,7 +6841,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:2823 sssd-ldap.5.xml:2841 sssd-simple.5.xml:139 sssd-ipa.5.xml:744 sssd-ad.5.xml:1046 sssd-sudo.5.xml:56 sssd-krb5.5.xml:579 sssd-files.5.xml:78 sssd-session-recording.5.xml:150 include/ldap_id_mapping.xml:105
+#: sssd-ldap.5.xml:2823 sssd-ldap.5.xml:2841 sssd-simple.5.xml:139 sssd-ipa.5.xml:744 sssd-ad.5.xml:1049 sssd-sudo.5.xml:56 sssd-krb5.5.xml:579 sssd-files.5.xml:110 sssd-session-recording.5.xml:150 include/ldap_id_mapping.xml:105
 msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
@@ -6822,7 +6874,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2857 sssd_krb5_locator_plugin.8.xml:61 sssd-simple.5.xml:148 sssd-ad.5.xml:1061 sssd.8.xml:230 sss_seed.8.xml:163
+#: sssd-ldap.5.xml:2857 sssd_krb5_locator_plugin.8.xml:61 sssd-simple.5.xml:148 sssd-ad.5.xml:1064 sssd.8.xml:230 sss_seed.8.xml:163
 msgid "NOTES"
 msgstr ""
 
@@ -7237,7 +7289,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:82 sssd-ad.5.xml:113
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:82 sssd-ad.5.xml:116
 msgid ""
 "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
 "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> "
@@ -7335,23 +7387,24 @@ msgstr ""
 msgid ""
 "The rules are processed by priority while the number '0' (zero)  indicates "
 "the highest priority. The higher the number the lower is the priority. A "
-"missing value indicates the lowest priority."
+"missing value indicates the lowest priority. The rules processing is stopped "
+"when a matched rule is found and no further rules are checked."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:50
+#: sss-certmap.5.xml:52
 msgid ""
 "Internally the priority is treated as unsigned 32bit integer, using a "
 "priority value larger than 4294967295 will cause an error."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sss-certmap.5.xml:55
+#: sss-certmap.5.xml:57
 msgid "MATCHING RULE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:57
+#: sss-certmap.5.xml:59
 msgid ""
 "The matching rule is used to select a certificate to which the mapping rule "
 "should be applied. It uses a system similar to the one used by "
@@ -7363,12 +7416,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:69
+#: sss-certmap.5.xml:71
 msgid "&lt;SUBJECT&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:72
+#: sss-certmap.5.xml:74
 msgid ""
 "With this a part or the whole subject name of the certificate can be "
 "matched. For the matching POSIX Extended Regular Expression syntax is used, "
@@ -7376,7 +7429,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:78
+#: sss-certmap.5.xml:80
 msgid ""
 "For the matching the subject name stored in the certificate in DER encoded "
 "ASN.1 is converted into a string according to RFC 4514. This means the most "
@@ -7389,172 +7442,172 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:91
+#: sss-certmap.5.xml:93
 msgid "Example: &lt;SUBJECT&gt;.*,DC=MY,DC=DOMAIN"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:96
+#: sss-certmap.5.xml:98
 msgid "&lt;ISSUER&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:99
+#: sss-certmap.5.xml:101
 msgid ""
 "With this a part or the whole issuer name of the certificate can be "
 "matched. All comments for &lt;SUBJECT&gt; apply her as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:104
+#: sss-certmap.5.xml:106
 msgid "Example: &lt;ISSUER&gt;^CN=My-CA,DC=MY,DC=DOMAIN$"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:109
+#: sss-certmap.5.xml:111
 msgid "&lt;KU&gt;key-usage"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:112
+#: sss-certmap.5.xml:114
 msgid ""
 "This option can be used to specify which key usage values the certificate "
 "should have. The following values can be used in a comma separated list:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:116
+#: sss-certmap.5.xml:118
 msgid "digitalSignature"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:117
+#: sss-certmap.5.xml:119
 msgid "nonRepudiation"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:118
+#: sss-certmap.5.xml:120
 msgid "keyEncipherment"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:119
+#: sss-certmap.5.xml:121
 msgid "dataEncipherment"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:120
+#: sss-certmap.5.xml:122
 msgid "keyAgreement"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:121
+#: sss-certmap.5.xml:123
 msgid "keyCertSign"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:122
+#: sss-certmap.5.xml:124
 msgid "cRLSign"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:123
+#: sss-certmap.5.xml:125
 msgid "encipherOnly"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:124
+#: sss-certmap.5.xml:126
 msgid "decipherOnly"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:128
+#: sss-certmap.5.xml:130
 msgid ""
 "A numerical value in the range of a 32bit unsigned integer can be used as "
 "well to cover special use cases."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:132
+#: sss-certmap.5.xml:134
 msgid "Example: &lt;KU&gt;digitalSignature,keyEncipherment"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:137
+#: sss-certmap.5.xml:139
 msgid "&lt;EKU&gt;extended-key-usage"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:140
+#: sss-certmap.5.xml:142
 msgid ""
 "This option can be used to specify which extended key usage the certificate "
 "should have. The following value can be used in a comma separated list:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:144
+#: sss-certmap.5.xml:146
 msgid "serverAuth"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:145
+#: sss-certmap.5.xml:147
 msgid "clientAuth"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:146
+#: sss-certmap.5.xml:148
 msgid "codeSigning"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:147
+#: sss-certmap.5.xml:149
 msgid "emailProtection"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:148
+#: sss-certmap.5.xml:150
 msgid "timeStamping"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:149
+#: sss-certmap.5.xml:151
 msgid "OCSPSigning"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:150
+#: sss-certmap.5.xml:152
 msgid "KPClientAuth"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:151
+#: sss-certmap.5.xml:153
 msgid "pkinit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:152
+#: sss-certmap.5.xml:154
 msgid "msScLogin"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:156
+#: sss-certmap.5.xml:158
 msgid ""
 "Extended key usages which are not listed above can be specified with their "
 "OID in dotted-decimal notation."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:160
+#: sss-certmap.5.xml:162
 msgid "Example: &lt;EKU&gt;clientAuth,1.3.6.1.5.2.3.4"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:165
+#: sss-certmap.5.xml:167
 msgid "&lt;SAN&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:168
+#: sss-certmap.5.xml:170
 msgid ""
 "To be compatible with the usage of MIT Kerberos this option will match the "
 "Kerberos principals in the PKINIT or AD NT Principal SAN as "
@@ -7562,62 +7615,62 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:173
+#: sss-certmap.5.xml:175
 msgid "Example: &lt;SAN&gt;.*@MY\\.REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:178
+#: sss-certmap.5.xml:180
 msgid "&lt;SAN:Principal&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:181
+#: sss-certmap.5.xml:183
 msgid "Match the Kerberos principals in the PKINIT or AD NT Principal SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:185
+#: sss-certmap.5.xml:187
 msgid "Example: &lt;SAN:Principal&gt;.*@MY\\.REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:190
+#: sss-certmap.5.xml:192
 msgid "&lt;SAN:ntPrincipalName&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:193
+#: sss-certmap.5.xml:195
 msgid "Match the Kerberos principals from the AD NT Principal SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:197
+#: sss-certmap.5.xml:199
 msgid "Example: &lt;SAN:ntPrincipalName&gt;.*@MY.AD.REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:202
+#: sss-certmap.5.xml:204
 msgid "&lt;SAN:pkinit&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:205
+#: sss-certmap.5.xml:207
 msgid "Match the Kerberos principals from the PKINIT SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:208
+#: sss-certmap.5.xml:210
 msgid "Example: &lt;SAN:ntPrincipalName&gt;.*@MY\\.PKINIT\\.REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:213
+#: sss-certmap.5.xml:215
 msgid "&lt;SAN:dotted-decimal-oid&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:216
+#: sss-certmap.5.xml:218
 msgid ""
 "Take the value of the otherName SAN component given by the OID in "
 "dotted-decimal notation, interpret it as string and try to match it against "
@@ -7625,17 +7678,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:222
+#: sss-certmap.5.xml:224
 msgid "Example: &lt;SAN:1.2.3.4&gt;test"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:227
+#: sss-certmap.5.xml:229
 msgid "&lt;SAN:otherName&gt;base64-string"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:230
+#: sss-certmap.5.xml:232
 msgid ""
 "Do a binary match with the base64 encoded blob against all otherName SAN "
 "components. With this option it is possible to match against custom "
@@ -7644,144 +7697,144 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:237
+#: sss-certmap.5.xml:239
 msgid "Example: &lt;SAN:otherName&gt;MTIz"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:242
+#: sss-certmap.5.xml:244
 msgid "&lt;SAN:rfc822Name&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:245
+#: sss-certmap.5.xml:247
 msgid "Match the value of the rfc822Name SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:248
+#: sss-certmap.5.xml:250
 msgid "Example: &lt;SAN:rfc822Name&gt;.*@email\\.domain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:253
+#: sss-certmap.5.xml:255
 msgid "&lt;SAN:dNSName&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:256
+#: sss-certmap.5.xml:258
 msgid "Match the value of the dNSName SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:259
+#: sss-certmap.5.xml:261
 msgid "Example: &lt;SAN:dNSName&gt;.*\\.my\\.dns\\.domain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:264
+#: sss-certmap.5.xml:266
 msgid "&lt;SAN:x400Address&gt;base64-string"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:267
+#: sss-certmap.5.xml:269
 msgid "Binary match the value of the x400Address SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:270
+#: sss-certmap.5.xml:272
 msgid "Example: &lt;SAN:x400Address&gt;MTIz"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:275
+#: sss-certmap.5.xml:277
 msgid "&lt;SAN:directoryName&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:278
+#: sss-certmap.5.xml:280
 msgid ""
 "Match the value of the directoryName SAN. The same comments as given for "
 "&lt;ISSUER&gt; and &lt;SUBJECT&gt; apply here as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:283
+#: sss-certmap.5.xml:285
 msgid "Example: &lt;SAN:directoryName&gt;.*,DC=com"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:288
+#: sss-certmap.5.xml:290
 msgid "&lt;SAN:ediPartyName&gt;base64-string"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:291
+#: sss-certmap.5.xml:293
 msgid "Binary match the value of the ediPartyName SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:294
+#: sss-certmap.5.xml:296
 msgid "Example: &lt;SAN:ediPartyName&gt;MTIz"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:299
+#: sss-certmap.5.xml:301
 msgid "&lt;SAN:uniformResourceIdentifier&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:302
+#: sss-certmap.5.xml:304
 msgid "Match the value of the uniformResourceIdentifier SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:305
+#: sss-certmap.5.xml:307
 msgid "Example: &lt;SAN:uniformResourceIdentifier&gt;URN:.*"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:310
+#: sss-certmap.5.xml:312
 msgid "&lt;SAN:iPAddress&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:313
+#: sss-certmap.5.xml:315
 msgid "Match the value of the iPAddress SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:316
+#: sss-certmap.5.xml:318
 msgid "Example: &lt;SAN:iPAddress&gt;192\\.168\\..*"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:321
+#: sss-certmap.5.xml:323
 msgid "&lt;SAN:registeredID&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:324
+#: sss-certmap.5.xml:326
 msgid "Match the value of the registeredID SAN as dotted-decimal string."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:328
+#: sss-certmap.5.xml:330
 msgid "Example: &lt;SAN:registeredID&gt;1\\.2\\.3\\..*"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:66
+#: sss-certmap.5.xml:68
 msgid "The available options are: <placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sss-certmap.5.xml:336
+#: sss-certmap.5.xml:338
 msgid "MAPPING RULE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:338
+#: sss-certmap.5.xml:340
 msgid ""
 "The mapping rule is used to associate a certificate with one or more "
 "accounts. A Smartcard with the certificate and the matching private key can "
@@ -7789,7 +7842,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:343
+#: sss-certmap.5.xml:345
 msgid ""
 "Currently SSSD basically only supports LDAP to lookup user information (the "
 "exception is the proxy provider which is not of relevance here). Because of "
@@ -7801,7 +7854,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:353
+#: sss-certmap.5.xml:355
 msgid ""
 "In general it is recommended to use attributes from the certificate and add "
 "them to special attributes to the LDAP user object. E.g. the "
@@ -7810,7 +7863,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:359
+#: sss-certmap.5.xml:361
 msgid ""
 "This should be preferred to read user specific data from the certificate "
 "like e.g. an email address and search for it in the LDAP server. The reason "
@@ -7820,12 +7873,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:374
+#: sss-certmap.5.xml:376
 msgid "{issuer_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:377
+#: sss-certmap.5.xml:379
 msgid ""
 "This template will add the full issuer DN converted to a string according to "
 "RFC 4514. If X.500 ordering (most specific RDN comes last) an option with "
@@ -7833,40 +7886,40 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:383 sss-certmap.5.xml:409
+#: sss-certmap.5.xml:385 sss-certmap.5.xml:411
 msgid ""
 "The conversion options starting with 'ad_' will use attribute names as used "
 "by AD, e.g. 'S' instead of 'ST'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:387 sss-certmap.5.xml:413
+#: sss-certmap.5.xml:389 sss-certmap.5.xml:415
 msgid ""
 "The conversion options starting with 'nss_' will use attribute names as used "
 "by NSS."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:391 sss-certmap.5.xml:417
+#: sss-certmap.5.xml:393 sss-certmap.5.xml:419
 msgid ""
 "The default conversion option is 'nss', i.e. attribute names according to "
 "NSS and LDAP/RFC 4514 ordering."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:395
+#: sss-certmap.5.xml:397
 msgid ""
 "Example: "
 "(ipacertmapdata=X509:&lt;I&gt;{issuer_dn!ad}&lt;S&gt;{subject_dn!ad})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:400
+#: sss-certmap.5.xml:402
 msgid "{subject_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:403
+#: sss-certmap.5.xml:405
 msgid ""
 "This template will add the full subject DN converted to string according to "
 "RFC 4514. If X.500 ordering (most specific RDN comes last) an option with "
@@ -7874,19 +7927,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:421
+#: sss-certmap.5.xml:423
 msgid ""
 "Example: "
 "(ipacertmapdata=X509:&lt;I&gt;{issuer_dn!nss_x500}&lt;S&gt;{subject_dn!nss_x500})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:426
+#: sss-certmap.5.xml:428
 msgid "{cert[!(bin|base64)]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:429
+#: sss-certmap.5.xml:431
 msgid ""
 "This template will add the whole DER encoded certificate as a string to the "
 "search filter. Depending on the conversion option the binary certificate is "
@@ -7896,17 +7949,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:437
+#: sss-certmap.5.xml:439
 msgid "Example: (userCertificate;binary={cert!bin})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:442
+#: sss-certmap.5.xml:444
 msgid "{subject_principal[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:445
+#: sss-certmap.5.xml:447
 msgid ""
 "This template will add the Kerberos principal which is taken either from the "
 "SAN used by pkinit or the one used by AD. The 'short_name' component "
@@ -7914,19 +7967,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:451 sss-certmap.5.xml:479
+#: sss-certmap.5.xml:453 sss-certmap.5.xml:481
 msgid ""
 "Example: "
 "(|(userPrincipal={subject_principal})(samAccountName={subject_principal.short_name}))"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:456
+#: sss-certmap.5.xml:458
 msgid "{subject_pkinit_principal[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:459
+#: sss-certmap.5.xml:461
 msgid ""
 "This template will add the Kerberos principal which is given by the SAN used "
 "by pkinit. The 'short_name' component represents the first part of the "
@@ -7934,19 +7987,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:465
+#: sss-certmap.5.xml:467
 msgid ""
 "Example: "
 "(|(userPrincipal={subject_pkinit_principal})(uid={subject_pkinit_principal.short_name}))"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:470
+#: sss-certmap.5.xml:472
 msgid "{subject_nt_principal[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:473
+#: sss-certmap.5.xml:475
 msgid ""
 "This template will add the Kerberos principal which is given by the SAN used "
 "by AD. The 'short_name' component represent the first part of the principal "
@@ -7954,12 +8007,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:484
+#: sss-certmap.5.xml:486
 msgid "{subject_rfc822_name[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:487
+#: sss-certmap.5.xml:489
 msgid ""
 "This template will add the string which is stored in the rfc822Name "
 "component of the SAN, typically an email address. The 'short_name' component "
@@ -7967,19 +8020,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:493
+#: sss-certmap.5.xml:495
 msgid ""
 "Example: "
 "(|(mail={subject_rfc822_name})(uid={subject_rfc822_name.short_name}))"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:498
+#: sss-certmap.5.xml:500
 msgid "{subject_dns_name[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:501
+#: sss-certmap.5.xml:503
 msgid ""
 "This template will add the string which is stored in the dNSName component "
 "of the SAN, typically a fully-qualified host name.  The 'short_name' "
@@ -7987,114 +8040,114 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:507
+#: sss-certmap.5.xml:509
 msgid "Example: (|(fqdn={subject_dns_name})(host={subject_dns_name.short_name}))"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:512
+#: sss-certmap.5.xml:514
 msgid "{subject_uri}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:515
+#: sss-certmap.5.xml:517
 msgid ""
 "This template will add the string which is stored in the "
 "uniformResourceIdentifier component of the SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:519
+#: sss-certmap.5.xml:521
 msgid "Example: (uri={subject_uri})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:524
+#: sss-certmap.5.xml:526
 msgid "{subject_ip_address}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:527
+#: sss-certmap.5.xml:529
 msgid ""
 "This template will add the string which is stored in the iPAddress component "
 "of the SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:531
+#: sss-certmap.5.xml:533
 msgid "Example: (ip={subject_ip_address})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:536
+#: sss-certmap.5.xml:538
 msgid "{subject_x400_address}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:539
+#: sss-certmap.5.xml:541
 msgid ""
 "This template will add the value which is stored in the x400Address "
 "component of the SAN as escaped hex sequence."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:544
+#: sss-certmap.5.xml:546
 msgid "Example: (attr:binary={subject_x400_address})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:549
+#: sss-certmap.5.xml:551
 msgid "{subject_directory_name[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:552
+#: sss-certmap.5.xml:554
 msgid ""
 "This template will add the DN string of the value which is stored in the "
 "directoryName component of the SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:556
+#: sss-certmap.5.xml:558
 msgid "Example: (orig_dn={subject_directory_name})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:561
+#: sss-certmap.5.xml:563
 msgid "{subject_ediparty_name}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:564
+#: sss-certmap.5.xml:566
 msgid ""
 "This template will add the value which is stored in the ediPartyName "
 "component of the SAN as escaped hex sequence."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:569
+#: sss-certmap.5.xml:571
 msgid "Example: (attr:binary={subject_ediparty_name})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:574
+#: sss-certmap.5.xml:576
 msgid "{subject_registered_id}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:577
+#: sss-certmap.5.xml:579
 msgid ""
 "This template will add the OID which is stored in the registeredID component "
 "of the SAN as a dotted-decimal string."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:582
+#: sss-certmap.5.xml:584
 msgid "Example: (oid={subject_registered_id})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:367
+#: sss-certmap.5.xml:369
 msgid ""
 "The templates to add certificate data to the search filter are based on "
 "Python-style formatting strings. They consist of a keyword in curly braces "
@@ -8104,12 +8157,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sss-certmap.5.xml:590
+#: sss-certmap.5.xml:592
 msgid "DOMAIN LIST"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:592
+#: sss-certmap.5.xml:594
 msgid ""
 "If the domain list is not empty users mapped to a given certificate are not "
 "only searched in the local domain but in the listed domains as well as long "
@@ -8232,7 +8285,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:863
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:866
 msgid "dyndns_update (boolean)"
 msgstr ""
 
@@ -8247,7 +8300,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:140 sssd-ad.5.xml:877
+#: sssd-ipa.5.xml:140 sssd-ad.5.xml:880
 msgid ""
 "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
 "the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -8262,12 +8315,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:157 sssd-ad.5.xml:888
+#: sssd-ipa.5.xml:157 sssd-ad.5.xml:891
 msgid "dyndns_ttl (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:160 sssd-ad.5.xml:891
+#: sssd-ipa.5.xml:160 sssd-ad.5.xml:894
 msgid ""
 "The TTL to apply to the client DNS record when updating it.  If "
 "dyndns_update is false this has no effect. This will override the TTL "
@@ -8288,12 +8341,12 @@ msgid "Default: 1200 (seconds)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:177 sssd-ad.5.xml:902
+#: sssd-ipa.5.xml:177 sssd-ad.5.xml:905
 msgid "dyndns_iface (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:180 sssd-ad.5.xml:905
+#: sssd-ipa.5.xml:180 sssd-ad.5.xml:908
 msgid ""
 "Optional. Applicable only when dyndns_update is true. Choose the interface "
 "or a list of interfaces whose IP addresses should be used for dynamic DNS "
@@ -8317,17 +8370,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:197 sssd-ad.5.xml:916
+#: sssd-ipa.5.xml:197 sssd-ad.5.xml:919
 msgid "Example: dyndns_iface = em1, vnet1, vnet2"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:203 sssd-ad.5.xml:967
+#: sssd-ipa.5.xml:203 sssd-ad.5.xml:970
 msgid "dyndns_auth (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:206 sssd-ad.5.xml:970
+#: sssd-ipa.5.xml:206 sssd-ad.5.xml:973
 msgid ""
 "Whether the nsupdate utility should use GSS-TSIG authentication for secure "
 "updates with the DNS server, insecure updates can be sent by setting this "
@@ -8335,7 +8388,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:212 sssd-ad.5.xml:976
+#: sssd-ipa.5.xml:212 sssd-ad.5.xml:979
 msgid "Default: GSS-TSIG"
 msgstr ""
 
@@ -8345,7 +8398,7 @@ msgid "ipa_enable_dns_sites (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:221 sssd-ad.5.xml:210
+#: sssd-ipa.5.xml:221 sssd-ad.5.xml:213
 msgid "Enables DNS sites - location based service discovery."
 msgstr ""
 
@@ -8363,7 +8416,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:244 sssd-ad.5.xml:922
+#: sssd-ipa.5.xml:244 sssd-ad.5.xml:925
 msgid "dyndns_refresh_interval (integer)"
 msgstr ""
 
@@ -8376,12 +8429,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:940
+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:943
 msgid "dyndns_update_ptr (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:263 sssd-ad.5.xml:943
+#: sssd-ipa.5.xml:263 sssd-ad.5.xml:946
 msgid ""
 "Whether the PTR record should also be explicitly updated when updating the "
 "client's DNS records.  Applicable only when dyndns_update is true."
@@ -8400,50 +8453,50 @@ msgid "Default: False (disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:280 sssd-ad.5.xml:954
+#: sssd-ipa.5.xml:280 sssd-ad.5.xml:957
 msgid "dyndns_force_tcp (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:283 sssd-ad.5.xml:957
+#: sssd-ipa.5.xml:283 sssd-ad.5.xml:960
 msgid ""
 "Whether the nsupdate utility should default to using TCP for communicating "
 "with the DNS server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:287 sssd-ad.5.xml:961
+#: sssd-ipa.5.xml:287 sssd-ad.5.xml:964
 msgid "Default: False (let nsupdate choose the protocol)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:293 sssd-ad.5.xml:982
+#: sssd-ipa.5.xml:293 sssd-ad.5.xml:985
 msgid "dyndns_server (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:296 sssd-ad.5.xml:985
+#: sssd-ipa.5.xml:296 sssd-ad.5.xml:988
 msgid ""
 "The DNS server to use when performing a DNS update. In most setups, it's "
 "recommended to leave this option unset."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:301 sssd-ad.5.xml:990
+#: sssd-ipa.5.xml:301 sssd-ad.5.xml:993
 msgid ""
 "Setting this option makes sense for environments where the DNS server is "
 "different from the identity server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:306 sssd-ad.5.xml:995
+#: sssd-ipa.5.xml:306 sssd-ad.5.xml:998
 msgid ""
 "Please note that this option will be only used in fallback attempt when "
 "previous attempt using autodetected settings failed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1000
+#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1003
 msgid "Default: None (let nsupdate choose the server)"
 msgstr ""
 
@@ -8554,26 +8607,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:443 sssd-ad.5.xml:1009
+#: sssd-ipa.5.xml:443 sssd-ad.5.xml:1012
 msgid "krb5_confd_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:446 sssd-ad.5.xml:1012
+#: sssd-ipa.5.xml:446 sssd-ad.5.xml:1015
 msgid ""
 "Absolute path of a directory where SSSD should place Kerberos configuration "
 "snippets."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:450 sssd-ad.5.xml:1016
+#: sssd-ipa.5.xml:450 sssd-ad.5.xml:1019
 msgid ""
 "To disable the creation of the configuration snippets set the parameter to "
 "'none'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454 sssd-ad.5.xml:1020
+#: sssd-ipa.5.xml:454 sssd-ad.5.xml:1023
 msgid "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
 msgstr ""
 
@@ -8591,7 +8644,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471 sssd-ipa.5.xml:501 sssd-ipa.5.xml:517 sssd-ad.5.xml:428
+#: sssd-ipa.5.xml:471 sssd-ipa.5.xml:501 sssd-ipa.5.xml:517 sssd-ad.5.xml:431
 msgid "Default: 5 (seconds)"
 msgstr ""
 
@@ -9012,11 +9065,13 @@ msgid ""
 "POSIX attributes are not replicated to the Global Catalog, SSSD must search "
 "all the domains in the forest sequentially. Please note that the "
 "<quote>cache_first</quote> option might be also helpful in speeding up "
-"domainless searches."
+"domainless searches.  Note that if only a subset of POSIX attributes is "
+"present in the Global Catalog, the non-replicated attributes are currently "
+"not read from the LDAP port."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:105
+#: sssd-ad.5.xml:108
 msgid ""
 "Users, groups and other entities served by SSSD are always treated as "
 "case-insensitive in the AD provider for compatibility with Active "
@@ -9024,38 +9079,38 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:120
+#: sssd-ad.5.xml:123
 msgid "ad_domain (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:123
+#: sssd-ad.5.xml:126
 msgid ""
 "Specifies the name of the Active Directory domain.  This is optional. If not "
 "provided, the configuration domain name is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:128
+#: sssd-ad.5.xml:131
 msgid ""
 "For proper operation, this option should be specified as the lower-case "
 "version of the long version of the Active Directory domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:133
+#: sssd-ad.5.xml:136
 msgid ""
 "The short domain name (also known as the NetBIOS or the flat name) is "
 "autodetected by the SSSD."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:140
+#: sssd-ad.5.xml:143
 msgid "ad_enabled_domains (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:143
+#: sssd-ad.5.xml:146
 msgid ""
 "A comma-separated list of enabled Active Directory domains.  If provided, "
 "SSSD will ignore any domains not listed in this option. If left unset, all "
@@ -9063,7 +9118,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:153
+#: sssd-ad.5.xml:156
 #, no-wrap
 msgid ""
 "ad_enabled_domains = sales.example.com, eng.example.com\n"
@@ -9071,7 +9126,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:149
+#: sssd-ad.5.xml:152
 msgid ""
 "For proper operation, this option must be specified in all lower-case and as "
 "the fully qualified domain name of the Active Directory domain. For example: "
@@ -9079,19 +9134,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:157
+#: sssd-ad.5.xml:160
 msgid ""
 "The short domain name (also known as the NetBIOS or the flat name) will be "
 "autodetected by SSSD."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:167
+#: sssd-ad.5.xml:170
 msgid "ad_server, ad_backup_server (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:170
+#: sssd-ad.5.xml:173
 msgid ""
 "The comma-separated list of hostnames of the AD servers to which SSSD should "
 "connect in order of preference. For more information on failover and server "
@@ -9099,26 +9154,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:177
+#: sssd-ad.5.xml:180
 msgid ""
 "This is optional if autodiscovery is enabled.  For more information on "
 "service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:182
+#: sssd-ad.5.xml:185
 msgid ""
 "Note: Trusted domains will always auto-discover servers even if the primary "
 "server is explicitly defined in the ad_server option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:190
+#: sssd-ad.5.xml:193
 msgid "ad_hostname (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:193
+#: sssd-ad.5.xml:196
 msgid ""
 "Optional. May be set on machines where the hostname(5) does not reflect the "
 "fully qualified name used in the Active Directory domain to identify this "
@@ -9126,19 +9181,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:199
+#: sssd-ad.5.xml:202
 msgid ""
 "This field is used to determine the host principal in use in the keytab. It "
 "must match the hostname for which the keytab was issued."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:207
+#: sssd-ad.5.xml:210
 msgid "ad_enable_dns_sites (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:214
+#: sssd-ad.5.xml:217
 msgid ""
 "If true and service discovery (see Service Discovery paragraph at the bottom "
 "of the man page)  is enabled, the SSSD will first attempt to discover the "
@@ -9149,12 +9204,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:230
+#: sssd-ad.5.xml:233
 msgid "ad_access_filter (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:233
+#: sssd-ad.5.xml:236
 msgid ""
 "This option specifies LDAP access control filter that the user must match in "
 "order to be allowed access. Please note that the "
@@ -9163,7 +9218,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:241
+#: sssd-ad.5.xml:244
 msgid ""
 "The option also supports specifying different filters per domain or "
 "forest. This extended filter would consist of: "
@@ -9172,7 +9227,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:249
+#: sssd-ad.5.xml:252
 msgid ""
 "If the keyword equals to <quote>DOM</quote> or is missing, then "
 "<quote>NAME</quote> specifies the domain or subdomain the filter applies "
@@ -9181,14 +9236,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:257
+#: sssd-ad.5.xml:260
 msgid ""
 "Multiple filters can be separated with the <quote>?</quote> character, "
 "similarly to how search bases work."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:262
+#: sssd-ad.5.xml:265
 msgid ""
 "Nested group membership must be searched for using a special OID "
 "<quote>:1.2.840.113556.1.4.1941:</quote> in addition to the full "
@@ -9201,7 +9256,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:275
+#: sssd-ad.5.xml:278
 msgid ""
 "The most specific match is always used. For example, if the option specified "
 "filter for a domain the user is a member of and a global filter, the "
@@ -9210,7 +9265,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ad.5.xml:286
+#: sssd-ad.5.xml:289
 #, no-wrap
 msgid ""
 "# apply filter on domain called dom1 only:\n"
@@ -9228,24 +9283,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:305
+#: sssd-ad.5.xml:308
 msgid "ad_site (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:308
+#: sssd-ad.5.xml:311
 msgid ""
 "Specify AD site to which client should try to connect.  If this option is "
 "not provided, the AD site will be auto-discovered."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:319
+#: sssd-ad.5.xml:322
 msgid "ad_enable_gc (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:322
+#: sssd-ad.5.xml:325
 msgid ""
 "By default, the SSSD connects to the Global Catalog first to retrieve users "
 "from trusted domains and uses the LDAP port to retrieve group memberships or "
@@ -9254,7 +9309,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:330
+#: sssd-ad.5.xml:333
 msgid ""
 "Please note that disabling Global Catalog support does not disable "
 "retrieving users from trusted domains. The SSSD would connect to the LDAP "
@@ -9263,12 +9318,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:344
+#: sssd-ad.5.xml:347
 msgid "ad_gpo_access_control (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:347
+#: sssd-ad.5.xml:350
 msgid ""
 "This option specifies the operation mode for GPO-based access control "
 "functionality: whether it operates in disabled mode, enforcing mode, or "
@@ -9278,14 +9333,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:356
+#: sssd-ad.5.xml:359
 msgid ""
 "GPO-based access control functionality uses GPO policy settings to determine "
 "whether or not a particular user is allowed to logon to a particular host."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:362
+#: sssd-ad.5.xml:365
 msgid ""
 "NOTE: The current version of SSSD does not support host (computer) entries "
 "in the GPO 'Security Filtering' list. Only user and group entries are "
@@ -9293,7 +9348,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:369
+#: sssd-ad.5.xml:372
 msgid ""
 "NOTE: If the operation mode is set to enforcing, it is possible that users "
 "that were previously allowed logon access will now be denied logon access "
@@ -9306,22 +9361,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:382
+#: sssd-ad.5.xml:385
 msgid "There are three supported values for this option:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:386
+#: sssd-ad.5.xml:389
 msgid "disabled: GPO-based access control rules are neither evaluated nor enforced."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:392
+#: sssd-ad.5.xml:395
 msgid "enforcing: GPO-based access control rules are evaluated and enforced."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:398
+#: sssd-ad.5.xml:401
 msgid ""
 "permissive: GPO-based access control rules are evaluated, but not enforced.  "
 "Instead, a syslog message will be emitted indicating that the user would "
@@ -9329,22 +9384,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:409
+#: sssd-ad.5.xml:412
 msgid "Default: permissive"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:412
+#: sssd-ad.5.xml:415
 msgid "Default: enforcing"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:418
+#: sssd-ad.5.xml:421
 msgid "ad_gpo_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:421
+#: sssd-ad.5.xml:424
 msgid ""
 "The amount of time between lookups of GPO policy files against the AD "
 "server. This will reduce the latency and load on the AD server if there are "
@@ -9352,12 +9407,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:434
+#: sssd-ad.5.xml:437
 msgid "ad_gpo_map_interactive (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:437
+#: sssd-ad.5.xml:440
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the InteractiveLogonRight and "
@@ -9365,14 +9420,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:443
+#: sssd-ad.5.xml:446
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Allow "
 "log on locally\" and \"Deny log on locally\"."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:457
+#: sssd-ad.5.xml:460
 #, no-wrap
 msgid ""
 "ad_gpo_map_interactive = +my_pam_service, -login\n"
@@ -9380,7 +9435,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:448
+#: sssd-ad.5.xml:451
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -9392,77 +9447,77 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:461 sssd-ad.5.xml:557 sssd-ad.5.xml:603 sssd-ad.5.xml:648 sssd-ad.5.xml:714
+#: sssd-ad.5.xml:464 sssd-ad.5.xml:560 sssd-ad.5.xml:606 sssd-ad.5.xml:651 sssd-ad.5.xml:717
 msgid "Default: the default set of PAM service names includes:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:465
+#: sssd-ad.5.xml:468
 msgid "login"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:470
+#: sssd-ad.5.xml:473
 msgid "su"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:475
+#: sssd-ad.5.xml:478
 msgid "su-l"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:480
+#: sssd-ad.5.xml:483
 msgid "gdm-fingerprint"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:485
+#: sssd-ad.5.xml:488
 msgid "gdm-password"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:490
+#: sssd-ad.5.xml:493
 msgid "gdm-smartcard"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:495
+#: sssd-ad.5.xml:498
 msgid "kdm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:500
+#: sssd-ad.5.xml:503
 msgid "lightdm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:505
+#: sssd-ad.5.xml:508
 msgid "lxdm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:510
+#: sssd-ad.5.xml:513
 msgid "sddm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:515
+#: sssd-ad.5.xml:518
 msgid "unity"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:520
+#: sssd-ad.5.xml:523
 msgid "xdm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:529
+#: sssd-ad.5.xml:532
 msgid "ad_gpo_map_remote_interactive (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:532
+#: sssd-ad.5.xml:535
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the RemoteInteractiveLogonRight and "
@@ -9470,7 +9525,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:538
+#: sssd-ad.5.xml:541
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Allow "
 "log on through Remote Desktop Services\" and \"Deny log on through Remote "
@@ -9478,7 +9533,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:553
+#: sssd-ad.5.xml:556
 #, no-wrap
 msgid ""
 "ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n"
@@ -9486,7 +9541,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:544
+#: sssd-ad.5.xml:547
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -9498,22 +9553,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:561
+#: sssd-ad.5.xml:564
 msgid "sshd"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:566
+#: sssd-ad.5.xml:569
 msgid "cockpit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:575
+#: sssd-ad.5.xml:578
 msgid "ad_gpo_map_network (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:578
+#: sssd-ad.5.xml:581
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the NetworkLogonRight and "
@@ -9521,7 +9576,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:584
+#: sssd-ad.5.xml:587
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Access "
 "this computer from the network\" and \"Deny access to this computer from the "
@@ -9529,7 +9584,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:599
+#: sssd-ad.5.xml:602
 #, no-wrap
 msgid ""
 "ad_gpo_map_network = +my_pam_service, -ftp\n"
@@ -9537,7 +9592,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:590
+#: sssd-ad.5.xml:593
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -9549,22 +9604,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:607
+#: sssd-ad.5.xml:610
 msgid "ftp"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:612
+#: sssd-ad.5.xml:615
 msgid "samba"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:621
+#: sssd-ad.5.xml:624
 msgid "ad_gpo_map_batch (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:624
+#: sssd-ad.5.xml:627
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the BatchLogonRight and DenyBatchLogonRight "
@@ -9572,14 +9627,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:630
+#: sssd-ad.5.xml:633
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Allow "
 "log on as a batch job\" and \"Deny log on as a batch job\"."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:644
+#: sssd-ad.5.xml:647
 #, no-wrap
 msgid ""
 "ad_gpo_map_batch = +my_pam_service, -crond\n"
@@ -9587,7 +9642,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:635
+#: sssd-ad.5.xml:638
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -9599,17 +9654,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:652
+#: sssd-ad.5.xml:655
 msgid "crond"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:661
+#: sssd-ad.5.xml:664
 msgid "ad_gpo_map_service (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:664
+#: sssd-ad.5.xml:667
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the ServiceLogonRight and "
@@ -9617,14 +9672,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:670
+#: sssd-ad.5.xml:673
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Allow "
 "log on as a service\" and \"Deny log on as a service\"."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:683
+#: sssd-ad.5.xml:686
 #, no-wrap
 msgid ""
 "ad_gpo_map_service = +my_pam_service\n"
@@ -9632,7 +9687,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:675 sssd-ad.5.xml:750
+#: sssd-ad.5.xml:678 sssd-ad.5.xml:753
 msgid ""
 "It is possible to add a PAM service name to the default set by using "
 "<quote>+service_name</quote>.  Since the default set is empty, it is not "
@@ -9643,19 +9698,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:693
+#: sssd-ad.5.xml:696
 msgid "ad_gpo_map_permit (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:696
+#: sssd-ad.5.xml:699
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access is "
 "always granted, regardless of any GPO Logon Rights."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:710
+#: sssd-ad.5.xml:713
 #, no-wrap
 msgid ""
 "ad_gpo_map_permit = +my_pam_service, -sudo\n"
@@ -9663,7 +9718,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:701
+#: sssd-ad.5.xml:704
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -9675,39 +9730,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:718
+#: sssd-ad.5.xml:721
 msgid "polkit-1"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:723
+#: sssd-ad.5.xml:726
 msgid "sudo"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:728
+#: sssd-ad.5.xml:731
 msgid "sudo-i"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:733
+#: sssd-ad.5.xml:736
 msgid "systemd-user"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:742
+#: sssd-ad.5.xml:745
 msgid "ad_gpo_map_deny (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:745
+#: sssd-ad.5.xml:748
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access is "
 "always denied, regardless of any GPO Logon Rights."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:758
+#: sssd-ad.5.xml:761
 #, no-wrap
 msgid ""
 "ad_gpo_map_deny = +my_pam_service\n"
@@ -9715,12 +9770,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:768
+#: sssd-ad.5.xml:771
 msgid "ad_gpo_default_right (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:771
+#: sssd-ad.5.xml:774
 msgid ""
 "This option defines how access control is evaluated for PAM service names "
 "that are not explicitly listed in one of the ad_gpo_map_* options. This "
@@ -9733,57 +9788,57 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:784
+#: sssd-ad.5.xml:787
 msgid "Supported values for this option include:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:788
+#: sssd-ad.5.xml:791
 msgid "interactive"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:793
+#: sssd-ad.5.xml:796
 msgid "remote_interactive"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:798
+#: sssd-ad.5.xml:801
 msgid "network"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:803
+#: sssd-ad.5.xml:806
 msgid "batch"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:808
+#: sssd-ad.5.xml:811
 msgid "service"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:813
+#: sssd-ad.5.xml:816
 msgid "permit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:818
+#: sssd-ad.5.xml:821
 msgid "deny"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:824
+#: sssd-ad.5.xml:827
 msgid "Default: deny"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:830
+#: sssd-ad.5.xml:833
 msgid "ad_maximum_machine_account_password_age (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:833
+#: sssd-ad.5.xml:836
 msgid ""
 "SSSD will check once a day if the machine account password is older than the "
 "given age in days and try to renew it. A value of 0 will disable the renewal "
@@ -9791,17 +9846,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:839
+#: sssd-ad.5.xml:842
 msgid "Default: 30 days"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:845
+#: sssd-ad.5.xml:848
 msgid "ad_machine_account_password_renewal_opts (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:848
+#: sssd-ad.5.xml:851
 msgid ""
 "This option should only be used to test the machine account renewal "
 "task. The option expects 2 integers separated by a colon (':'). The first "
@@ -9811,12 +9866,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:857
+#: sssd-ad.5.xml:860
 msgid "Default: 86400:750 (24h and 15m)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:866
+#: sssd-ad.5.xml:869
 msgid ""
 "Optional. This option tells SSSD to automatically update the Active "
 "Directory DNS server with the IP address of this client. The update is "
@@ -9827,19 +9882,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:896
+#: sssd-ad.5.xml:899
 msgid "Default: 3600 (seconds)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:912
+#: sssd-ad.5.xml:915
 msgid ""
 "Default: Use the IP addresses of the interface which is used for AD LDAP "
 "connection"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:925
+#: sssd-ad.5.xml:928
 msgid ""
 "How often should the back end perform periodic DNS update in addition to the "
 "automatic update performed when the back end goes online.  This option is "
@@ -9849,12 +9904,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:948 sss_rpcidmapd.5.xml:76
+#: sssd-ad.5.xml:951 sss_rpcidmapd.5.xml:76
 msgid "Default: True"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:1040
+#: sssd-ad.5.xml:1043
 msgid ""
 "The following example assumes that SSSD is correctly configured and "
 "example.com is one of the domains in the <replaceable>[sssd]</replaceable> "
@@ -9862,7 +9917,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:1047
+#: sssd-ad.5.xml:1050
 #, no-wrap
 msgid ""
 "[domain/EXAMPLE]\n"
@@ -9877,7 +9932,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:1067
+#: sssd-ad.5.xml:1070
 #, no-wrap
 msgid ""
 "access_provider = ldap\n"
@@ -9886,7 +9941,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:1063
+#: sssd-ad.5.xml:1066
 msgid ""
 "The AD access control provider checks if the account is expired.  It has the "
 "same effect as the following configuration of the LDAP provider: "
@@ -9894,7 +9949,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:1073
+#: sssd-ad.5.xml:1076
 msgid ""
 "However, unless the <quote>ad</quote> access control provider is explicitly "
 "configured, the default access provider is <quote>permit</quote>. Please "
@@ -9904,15 +9959,15 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:1081
+#: sssd-ad.5.xml:1084
 msgid ""
 "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
 "attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
 "are included in the default Active Directory schema."
 msgstr ""
 
-#. type: Content of: <reference><refentry><refmeta><refentrytitle>
-#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 sssd-session-recording.5.xml:10
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16
 msgid "sssd-sudo"
 msgstr ""
 
@@ -10423,7 +10478,7 @@ msgid "The password to obfuscate will be read from standard input."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:70 sss_ssh_knownhostsproxy.1.xml:78
+#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:127 sss_ssh_knownhostsproxy.1.xml:78
 msgid ""
 "<option>-d</option>,<option>--domain</option> "
 "<replaceable>DOMAIN</replaceable>"
@@ -12448,20 +12503,102 @@ msgid ""
 "type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sss_ssh_authorizedkeys.1.xml:65
+msgid "KEYS FROM CERTIFICATES"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:67
+msgid ""
+"In addition to the public SSH keys for user <replaceable>USER</replaceable> "
+"<command>sss_ssh_authorizedkeys</command> can return public SSH keys derived "
+"from the public key of a X.509 certificate as well."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:73
+msgid ""
+"To enable this the <quote>ssh_use_certificate_keys</quote> option must be "
+"set to true (default) in the [ssh] section of "
+"<filename>sssd.conf</filename>. If the user entry contains certificates (see "
+"<quote>ldap_user_certificate</quote> in "
+"<citerefentry><refentrytitle>sssd-ldap</refentrytitle> "
+"<manvolnum>5</manvolnum></citerefentry> for details) or there is a "
+"certificate in an override entry for the user (see "
+"<citerefentry><refentrytitle>sss_override</refentrytitle> "
+"<manvolnum>8</manvolnum></citerefentry> or "
+"<citerefentry><refentrytitle>sssd-ipa</refentrytitle> "
+"<manvolnum>5</manvolnum></citerefentry> for details) and the certificate is "
+"valid SSSD will extract the public key from the certificate and convert it "
+"into the format expected by sshd."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:90
+msgid "Besides <quote>ssh_use_certificate_keys</quote> the options"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+#: sss_ssh_authorizedkeys.1.xml:92
+msgid "ca_db"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+#: sss_ssh_authorizedkeys.1.xml:93
+msgid "p11_child_timeout"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+#: sss_ssh_authorizedkeys.1.xml:94
+msgid "certificate_verification"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:96
+msgid ""
+"can be used to control how the certificates are validated (see "
+"<citerefentry><refentrytitle>sssd.conf</refentrytitle> "
+"<manvolnum>5</manvolnum></citerefentry> for details)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:101
+msgid ""
+"The validation is the benefit of using X.509 certificates instead of SSH "
+"keys directly because e.g. it gives a better control of the lifetime of the "
+"keys. When the ssh client is configured to use the private keys from a "
+"Smartcard with the help of a PKCS#11 shared library (see "
+"<citerefentry><refentrytitle>ssh</refentrytitle> "
+"<manvolnum>1</manvolnum></citerefentry> for details) it might be irritating "
+"that authentication is still working even if the related X.509 certificate "
+"on the Smartcard is already expired because neither <command>ssh</command> "
+"nor <command>sshd</command> will look at the certificate at all."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:114
+msgid ""
+"It has to be noted that the derived public SSH key can still be added to the "
+"<filename>authorized_keys</filename> file of the user to bypass the "
+"certificate validation if the <command>sshd</command> configuration permits "
+"this."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_authorizedkeys.1.xml:75
+#: sss_ssh_authorizedkeys.1.xml:132
 msgid ""
 "Search for user public keys in SSSD domain "
 "<replaceable>DOMAIN</replaceable>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_authorizedkeys.1.xml:84 sss_ssh_knownhostsproxy.1.xml:92
+#: sss_ssh_authorizedkeys.1.xml:141 sss_ssh_knownhostsproxy.1.xml:92
 msgid "EXIT STATUS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:86 sss_ssh_knownhostsproxy.1.xml:94
+#: sss_ssh_authorizedkeys.1.xml:143 sss_ssh_knownhostsproxy.1.xml:94
 msgid ""
 "In case of success, an exit value of 0 is returned. Otherwise, 1 is "
 "returned."
@@ -12666,26 +12803,62 @@ msgid ""
 "<manvolnum>5</manvolnum> </citerefentry>."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-files.5.xml:69
+msgid "passwd_files (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:72
+msgid ""
+"Comma-separated list of one or multiple password filenames to be read and "
+"enumerated by the files provider, inotify monitor watches will be set on "
+"each file to detect changes dynamically."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:78
+msgid "Default: /etc/passwd"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-files.5.xml:84
+msgid "group_files (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:87
+msgid ""
+"Comma-separated list of one or multiple group filenames to be read and "
+"enumerated by the files provider, inotify monitor watches will be set on "
+"each file to detect changes dynamically."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:93
+msgid "Default: /etc/group"
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-files.5.xml:59
 msgid ""
-"The files provider has no specific options of its own, however, generic SSSD "
-"domain options can be set where applicable.  Refer to the section "
-"<quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> "
-"</citerefentry> manual page for details on the configuration of an SSSD "
-"domain."
+"In addition to the options listed below, generic SSSD domain options can be "
+"set where applicable.  Refer to the section <quote>DOMAIN SECTIONS</quote> "
+"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> manual page for details on the "
+"configuration of an SSSD domain.  <placeholder type=\"variablelist\" "
+"id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-files.5.xml:73
+#: sssd-files.5.xml:105
 msgid ""
 "The following example assumes that SSSD is correctly configured and files is "
 "one of the domains in the <replaceable>[sssd]</replaceable> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-files.5.xml:79
+#: sssd-files.5.xml:111
 #, no-wrap
 msgid ""
 "[domain/files]\n"
@@ -13455,7 +13628,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-session-recording.5.xml:16
+#: sssd-session-recording.5.xml:10 sssd-session-recording.5.xml:16
 msgid "sssd-session-recording"
 msgstr ""
 
@@ -14307,7 +14480,7 @@ msgstr ""
 #: include/failover.xml:100
 msgid ""
 "For LDAP-based providers, the resolve operation is performed as part of an "
-"LDAP connection operation. Thefore, also the "
+"LDAP connection operation. Therefore, also the "
 "<quote>ldap_opt_timeout></quote> timeout should be set to a larger value "
 "than <quote>dns_resolver_timeout</quote> which in turn should be set to a "
 "larger value than <quote>dns_resolver_op_timeout</quote>."
@@ -15159,6 +15332,23 @@ msgstr ""
 msgid "ldap_use_tokengroups = true"
 msgstr ""
 
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ad_modified_defaults.xml:63
+msgid "ldap_sasl_authid = sAMAccountName@REALM (typically SHORTNAME$@REALM)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ad_modified_defaults.xml:66
+msgid ""
+"The AD provider looks for a different principal than the LDAP provider by "
+"default, because in an Active Directory environment the principals are "
+"divided into two groups - User Principals and Service Principals. Only User "
+"Principal can be used to obtain a TGT and by default, computer object's "
+"principal is constructed from its sAMAccountName and the AD realm. The "
+"well-known host/hostname@REALM principal is a Service Principal and thus "
+"cannot be used to get a TGT with."
+msgstr ""
+
 #. type: Content of: <refsect1><para>
 #: include/ipa_modified_defaults.xml:4
 msgid ""
diff --git a/src/man/po/sv.po b/src/man/po/sv.po
new file mode 100644
index 0000000..fef8ede
--- /dev/null
+++ b/src/man/po/sv.po
@@ -0,0 +1,15541 @@
+# Göran Uddeborg <goeran@uddeborg.se>, 2018. #zanata
+msgid ""
+msgstr ""
+"Project-Id-Version: sssd-docs 1.16.1\n"
+"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
+"POT-Creation-Date: 2018-06-08 21:00+0200\n"
+"PO-Revision-Date: 2018-06-07 08:25+0000\n"
+"Last-Translator: Göran Uddeborg <goeran@uddeborg.se>\n"
+"Language-Team: Swedish\n"
+"Language: sv\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Zanata 4.4.5\n"
+"Plural-Forms: nplurals=2; plural=(n != 1)\n"
+
+#. type: Content of: <reference><title>
+#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
+#: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sss-certmap.5.xml:5
+#: sssd-ipa.5.xml:5 sssd-ad.5.xml:5 sssd-sudo.5.xml:5 sssd.8.xml:5
+#: sss_obfuscate.8.xml:5 sss_override.8.xml:5 sss_useradd.8.xml:5
+#: sssd-krb5.5.xml:5 sss_groupadd.8.xml:5 sss_userdel.8.xml:5
+#: sss_groupdel.8.xml:5 sss_groupshow.8.xml:5 sss_usermod.8.xml:5
+#: sss_cache.8.xml:5 sss_debuglevel.8.xml:5 sss_seed.8.xml:5 sssd-ifp.5.xml:5
+#: sss_rpcidmapd.5.xml:5 sss_ssh_authorizedkeys.1.xml:5
+#: sss_ssh_knownhostsproxy.1.xml:5 idmap_sss.8.xml:5 sssctl.8.xml:5
+#: sssd-files.5.xml:5 sssd-secrets.5.xml:5 sssd-session-recording.5.xml:5
+#: sssd-kcm.8.xml:5 sssd-systemtap.5.xml:5
+msgid "SSSD Manual pages"
+msgstr "SSSD manualsidor"
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15
+msgid "sss_groupmod"
+msgstr "sss_groupmod"
+
+#. type: Content of: <reference><refentry><refmeta><manvolnum>
+#: sss_groupmod.8.xml:11 pam_sss.8.xml:12 sssd_krb5_locator_plugin.8.xml:11
+#: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_override.8.xml:11
+#: sss_useradd.8.xml:11 sss_groupadd.8.xml:11 sss_userdel.8.xml:11
+#: sss_groupdel.8.xml:11 sss_groupshow.8.xml:11 sss_usermod.8.xml:11
+#: sss_cache.8.xml:11 sss_debuglevel.8.xml:11 sss_seed.8.xml:11
+#: idmap_sss.8.xml:11 sssctl.8.xml:11 sssd-kcm.8.xml:11
+msgid "8"
+msgstr "8"
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_groupmod.8.xml:16
+msgid "modify a group"
+msgstr "ändra en grupp"
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_groupmod.8.xml:21
+msgid ""
+"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
+"arg>"
+msgstr ""
+"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>flaggor</"
+"replaceable> </arg> <arg choice='plain'><replaceable>GRUPP</replaceable></"
+"arg>"
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:57
+#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sss-certmap.5.xml:21
+#: sssd-ipa.5.xml:21 sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29
+#: sss_obfuscate.8.xml:30 sss_override.8.xml:30 sss_useradd.8.xml:30
+#: sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 sss_userdel.8.xml:30
+#: sss_groupdel.8.xml:30 sss_groupshow.8.xml:30 sss_usermod.8.xml:30
+#: sss_cache.8.xml:29 sss_debuglevel.8.xml:30 sss_seed.8.xml:31
+#: sssd-ifp.5.xml:21 sss_ssh_authorizedkeys.1.xml:30
+#: sss_ssh_knownhostsproxy.1.xml:31 idmap_sss.8.xml:20 sssctl.8.xml:30
+#: sssd-files.5.xml:21 sssd-secrets.5.xml:21 sssd-session-recording.5.xml:21
+#: sssd-kcm.8.xml:21 sssd-systemtap.5.xml:21
+msgid "DESCRIPTION"
+msgstr "BESKRIVNING"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_groupmod.8.xml:32
+msgid ""
+"<command>sss_groupmod</command> modifies the group to reflect the changes "
+"that are specified on the command line."
+msgstr ""
+"<command>sss_groupmod</command> ändrar gruppen till att avspegla ändringarna "
+"som anges på kommandoraden."
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sss_groupmod.8.xml:39 pam_sss.8.xml:64 sssd.8.xml:42 sss_obfuscate.8.xml:58
+#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
+#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
+#: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:123
+#: sss_ssh_knownhostsproxy.1.xml:62
+msgid "OPTIONS"
+msgstr "FLAGGOR"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_groupmod.8.xml:43 sss_usermod.8.xml:77
+msgid ""
+"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
+"replaceable>"
+msgstr ""
+"<option>-a</option>,<option>--append-group</option> <replaceable>GRUPPER</"
+"replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_groupmod.8.xml:48
+msgid ""
+"Append this group to groups specified by the <replaceable>GROUPS</"
+"replaceable> parameter.  The <replaceable>GROUPS</replaceable> parameter is "
+"a comma separated list of group names."
+msgstr ""
+"Lägg till denna grupp till grupperna som anges av parametern "
+"<replaceable>GRUPPER</replaceable> parameter.  Parametern "
+"<replaceable>GRUPPER</replaceable> är en kommaseparerad lista av gruppnamn."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_groupmod.8.xml:57 sss_usermod.8.xml:91
+msgid ""
+"<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</"
+"replaceable>"
+msgstr ""
+"<option>-r</option>,<option>--remove-group</option> <replaceable>GRUPPER</"
+"replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_groupmod.8.xml:62
+msgid ""
+"Remove this group from groups specified by the <replaceable>GROUPS</"
+"replaceable> parameter."
+msgstr ""
+"Ta bort denna grupp från grupperna som anges av parametern "
+"<replaceable>GRUPPER</replaceable>."
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd.conf.5.xml:10 sssd.conf.5.xml:16
+msgid "sssd.conf"
+msgstr "sssd.conf"
+
+#. type: Content of: <reference><refentry><refmeta><manvolnum>
+#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
+#: sss-certmap.5.xml:11 sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11
+#: sssd-krb5.5.xml:11 sssd-ifp.5.xml:11 sss_rpcidmapd.5.xml:27
+#: sssd-files.5.xml:11 sssd-secrets.5.xml:11 sssd-session-recording.5.xml:11
+#: sssd-systemtap.5.xml:11
+msgid "5"
+msgstr "5"
+
+#. type: Content of: <reference><refentry><refmeta><refmiscinfo>
+#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
+#: sss-certmap.5.xml:12 sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12
+#: sssd-krb5.5.xml:12 sssd-ifp.5.xml:12 sss_rpcidmapd.5.xml:28
+#: sssd-files.5.xml:12 sssd-secrets.5.xml:12 sssd-session-recording.5.xml:12
+#: sssd-kcm.8.xml:12 sssd-systemtap.5.xml:12
+msgid "File Formats and Conventions"
+msgstr "Filformat och konventioner"
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd.conf.5.xml:17
+msgid "the configuration file for SSSD"
+msgstr "konfigurationsfilen för SSSD"
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd.conf.5.xml:21
+msgid "FILE FORMAT"
+msgstr "FILFORMAT"
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd.conf.5.xml:29
+#, no-wrap
+msgid ""
+"<replaceable>[section]</replaceable>\n"
+"<replaceable>key</replaceable> = <replaceable>value</replaceable>\n"
+"<replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n"
+"            "
+msgstr ""
+"<replaceable>[sektion]</replaceable>\n"
+"<replaceable>nyckel</replaceable> = <replaceable>värde</replaceable>\n"
+"<replaceable>nyckel2</replaceable> = <replaceable>värde2,värde3</replaceable>\n"
+"            "
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:24
+msgid ""
+"The file has an ini-style syntax and consists of sections and parameters. A "
+"section begins with the name of the section in square brackets and continues "
+"until the next section begins. An example of section with single and multi-"
+"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+"Filen har en syntax i ini-stil och består av sektioner och parametrar.  En "
+"sektion börjar med namnet på sektionen i hakparenteser och fortsätter tills "
+"nästa sektion börjar.  Ett exempel på en sektion med enkla och flervärda "
+"parametrar: <placeholder type=\"programlisting\" id=\"0\"/>"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:36
+msgid ""
+"The data types used are string (no quotes needed), integer and bool (with "
+"values of <quote>TRUE/FALSE</quote>)."
+msgstr ""
+"Datatyperna som används är sträng (inga citationstecken behövs) , heltal och "
+"bool (med värdena <quote>TRUE/FALSE</quote>)."
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:41
+#, fuzzy
+#| msgid ""
+#| "A line comment starts with a hash sign (<quote>#</quote>) or a semicolon "
+#| "(<quote>;</quote>).  Inline comments are not supported."
+msgid ""
+"A comment line starts with a hash sign (<quote>#</quote>) or a semicolon "
+"(<quote>;</quote>).  Inline comments are not supported."
+msgstr ""
+"En radkommentar börjar med ett nummertecken (<quote>#</quote>) eller ett "
+"semikolon (<quote>;</quote>).  Kommentarer inom raden stödjs inte."
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:47
+msgid ""
+"All sections can have an optional <replaceable>description</replaceable> "
+"parameter. Its function is only as a label for the section."
+msgstr ""
+"Alla sektioner kan valfritt ha en parameter <replaceable>description</"
+"replaceable>.  Dess funktion är endast som en etikett för sektionen."
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:53
+msgid ""
+"<filename>sssd.conf</filename> must be a regular file, owned by root and "
+"only root may read from or write to the file."
+msgstr ""
+"<filename>sssd.conf</filename> måste vara en normal fil, ägd av root och "
+"endast root får läsa från eller skriva till filen."
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd.conf.5.xml:59
+msgid "CONFIGURATION SNIPPETS FROM INCLUDE DIRECTORY"
+msgstr "KONFIGURATIONSSNUTTAR FRÅN EN INCLUDE-KATALOG"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:62
+msgid ""
+"The configuration file <filename>sssd.conf</filename> will include "
+"configuration snippets using the include directory <filename>conf.d</"
+"filename>. This feature is available if SSSD was compiled with libini "
+"version 1.3.0 or later."
+msgstr ""
+"Konfigurationsfilen <filename>sssd.conf</filename> kommer inkludiera "
+"konfigurationssnuttar från include-katalogen <filename>conf.d</filename>.  "
+"Denna fuktion är tillgänglig om SSSD kompilerades med version 1.3.0 eller "
+"senare av libini."
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:69
+msgid ""
+"Any file placed in <filename>conf.d</filename> that ends in "
+"<quote><filename>.conf</filename></quote> and does not begin with a dot "
+"(<quote>.</quote>) will be used together with <filename>sssd.conf</filename> "
+"to configure SSSD."
+msgstr ""
+"Filer lagda i <filename>conf.d</filename> som slutar med <quote><filename>."
+"conf</filename></quote> och inte börjar med en punkt (<quote>.</quote>) "
+"kommer användas tillsammans med <filename>sssd.conf</filename> för att "
+"konfigurera SSSD."
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:77
+msgid ""
+"The configuration snippets from <filename>conf.d</filename> have higher "
+"priority than <filename>sssd.conf</filename> and will override "
+"<filename>sssd.conf</filename> when conflicts occur. If several snippets are "
+"present in <filename>conf.d</filename>, then they are included in "
+"alphabetical order (based on locale).  Files included later have higher "
+"priority. Numerical prefixes (<filename>01_snippet.conf</filename>, "
+"<filename>02_snippet.conf</filename> etc.) can help visualize the priority "
+"(higher number means higher priority)."
+msgstr ""
+"Konfigurationssnuttarna från <filename>conf.d</filename> har högre prioritet "
+"än <filename>sssd.conf</filename> och kommer åsidosätta <filename>sssd.conf</"
+"filename> när konflikter uppstår.  Om flera snuttar finns i <filename>conf."
+"d</filename> inkluderas de i alfabetisk ordning (baserat på lokalen).  Filer "
+"som inkluderas senare har högre prioritet.  Numeriska prefix "
+"(<filename>01_snutt.conf</filename>, <filename>02_snutt.conf</filename> "
+"etc.) kan hjälpa till att visualisera prioriteten (högre tals betyder högre "
+"prioritet)."
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:91
+msgid ""
+"The snippet files require the same owner and permissions as <filename>sssd."
+"conf</filename>. Which are by default root:root and 0600."
+msgstr ""
+"Snuttfilerna behöver samma ägare och rättigheter som <filename>sssd.conf</"
+"filename>.  Vilket som standard är root:root och 0600."
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd.conf.5.xml:98
+msgid "GENERAL OPTIONS"
+msgstr "ALLMÄNNA FLAGGOR"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:100
+msgid "Following options are usable in more than one configuration sections."
+msgstr "Följande flaggor är användbara i mer än en konfigurationssektion."
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:104
+msgid "Options usable in all sections"
+msgstr "Flaggor användbara i alla sektioner"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:108
+msgid "debug_level (integer)"
+msgstr "debug_level (heltal)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:112
+msgid "debug (integer)"
+msgstr "debug (heltal)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:115
+msgid ""
+"SSSD 1.14 and later also includes the <replaceable>debug</replaceable> alias "
+"for <replaceable>debug_level</replaceable> as a convenience feature. If both "
+"are specified, the value of <replaceable>debug_level</replaceable> will be "
+"used."
+msgstr ""
+"SSSD 1.14 och senare inkluderar också aliaset <replaceable>debug</"
+"replaceable> för <replaceable>debug_level</replaceable> som en "
+"bekvämlighetsfiness.  Om båda anges kommer värdet "
+"på<replaceable>debug_level</replaceable> användas."
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:125
+msgid "debug_timestamps (bool)"
+msgstr "debug_timestamps (bool)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:128
+msgid ""
+"Add a timestamp to the debug messages.  If journald is enabled for SSSD "
+"debug logging this option is ignored."
+msgstr ""
+"Lägg till en tidsstämpel till felsökningsmeddelanden.  Om journald är "
+"aktiverat för SSSD-felsökningsloggning igoreras denna flagga."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:133 sssd.conf.5.xml:543 sssd.conf.5.xml:839
+#: sssd.conf.5.xml:1491 sssd.conf.5.xml:1521 sssd-ldap.5.xml:1840
+#: sssd-ldap.5.xml:1937 sssd-ldap.5.xml:1999 sssd-ldap.5.xml:2565
+#: sssd-ldap.5.xml:2630 sssd-ldap.5.xml:2648 sssd-ad.5.xml:227
+#: sssd-ad.5.xml:341 sssd-ad.5.xml:885 sssd-krb5.5.xml:499
+#: sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
+msgid "Default: true"
+msgstr "Standard: true"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:138
+msgid "debug_microseconds (bool)"
+msgstr "debug_microseconds (bool)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:141
+msgid ""
+"Add microseconds to the timestamp in debug messages.  If journald is enabled "
+"for SSSD debug logging this option is ignored."
+msgstr ""
+"Lägg till mikrosekunder till tidsstämpeln till felsökningsmeddelanden.  Om "
+"journald är aktiverat för SSSD-felsökningsloggning igoreras denna flagga."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:146 sssd.conf.5.xml:540 sssd.conf.5.xml:722
+#: sssd.conf.5.xml:1424 sssd.conf.5.xml:2983 sssd-ldap.5.xml:708
+#: sssd-ldap.5.xml:1714 sssd-ldap.5.xml:1733 sssd-ldap.5.xml:1909
+#: sssd-ldap.5.xml:2335 sssd-ipa.5.xml:151 sssd-ipa.5.xml:238
+#: sssd-ipa.5.xml:559 sssd-krb5.5.xml:266 sssd-krb5.5.xml:300
+#: sssd-krb5.5.xml:471
+msgid "Default: false"
+msgstr "Standard: false"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:2373
+#: sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:210
+#: sssd-systemtap.5.xml:248 sssd-systemtap.5.xml:304
+msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:155
+msgid "Options usable in SERVICE and DOMAIN sections"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:159
+msgid "timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:162
+msgid ""
+"Timeout in seconds between heartbeats for this service. This is used to "
+"ensure that the process is alive and capable of answering requests. Note "
+"that after three missed heartbeats the process will terminate itself."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:169 sssd.conf.5.xml:1376 sssd.conf.5.xml:2999
+#: sssd-ldap.5.xml:1585 include/ldap_id_mapping.xml:264
+msgid "Default: 10"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd.conf.5.xml:179
+msgid "SPECIAL SECTIONS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:182
+msgid "The [sssd] section"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
+#: sssd.conf.5.xml:191 sssd.conf.5.xml:3088
+msgid "Section parameters"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:193
+msgid "config_file_version (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:196
+msgid ""
+"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
+"version 2."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:202
+msgid "services"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:205
+msgid ""
+"Comma separated list of services that are started when sssd itself starts.  "
+"<phrase condition=\"have_systemd\"> The services' list is optional on "
+"platforms where systemd is supported, as they will either be socket or D-Bus "
+"activated when needed.  </phrase>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:214
+msgid ""
+"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
+"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition="
+"\"with_ssh\">, ssh</phrase> <phrase condition=\"with_pac_responder\">, pac</"
+"phrase> <phrase condition=\"with_ifp\">, ifp</phrase>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:222
+msgid ""
+"<phrase condition=\"have_systemd\"> By default, all services are disabled "
+"and the administrator must enable the ones allowed to be used by executing: "
+"\"systemctl enable sssd-@service@.socket\".  </phrase>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:231 sssd.conf.5.xml:614
+msgid "reconnection_retries (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:234 sssd.conf.5.xml:617
+msgid ""
+"Number of times services should attempt to reconnect in the event of a Data "
+"Provider crash or restart before they give up"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:239 sssd.conf.5.xml:622
+msgid "Default: 3"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:244
+msgid "domains"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:247
+msgid ""
+"A domain is a database containing user information. SSSD can use more "
+"domains at the same time, but at least one must be configured or SSSD won't "
+"start.  This parameter describes the list of domains in the order you want "
+"them to be queried.  A domain name should only consist of alphanumeric ASCII "
+"characters, dashes, dots and underscores."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:259 sssd.conf.5.xml:2597
+msgid "re_expression (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:262
+msgid ""
+"Default regular expression that describes how to parse the string containing "
+"user name and domain into these components."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:267
+msgid ""
+"Each domain can have an individual regular expression configured. For some "
+"ID providers there are also default regular expressions. See DOMAIN SECTIONS "
+"for more info on these regular expressions."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:276 sssd.conf.5.xml:2648
+msgid "full_name_format (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:279 sssd.conf.5.xml:2651
+msgid ""
+"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
+"manvolnum> </citerefentry>-compatible format that describes how to compose a "
+"fully qualified name from user name and domain name components."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:290 sssd.conf.5.xml:2662
+msgid "%1$s"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:291 sssd.conf.5.xml:2663
+msgid "user name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:294 sssd.conf.5.xml:2666
+msgid "%2$s"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:297 sssd.conf.5.xml:2669
+msgid "domain name as specified in the SSSD config file."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:303 sssd.conf.5.xml:2675
+msgid "%3$s"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:306 sssd.conf.5.xml:2678
+msgid ""
+"domain flat name. Mostly usable for Active Directory domains, both directly "
+"configured or discovered via IPA trusts."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:287 sssd.conf.5.xml:2659
+msgid ""
+"The following expansions are supported: <placeholder type=\"variablelist\" "
+"id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:316
+msgid ""
+"Each domain can have an individual format string configured.  see DOMAIN "
+"SECTIONS for more info on this option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:322
+msgid "try_inotify (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:325
+msgid ""
+"SSSD monitors the state of resolv.conf to identify when it needs to update "
+"its internal DNS resolver. By default, we will attempt to use inotify for "
+"this, and will fall back to polling resolv.conf every five seconds if "
+"inotify cannot be used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:333
+msgid ""
+"There are some limited situations where it is preferred that we should skip "
+"even trying to use inotify. In these rare cases, this option should be set "
+"to 'false'"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:339
+msgid ""
+"Default: true on platforms where inotify is supported. False on other "
+"platforms."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:343
+msgid ""
+"Note: this option will have no effect on platforms where inotify is "
+"unavailable. On these platforms, polling will always be used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:350
+msgid "krb5_rcache_dir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:353
+msgid ""
+"Directory on the filesystem where SSSD should store Kerberos replay cache "
+"files."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:357
+msgid ""
+"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
+"SSSD to let libkrb5 decide the appropriate location for the replay cache."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:363
+msgid ""
+"Default: Distribution-specific and specified at build-time. "
+"(__LIBKRB5_DEFAULTS__ if not configured)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:370
+msgid "user (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:373
+msgid ""
+"The user to drop the privileges to where appropriate to avoid running as the "
+"root user.  <phrase condition=\"have_systemd\"> This option does not work "
+"when running socket-activated services, as the user set up to run the "
+"processes is set up during compilation time.  The way to override the "
+"systemd unit files is by creating the appropriate files in /etc/systemd/"
+"system/.  Keep in mind that any change in the socket user, group or "
+"permissions may result in a non-usable SSSD. The same may occur in case of "
+"changes of the user running the NSS responder.  </phrase>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:391
+msgid "Default: not set, process will run as root"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:396
+msgid "default_domain_suffix (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:399
+msgid ""
+"This string will be used as a default domain name for all names without a "
+"domain name component. The main use case is environments where the primary "
+"domain is intended for managing host policies and all users are located in a "
+"trusted domain.  The option allows those users to log in just with their "
+"user name without giving a domain name as well."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:409
+msgid ""
+"Please note that if this option is set all users from the primary domain "
+"have to use their fully qualified name, e.g. user@domain.name, to log in. "
+"Setting this option changes default of use_fully_qualified_names to True. It "
+"is not allowed to use this option together with use_fully_qualified_names "
+"set to False."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:418 sssd.conf.5.xml:1165 sssd-ldap.5.xml:679
+#: sssd-ldap.5.xml:1319 sssd-ldap.5.xml:1673 sssd-ldap.5.xml:1685
+#: sssd-ldap.5.xml:1767 sssd-ad.5.xml:690 sssd-ad.5.xml:765 sssd.8.xml:126
+#: sssd-krb5.5.xml:410 sssd-krb5.5.xml:556 sssd-secrets.5.xml:339
+#: sssd-secrets.5.xml:377 sssd-secrets.5.xml:390 sssd-secrets.5.xml:404
+#: sssd-secrets.5.xml:415 include/ldap_id_mapping.xml:205
+#: include/ldap_id_mapping.xml:216
+msgid "Default: not set"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:423
+msgid "override_space (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:426
+msgid ""
+"This parameter will replace spaces (space bar)  with the given character for "
+"user and group names.  e.g. (_). User name &quot;john doe&quot; will be "
+"&quot;john_doe&quot; This feature was added to help compatibility with shell "
+"scripts that have difficulty handling spaces, due to the default field "
+"separator in the shell."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:435
+msgid ""
+"Please note it is a configuration error to use a replacement character that "
+"might be used in user or group names. If a name contains the replacement "
+"character SSSD tries to return the unmodified name but in general the result "
+"of a lookup is undefined."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:443
+msgid "Default: not set (spaces will not be replaced)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:448
+msgid "certificate_verification (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:456
+msgid "no_ocsp"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:458
+msgid ""
+"Disables Online Certificate Status Protocol (OCSP) checks. This might be "
+"needed if the OCSP servers defined in the certificate are not reachable from "
+"the client."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:466
+msgid "no_verification"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:468
+msgid ""
+"Disables verification completely.  This option should only be used for "
+"testing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:474
+msgid "ocsp_default_responder=URL"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:476
+msgid ""
+"Sets the OCSP default responder which should be used instead of the one "
+"mentioned in the certificate. URL must be replaced with the URL of the OCSP "
+"default responder e.g.  http://example.com:80/ocsp."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:482
+msgid ""
+"This option must be used together with ocsp_default_responder_signing_cert."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:490
+msgid "ocsp_default_responder_signing_cert=NAME"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:492
+msgid ""
+"The nickname of the cert to trust (expected) to sign the OCSP responses.  "
+"The certificate with the given nickname must be available in the systems NSS "
+"database."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:497
+msgid "This option must be used together with ocsp_default_responder."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:451
+msgid ""
+"With this parameter the certificate verification can be tuned with a comma "
+"separated list of options. Supported options are: <placeholder type="
+"\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:504
+msgid "Unknown options are reported but ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:507
+msgid "Default: not set, i.e. do not restrict certificate verification"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:513
+msgid "disable_netlink (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:516
+msgid ""
+"SSSD hooks into the netlink interface to monitor changes to routes, "
+"addresses, links and trigger certain actions."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:521
+msgid ""
+"The SSSD state changes caused by netlink events may be undesirable and can "
+"be disabled by setting this option to 'true'"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:526
+msgid "Default: false (netlink changes are detected)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:531
+msgid "enable_files_domain (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:534
+msgid ""
+"When this option is enabled, SSSD prepends an implicit domain with "
+"<quote>id_provider=files</quote> before any explicitly configured domains."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:548
+msgid "domain_resolution_order"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:551
+msgid ""
+"Comma separated list of domains and subdomains representing the lookup order "
+"that will be followed.  The list doesn't have to include all possible "
+"domains as the missing domains will be looked up based on the order they're "
+"presented in the <quote>domains</quote> configuration option.  The "
+"subdomains which are not listed as part of <quote>lookup_order</quote> will "
+"be looked up in a random order for each parent domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:563
+msgid ""
+"Please, note that when this option is set the output format of all commands "
+"is always fully-qualified even when using short names for input, for all "
+"users but the ones managed by the files provider.  In case the administrator "
+"wants the output not fully-qualified, the full_name_format option can be "
+"used as shown below: <quote>full_name_format=%1$s</quote> However, keep in "
+"mind that during login, login applications often canonicalize the username "
+"by calling <citerefentry> <refentrytitle>getpwnam</refentrytitle> "
+"<manvolnum>3</manvolnum> </citerefentry> which, if a shortname is returned "
+"for a qualified input (while trying to reach a user which exists in multiple "
+"domains) might re-route the login attempt into the domain which uses "
+"shortnames, making this workaround totally not recommended in cases where "
+"usernames may overlap between domains."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:588 sssd.conf.5.xml:1388 sssd.conf.5.xml:3049
+#: sssd-ad.5.xml:164 sssd-ad.5.xml:302 sssd-ad.5.xml:316
+msgid "Default: Not set"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:184
+msgid ""
+"Individual pieces of SSSD functionality are provided by special SSSD "
+"services that are started and stopped together with SSSD.  The services are "
+"managed by a special service frequently called <quote>monitor</quote>. The "
+"<quote>[sssd]</quote> section is used to configure the monitor as well as "
+"some other important options like the identity domains.  <placeholder type="
+"\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd.conf.5.xml:599
+msgid "SERVICES SECTIONS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:601
+msgid ""
+"Settings that can be used to configure different services are described in "
+"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
+"section, for example, for NSS service, the section would be <quote>[nss]</"
+"quote>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:608
+msgid "General service configuration options"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:610
+msgid "These options can be used to configure any service."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:627
+msgid "fd_limit"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:630
+msgid ""
+"This option specifies the maximum number of file descriptors that may be "
+"opened at one time by this SSSD process. On systems where SSSD is granted "
+"the CAP_SYS_RESOURCE capability, this will be an absolute setting. On "
+"systems without this capability, the resulting value will be the lower value "
+"of this or the limits.conf \"hard\" limit."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:639
+msgid "Default: 8192 (or limits.conf \"hard\" limit)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:644
+msgid "client_idle_timeout"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:647
+msgid ""
+"This option specifies the number of seconds that a client of an SSSD process "
+"can hold onto a file descriptor without communicating on it. This value is "
+"limited in order to avoid resource exhaustion on the system. The timeout "
+"can't be shorter than 10 seconds. If a lower value is configured, it will be "
+"adjusted to 10 seconds."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:656 sssd.conf.5.xml:688 sssd.conf.5.xml:970
+#: sssd.conf.5.xml:1231 sssd-ldap.5.xml:1412
+msgid "Default: 60"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:661
+msgid "offline_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:664
+msgid ""
+"When SSSD switches to offline mode the amount of time before it tries to go "
+"back online will increase based upon the time spent disconnected.  This "
+"value is in seconds and calculated by the following:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:671
+msgid "offline_timeout + random_offset"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:674
+msgid ""
+"The random offset can increment up to 30 seconds.  After each unsuccessful "
+"attempt to go online, the new interval is recalculated by the following:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:679
+msgid "new_interval = old_interval*2 + random_offset"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:682
+msgid ""
+"Note that the maximum length of each interval is currently limited to one "
+"hour. If the calculated length of new_interval is greater than an hour, it "
+"will be forced to one hour."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:693
+msgid "responder_idle_timeout"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:696
+msgid ""
+"This option specifies the number of seconds that an SSSD responder process "
+"can be up without being used. This value is limited in order to avoid "
+"resource exhaustion on the system.  The minimum acceptable value for this "
+"option is 60 seconds.  Setting this option to 0 (zero) means that no timeout "
+"will be set up to the responder.  This option only has effect when SSSD is "
+"built with systemd support and when services are either socket or D-Bus "
+"activated."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:710 sssd.conf.5.xml:983 sssd.conf.5.xml:1616
+#: sssd-ldap.5.xml:722
+msgid "Default: 300"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:715
+msgid "cache_first"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:718
+msgid ""
+"This option specifies whether the responder should query all caches before "
+"querying the Data Providers."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:730
+msgid "NSS configuration options"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:732
+msgid ""
+"These options can be used to configure the Name Service Switch (NSS) service."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:737
+msgid "enum_cache_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:740
+msgid ""
+"How many seconds should nss_sss cache enumerations (requests for info about "
+"all users)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:744
+msgid "Default: 120"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:749
+msgid "entry_cache_nowait_percentage (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:752
+msgid ""
+"The entry cache can be set to automatically update entries in the background "
+"if they are requested beyond a percentage of the entry_cache_timeout value "
+"for the domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:758
+msgid ""
+"For example, if the domain's entry_cache_timeout is set to 30s and "
+"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
+"after 15 seconds past the last cache update will be returned immediately, "
+"but the SSSD will go and update the cache on its own, so that future "
+"requests will not need to block waiting for a cache update."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:768
+msgid ""
+"Valid values for this option are 0-99 and represent a percentage of the "
+"entry_cache_timeout for each domain. For performance reasons, this "
+"percentage will never reduce the nowait timeout to less than 10 seconds.  (0 "
+"disables this feature)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:776 sssd.conf.5.xml:1445
+msgid "Default: 50"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:781
+msgid "entry_negative_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:784
+msgid ""
+"Specifies for how many seconds nss_sss should cache negative cache hits "
+"(that is, queries for invalid database entries, like nonexistent ones)  "
+"before asking the back end again."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:790 sssd.conf.5.xml:1469
+msgid "Default: 15"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:795
+msgid "local_negative_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:798
+msgid ""
+"Specifies for how many seconds nss_sss should keep local users and groups in "
+"negative cache before trying to look it up in the back end again. Setting "
+"the option to 0 disables this feature."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:804
+msgid "Default: 14400 (4 hours)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:809
+msgid "filter_users, filter_groups (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:812
+msgid ""
+"Exclude certain users or groups from being fetched from the sss NSS "
+"database. This is particularly useful for system accounts. This option can "
+"also be set per-domain or include fully-qualified names to filter only users "
+"from the particular domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:819
+msgid ""
+"NOTE: The filter_groups option doesn't affect inheritance of nested group "
+"members, since filtering happens after they are propagated for returning via "
+"NSS. E.g. a group having a member group filtered out will still have the "
+"member users of the latter listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:827
+msgid "Default: root"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:832
+msgid "filter_users_in_groups (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:835
+msgid ""
+"If you want filtered user still be group members set this option to false."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:846
+msgid "fallback_homedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:849
+msgid ""
+"Set a default template for a user's home directory if one is not specified "
+"explicitly by the domain's data provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:854
+msgid ""
+"The available values for this option are the same as for override_homedir."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:860
+#, no-wrap
+msgid ""
+"fallback_homedir = /home/%u\n"
+"                            "
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para>
+#: sssd.conf.5.xml:858 sssd.conf.5.xml:1298 sssd.conf.5.xml:1317
+#: sssd-krb5.5.xml:539 include/override_homedir.xml:59
+msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:864
+msgid "Default: not set (no substitution for unset home directories)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:870
+msgid "override_shell (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:873
+msgid ""
+"Override the login shell for all users. This option supersedes any other "
+"shell options if it takes effect and can be set either in the [nss] section "
+"or per-domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:879
+msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:885
+msgid "allowed_shells (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:888
+msgid ""
+"Restrict user shell to one of the listed values. The order of evaluation is:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:891
+msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:895
+msgid ""
+"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
+"quote>, use the value of the shell_fallback parameter."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:900
+msgid ""
+"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
+"shells</quote>, a nologin shell is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:905
+msgid "The wildcard (*) can be used to allow any shell."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:908
+msgid ""
+"The (*) is useful if you want to use shell_fallback in case that user's "
+"shell is not in <quote>/etc/shells</quote> and maintaining list of all "
+"allowed shells in allowed_shells would be to much overhead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:915
+msgid "An empty string for shell is passed as-is to libc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:918
+msgid ""
+"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
+"that a restart of the SSSD is required in case a new shell is installed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:922
+msgid "Default: Not set. The user shell is automatically used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:927
+msgid "vetoed_shells (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:930
+msgid "Replace any instance of these shells with the shell_fallback"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:935
+msgid "shell_fallback (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:938
+msgid ""
+"The default shell to use if an allowed shell is not installed on the machine."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:942
+msgid "Default: /bin/sh"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:947
+msgid "default_shell"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:950
+msgid ""
+"The default shell to use if the provider does not return one during lookup. "
+"This option can be specified globally in the [nss] section or per-domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:956
+msgid ""
+"Default: not set (Return NULL if no shell is specified and rely on libc to "
+"substitute something sensible when necessary, usually /bin/sh)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:963 sssd.conf.5.xml:1224
+msgid "get_domains_timeout (int)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:966 sssd.conf.5.xml:1227
+msgid ""
+"Specifies time in seconds for which the list of subdomains will be "
+"considered valid."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:975
+msgid "memcache_timeout (int)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:978
+msgid ""
+"Specifies time in seconds for which records in the in-memory cache will be "
+"valid. Setting this option to zero will disable the in-memory cache."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:986
+msgid ""
+"WARNING: Disabling the in-memory cache will have significant negative impact "
+"on SSSD's performance and should only be used for testing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:992
+msgid ""
+"NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
+"client applications will not use the fast in-memory cache."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1000 sssd-ifp.5.xml:74
+msgid "user_attributes (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1003
+msgid ""
+"Some of the additional NSS responder requests can return more attributes "
+"than just the POSIX ones defined by the NSS interface. The list of "
+"attributes is controlled by this option. It is handled the same way as the "
+"<quote>user_attributes</quote> option of the InfoPipe responder (see "
+"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> for details) but with no default values."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1016
+msgid ""
+"To make configuration more easy the NSS responder will check the InfoPipe "
+"option if it is not set for the NSS responder."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1021
+msgid "Default: not set, fallback to InfoPipe option"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1026
+msgid "pwfield (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1029
+msgid ""
+"The value that NSS operations that return users or groups will return for "
+"the <quote>password</quote> field."
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para>
+#: sssd.conf.5.xml:1034 include/override_homedir.xml:56
+msgid "This option can also be set per-domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1037
+msgid ""
+"Default: <quote>*</quote> (remote domains)  or <quote>x</quote> (the files "
+"domain)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:1045
+msgid "PAM configuration options"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:1047
+msgid ""
+"These options can be used to configure the Pluggable Authentication Module "
+"(PAM) service."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1052
+msgid "offline_credentials_expiration (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1055
+msgid ""
+"If the authentication provider is offline, how long should we allow cached "
+"logins (in days since the last successful online login)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1060 sssd.conf.5.xml:1073
+msgid "Default: 0 (No limit)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1066
+msgid "offline_failed_login_attempts (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1069
+msgid ""
+"If the authentication provider is offline, how many failed login attempts "
+"are allowed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1079
+msgid "offline_failed_login_delay (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1082
+msgid ""
+"The time in minutes which has to pass after offline_failed_login_attempts "
+"has been reached before a new login attempt is possible."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1087
+msgid ""
+"If set to 0 the user cannot authenticate offline if "
+"offline_failed_login_attempts has been reached. Only a successful online "
+"authentication can enable offline authentication again."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1093 sssd.conf.5.xml:1191
+msgid "Default: 5"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1099
+msgid "pam_verbosity (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1102
+msgid ""
+"Controls what kind of messages are shown to the user during authentication. "
+"The higher the number to more messages are displayed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1107
+msgid "Currently sssd supports the following values:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1110
+msgid "<emphasis>0</emphasis>: do not show any message"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1113
+msgid "<emphasis>1</emphasis>: show only important messages"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1117
+msgid "<emphasis>2</emphasis>: show informational messages"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1120
+msgid "<emphasis>3</emphasis>: show all messages and debug information"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1124 sssd.8.xml:63
+msgid "Default: 1"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1130
+msgid "pam_response_filter (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1133
+msgid ""
+"A comma separated list of strings which allows to remove (filter) data sent "
+"by the PAM responder to pam_sss PAM module. There are different kind of "
+"responses sent to pam_sss e.g. messages displayed to the user or environment "
+"variables which should be set by pam_sss."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1141
+msgid ""
+"While messages already can be controlled with the help of the pam_verbosity "
+"option this option allows to filter out other kind of responses as well."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1148
+msgid "ENV"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1149
+msgid "Do not send any environment variables to any service."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1152
+msgid "ENV:var_name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1153
+msgid "Do not send environment variable var_name to any service."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1157
+msgid "ENV:var_name:service"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1158
+msgid "Do not send environment variable var_name to service."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1146
+msgid ""
+"Currently the following filters are supported: <placeholder type="
+"\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1168
+msgid "Example: ENV:KRB5CCNAME:sudo-i"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1174
+msgid "pam_id_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1177
+msgid ""
+"For any PAM request while SSSD is online, the SSSD will attempt to "
+"immediately update the cached identity information for the user in order to "
+"ensure that authentication takes place with the latest information."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1183
+msgid ""
+"A complete PAM conversation may perform multiple PAM requests, such as "
+"account management and session opening. This option controls (on a per-"
+"client-application basis) how long (in seconds) we can cache the identity "
+"information to avoid excessive round-trips to the identity provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1197
+msgid "pam_pwd_expiration_warning (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1200 sssd.conf.5.xml:2078
+msgid "Display a warning N days before the password expires."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1203
+msgid ""
+"Please note that the backend server has to provide information about the "
+"expiration time of the password.  If this information is missing, sssd "
+"cannot display a warning."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1209 sssd.conf.5.xml:2081
+msgid ""
+"If zero is set, then this filter is not applied, i.e. if the expiration "
+"warning was received from backend server, it will automatically be displayed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1214
+msgid ""
+"This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
+"emphasis> for a particular domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1219 sssd.conf.5.xml:2904 sssd.8.xml:79
+msgid "Default: 0"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1236
+msgid "pam_trusted_users (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1239
+msgid ""
+"Specifies the comma-separated list of UID values or user names that are "
+"allowed to run PAM conversations against trusted domains.  Users not "
+"included in this list can only access domains marked as public with "
+"<quote>pam_public_domains</quote>.  User names are resolved to UIDs at "
+"startup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1249
+msgid "Default: All users are considered trusted by default"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1253
+msgid ""
+"Please note that UID 0 is always allowed to access the PAM responder even in "
+"case it is not in the pam_trusted_users list."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1260
+msgid "pam_public_domains (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1263
+msgid ""
+"Specifies the comma-separated list of domain names that are accessible even "
+"to untrusted users."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1267
+msgid "Two special values for pam_public_domains option are defined:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1271
+msgid ""
+"all (Untrusted users are allowed to access all domains in PAM responder.)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1275
+msgid ""
+"none (Untrusted users are not allowed to access any domains PAM in "
+"responder.)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1279 sssd.conf.5.xml:1304 sssd.conf.5.xml:1323
+#: sssd.conf.5.xml:1875 sssd.conf.5.xml:2840 sssd-ldap.5.xml:1968
+msgid "Default: none"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1284
+msgid "pam_account_expired_message (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1287
+msgid ""
+"Allows a custom expiration message to be set, replacing the default "
+"'Permission denied' message."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1292
+msgid ""
+"Note: Please be aware that message is only printed for the SSH service "
+"unless pam_verbosity is set to 3 (show all messages and debug information)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:1300
+#, no-wrap
+msgid ""
+"pam_account_expired_message = Account expired, please contact help desk.\n"
+"                            "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1309
+msgid "pam_account_locked_message (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1312
+msgid ""
+"Allows a custom lockout message to be set, replacing the default 'Permission "
+"denied' message."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:1319
+#, no-wrap
+msgid ""
+"pam_account_locked_message = Account locked, please contact help desk.\n"
+"                            "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1328
+msgid "pam_cert_auth (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1331
+msgid ""
+"Enable certificate based Smartcard authentication.  Since this requires "
+"additional communication with the Smartcard which will delay the "
+"authentication process this option is disabled by default."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1337 sssd.conf.5.xml:2933 sssd-ldap.5.xml:1087
+#: sssd-ldap.5.xml:1114 sssd-ldap.5.xml:1514 sssd-ldap.5.xml:1535
+#: sssd-ldap.5.xml:2041 include/ldap_id_mapping.xml:244
+msgid "Default: False"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1342
+msgid "pam_cert_db_path (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1345
+msgid ""
+"The path to the certificate database which contain the PKCS#11 modules to "
+"access the Smartcard."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1349 sssd.conf.5.xml:1534
+#, fuzzy
+#| msgid "Default: true"
+msgid "Default:"
+msgstr "Standard: true"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:1351 sssd.conf.5.xml:1536
+msgid "/etc/pki/nssdb (NSS version, path to a NSS database)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:1354 sssd.conf.5.xml:1539
+msgid ""
+"/etc/sssd/pki/sssd_auth_ca_db.pem (OpenSSL version, path to a file with "
+"trusted CA certificates in PEM format)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1361 sssd.conf.5.xml:1546
+msgid "This man page was generated for the NSS version."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1364 sssd.conf.5.xml:1549
+msgid "This man page was generated for the OpenSSL version."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1369
+msgid "p11_child_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1372
+msgid "How many seconds will pam_sss wait for p11_child to finish."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1381
+msgid "pam_app_services (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1384
+msgid ""
+"Which PAM services are permitted to contact domains of type "
+"<quote>application</quote>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:1397
+msgid "SUDO configuration options"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:1399
+msgid ""
+"These options can be used to configure the sudo service.  The detailed "
+"instructions for configuration of <citerefentry> <refentrytitle>sudo</"
+"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to work with "
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry> are in the manual page <citerefentry> <refentrytitle>sssd-"
+"sudo</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1416
+msgid "sudo_timed (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1419
+msgid ""
+"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
+"that implement time-dependent sudoers entries."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1431
+msgid "sudo_threshold (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1434
+msgid ""
+"Maximum number of expired rules that can be refreshed at once. If number of "
+"expired rules is below threshold, those rules are refreshed with "
+"<quote>rules refresh</quote> mechanism. If the threshold is exceeded a "
+"<quote>full refresh</quote> of sudo rules is triggered instead. This "
+"threshold number also applies to IPA sudo command and command group searches."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:1453
+msgid "AUTOFS configuration options"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:1455
+msgid "These options can be used to configure the autofs service."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1459
+msgid "autofs_negative_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1462
+msgid ""
+"Specifies for how many seconds should the autofs responder negative cache "
+"hits (that is, queries for invalid map entries, like nonexistent ones) "
+"before asking the back end again."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:1478
+msgid "SSH configuration options"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:1480
+msgid "These options can be used to configure the SSH service."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1484
+msgid "ssh_hash_known_hosts (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1487
+msgid ""
+"Whether or not to hash host names and addresses in the managed known_hosts "
+"file."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1496
+msgid "ssh_known_hosts_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1499
+msgid ""
+"How many seconds to keep a host in the managed known_hosts file after its "
+"host keys were requested."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1503
+msgid "Default: 180"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1508
+msgid "ssh_use_certificate_keys (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1511
+msgid ""
+"If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh "
+"keys derived from the public key of X.509 certificates stored in the user "
+"entry as well. See <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</"
+"refentrytitle> <manvolnum>1</manvolnum> </citerefentry> for details."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1526
+msgid "ca_db (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1529
+msgid ""
+"Path to a storage of trusted CA certificates. The option is used to validate "
+"user certificates before deriving public ssh keys from them."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:1557
+msgid "PAC responder configuration options"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:1559
+msgid ""
+"The PAC responder works together with the authorization data plugin for MIT "
+"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
+"PAC data during a GSSAPI authentication to the PAC responder. The sub-domain "
+"provider collects domain SID and ID ranges of the domain the client is "
+"joined to and of remote trusted domains from the local domain controller. If "
+"the PAC is decoded and evaluated some of the following operations are done:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:1568
+msgid ""
+"If the remote user does not exist in the cache, it is created. The UID is "
+"determined with the help of the SID, trusted domains will have UPGs and the "
+"GID will have the same value as the UID. The home directory is set based on "
+"the subdomain_homedir parameter. The shell will be empty by default, i.e. "
+"the system defaults are used, but can be overwritten with the default_shell "
+"parameter."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:1576
+msgid ""
+"If there are SIDs of groups from domains sssd knows about, the user will be "
+"added to those groups."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:1582
+msgid "These options can be used to configure the PAC responder."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1586 sssd-ifp.5.xml:50
+msgid "allowed_uids (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1589
+msgid ""
+"Specifies the comma-separated list of UID values or user names that are "
+"allowed to access the PAC responder. User names are resolved to UIDs at "
+"startup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1595
+msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1599
+msgid ""
+"Please note that although the UID 0 is used as the default it will be "
+"overwritten with this option. If you still want to allow the root user to "
+"access the PAC responder, which would be the typical case, you have to add 0 "
+"to the list of allowed UIDs as well."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1608
+msgid "pac_lifetime (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1611
+msgid ""
+"Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
+"data can be used to determine the group memberships of a user."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:1624
+msgid "Session recording configuration options"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:1626
+msgid ""
+"Session recording works in conjunction with <citerefentry> "
+"<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry>, a part of tlog package, to log what users see and type when "
+"they log in on a text terminal.  See also <citerefentry> <refentrytitle>sssd-"
+"session-recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:1639
+msgid "These options can be used to configure session recording."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1643 sssd-session-recording.5.xml:64
+msgid "scope (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1650 sssd-session-recording.5.xml:71
+msgid "\"none\""
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1653 sssd-session-recording.5.xml:74
+msgid "No users are recorded."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1658 sssd-session-recording.5.xml:79
+msgid "\"some\""
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1661 sssd-session-recording.5.xml:82
+msgid ""
+"Users/groups specified by <replaceable>users</replaceable> and "
+"<replaceable>groups</replaceable> options are recorded."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1670 sssd-session-recording.5.xml:91
+msgid "\"all\""
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1673 sssd-session-recording.5.xml:94
+msgid "All users are recorded."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1646 sssd-session-recording.5.xml:67
+msgid ""
+"One of the following strings specifying the scope of session recording: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1680 sssd-session-recording.5.xml:101
+msgid "Default: \"none\""
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1685 sssd-session-recording.5.xml:106
+msgid "users (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1688 sssd-session-recording.5.xml:109
+msgid ""
+"A comma-separated list of users which should have session recording enabled. "
+"Matches user names as returned by NSS. I.e. after the possible space "
+"replacement, case changes, etc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1694 sssd-session-recording.5.xml:115
+msgid "Default: Empty. Matches no users."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1699 sssd-session-recording.5.xml:120
+msgid "groups (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1702 sssd-session-recording.5.xml:123
+msgid ""
+"A comma-separated list of groups, members of which should have session "
+"recording enabled. Matches group names as returned by NSS. I.e. after the "
+"possible space replacement, case changes, etc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1708 sssd-session-recording.5.xml:129
+msgid ""
+"NOTE: using this option (having it set to anything) has a considerable "
+"performance cost, because each uncached request for a user requires "
+"retrieving and matching the groups the user is member of."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1715 sssd-session-recording.5.xml:136
+msgid "Default: Empty. Matches no groups."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd.conf.5.xml:1725
+msgid "DOMAIN SECTIONS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1732
+msgid "domain_type (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1735
+msgid ""
+"Specifies whether the domain is meant to be used by POSIX-aware clients such "
+"as the Name Service Switch or by applications that do not need POSIX data to "
+"be present or generated. Only objects from POSIX domains are available to "
+"the operating system interfaces and utilities."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1743
+msgid ""
+"Allowed values for this option are <quote>posix</quote> and "
+"<quote>application</quote>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1747
+msgid ""
+"POSIX domains are reachable by all services. Application domains are only "
+"reachable from the InfoPipe responder (see <citerefentry> "
+"<refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry>) and the PAM responder."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1755
+msgid ""
+"NOTE: The application domains are currently well tested with "
+"<quote>id_provider=ldap</quote> only."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1759
+msgid ""
+"For an easy way to configure a non-POSIX domains, please see the "
+"<quote>Application domains</quote> section."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1763
+msgid "Default: posix"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1769
+msgid "min_id,max_id (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1772
+msgid ""
+"UID and GID limits for the domain. If a domain contains an entry that is "
+"outside these limits, it is ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1777
+msgid ""
+"For users, this affects the primary GID limit. The user will not be returned "
+"to NSS if either the UID or the primary GID is outside the range. For non-"
+"primary group memberships, those that are in range will be reported as "
+"expected."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1784
+msgid ""
+"These ID limits affect even saving entries to cache, not only returning them "
+"by name or ID."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1788
+msgid "Default: 1 for min_id, 0 (no limit) for max_id"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1794
+msgid "enumerate (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1797
+msgid ""
+"Determines if a domain can be enumerated, that is, whether the domain can "
+"list all the users and group it contains. Note that it is not required to "
+"enable enumeration in order for secondary groups to be displayed. This "
+"parameter can have one of the following values:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1805
+msgid "TRUE = Users and groups are enumerated"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1808
+msgid "FALSE = No enumerations for this domain"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1811 sssd.conf.5.xml:2033 sssd.conf.5.xml:2208
+msgid "Default: FALSE"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1814
+msgid ""
+"Enumerating a domain requires SSSD to download and store ALL user and group "
+"entries from the remote server."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1819
+msgid ""
+"Note: Enabling enumeration has a moderate performance impact on SSSD while "
+"enumeration is running. It may take up to several minutes after SSSD startup "
+"to fully complete enumerations.  During this time, individual requests for "
+"information will go directly to LDAP, though it may be slow, due to the "
+"heavy enumeration processing. Saving a large number of entries to cache "
+"after the enumeration completes might also be CPU intensive as the "
+"memberships have to be recomputed. This can lead to the <quote>sssd_be</"
+"quote> process becoming unresponsive or even restarted by the internal "
+"watchdog."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1834
+msgid ""
+"While the first enumeration is running, requests for the complete user or "
+"group lists may return no results until it completes."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1839
+msgid ""
+"Further, enabling enumeration may increase the time necessary to detect "
+"network disconnection, as longer timeouts are required to ensure that "
+"enumeration lookups are completed successfully.  For more information, refer "
+"to the man pages for the specific id_provider in use."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1847
+msgid ""
+"For the reasons cited above, enabling enumeration is not recommended, "
+"especially in large environments."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1855
+msgid "subdomain_enumerate (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1862
+msgid "all"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1863
+msgid "All discovered trusted domains will be enumerated"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1866
+msgid "none"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1867
+msgid "No discovered trusted domains will be enumerated"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1858
+msgid ""
+"Whether any of autodetected trusted domains should be enumerated. The "
+"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
+"Optionally, a list of one or more domain names can enable enumeration just "
+"for these trusted domains."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1881
+msgid "entry_cache_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1884
+msgid ""
+"How many seconds should nss_sss consider entries valid before asking the "
+"backend again"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1888
+msgid ""
+"The cache expiration timestamps are stored as attributes of individual "
+"objects in the cache. Therefore, changing the cache timeout only has effect "
+"for newly added or expired entries.  You should run the <citerefentry> "
+"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry> tool in order to force refresh of entries that have already "
+"been cached."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1901
+msgid "Default: 5400"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1907
+msgid "entry_cache_user_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1910
+msgid ""
+"How many seconds should nss_sss consider user entries valid before asking "
+"the backend again"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1914 sssd.conf.5.xml:1927 sssd.conf.5.xml:1940
+#: sssd.conf.5.xml:1953 sssd.conf.5.xml:1966 sssd.conf.5.xml:1980
+#: sssd.conf.5.xml:1994
+msgid "Default: entry_cache_timeout"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1920
+msgid "entry_cache_group_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1923
+msgid ""
+"How many seconds should nss_sss consider group entries valid before asking "
+"the backend again"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1933
+msgid "entry_cache_netgroup_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1936
+msgid ""
+"How many seconds should nss_sss consider netgroup entries valid before "
+"asking the backend again"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1946
+msgid "entry_cache_service_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1949
+msgid ""
+"How many seconds should nss_sss consider service entries valid before asking "
+"the backend again"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1959
+msgid "entry_cache_sudo_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1962
+msgid ""
+"How many seconds should sudo consider rules valid before asking the backend "
+"again"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1972
+msgid "entry_cache_autofs_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1975
+msgid ""
+"How many seconds should the autofs service consider automounter maps valid "
+"before asking the backend again"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1986
+msgid "entry_cache_ssh_host_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1989
+msgid ""
+"How many seconds to keep a host ssh key after refresh. IE how long to cache "
+"the host key for."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2000
+msgid "refresh_expired_interval (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2003
+msgid ""
+"Specifies how many seconds SSSD has to wait before triggering a background "
+"refresh task which will refresh all expired or nearly expired records."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2008
+msgid ""
+"The background refresh will process users, groups and netgroups in the cache."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2012
+msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2016 sssd-ldap.5.xml:746 sssd-ipa.5.xml:254
+msgid "Default: 0 (disabled)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2022
+msgid "cache_credentials (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2025
+msgid "Determines if user credentials are also cached in the local LDB cache"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2029
+msgid "User credentials are stored in a SHA512 hash, not in plaintext"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2039
+msgid "cache_credentials_minimal_first_factor_length (int)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2042
+msgid ""
+"If 2-Factor-Authentication (2FA) is used and credentials should be saved "
+"this value determines the minimal length the first authentication factor "
+"(long term password) must have to be saved as SHA512 hash into the cache."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2049
+msgid ""
+"This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
+"the cache which would make them easy targets for brute-force attacks."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2054
+msgid "Default: 8"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2060
+msgid "account_cache_expiration (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2063
+msgid ""
+"Number of days entries are left in cache after last successful login before "
+"being removed during a cleanup of the cache. 0 means keep forever.  The "
+"value of this parameter must be greater than or equal to "
+"offline_credentials_expiration."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2070
+msgid "Default: 0 (unlimited)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2075
+msgid "pwd_expiration_warning (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2086
+msgid ""
+"Please note that the backend server has to provide information about the "
+"expiration time of the password.  If this information is missing, sssd "
+"cannot display a warning. Also an auth provider has to be configured for the "
+"backend."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2093
+msgid "Default: 7 (Kerberos), 0 (LDAP)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2099
+msgid "id_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2102
+msgid ""
+"The identification provider used for the domain.  Supported ID providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2106
+msgid "<quote>proxy</quote>: Support a legacy NSS provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2109
+msgid ""
+"<quote>local</quote>: SSSD internal provider for local users (DEPRECATED)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2113
+msgid ""
+"<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-"
+"files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
+"information on how to mirror local users and groups into SSSD."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2121
+msgid ""
+"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
+"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
+"information on configuring LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2129 sssd.conf.5.xml:2234 sssd.conf.5.xml:2289
+#: sssd.conf.5.xml:2352
+msgid ""
+"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
+"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring "
+"FreeIPA."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2138 sssd.conf.5.xml:2243 sssd.conf.5.xml:2298
+#: sssd.conf.5.xml:2361
+msgid ""
+"<quote>ad</quote>: Active Directory provider. See <citerefentry> "
+"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring Active Directory."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2149
+msgid "use_fully_qualified_names (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2152
+msgid ""
+"Use the full name and domain (as formatted by the domain's full_name_format) "
+"as the user's login name reported to NSS."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2157
+msgid ""
+"If set to TRUE, all requests to this domain must use fully qualified names. "
+"For example, if used in LOCAL domain that contains a \"test\" user, "
+"<command>getent passwd test</command> wouldn't find the user while "
+"<command>getent passwd test@LOCAL</command> would."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2165
+msgid ""
+"NOTE: This option has no effect on netgroup lookups due to their tendency to "
+"include nested netgroups without qualified names. For netgroups, all domains "
+"will be searched when an unqualified name is requested."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2172
+msgid "Default: FALSE (TRUE if default_domain_suffix is used)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2178
+msgid "ignore_group_members (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2181
+msgid "Do not return group members for group lookups."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2184
+msgid ""
+"If set to TRUE, the group membership attribute is not requested from the "
+"ldap server, and group members are not returned when processing group lookup "
+"calls, such as <citerefentry> <refentrytitle>getgrnam</refentrytitle> "
+"<manvolnum>3</manvolnum> </citerefentry> or <citerefentry> "
+"<refentrytitle>getgrgid</refentrytitle> <manvolnum>3</manvolnum> </"
+"citerefentry>.  As an effect, <quote>getent group $groupname</quote> would "
+"return the requested group as if it was empty."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2202
+msgid ""
+"Enabling this option can also make access provider checks for group "
+"membership significantly faster, especially for groups containing many "
+"members."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2213
+msgid "auth_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2216
+msgid ""
+"The authentication provider used for the domain.  Supported auth providers "
+"are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2220 sssd.conf.5.xml:2282
+msgid ""
+"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
+"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2227
+msgid ""
+"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
+"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring Kerberos."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2251
+msgid ""
+"<quote>proxy</quote> for relaying authentication to some other PAM target."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2254
+msgid "<quote>local</quote>: SSSD internal provider for local users"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2258
+msgid "<quote>none</quote> disables authentication explicitly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2261
+msgid ""
+"Default: <quote>id_provider</quote> is used if it is set and can handle "
+"authentication requests."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2267
+msgid "access_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2270
+msgid ""
+"The access control provider used for the domain.  There are two built-in "
+"access providers (in addition to any included in installed backends)  "
+"Internal special providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2276
+msgid ""
+"<quote>permit</quote> always allow access. It's the only permitted access "
+"provider for a local domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2279
+msgid "<quote>deny</quote> always deny access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2306
+msgid ""
+"<quote>simple</quote> access control based on access or deny lists. See "
+"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry> for more information on configuring the simple "
+"access module."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2313
+msgid ""
+"<quote>krb5</quote>: .k5login based access control.  See <citerefentry> "
+"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
+"citerefentry> for more information on configuring Kerberos."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2320
+msgid "<quote>proxy</quote> for relaying access control to another PAM module."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2323
+msgid "Default: <quote>permit</quote>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2328
+msgid "chpass_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2331
+msgid ""
+"The provider which should handle change password operations for the domain.  "
+"Supported change password providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2336
+msgid ""
+"<quote>ldap</quote> to change a password stored in a LDAP server. See "
+"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> for more information on configuring LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2344
+msgid ""
+"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
+"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring Kerberos."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2369
+msgid ""
+"<quote>proxy</quote> for relaying password changes to some other PAM target."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2373
+msgid "<quote>none</quote> disallows password changes explicitly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2376
+msgid ""
+"Default: <quote>auth_provider</quote> is used if it is set and can handle "
+"change password requests."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2383
+msgid "sudo_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2386
+msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2390
+msgid ""
+"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
+"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2398
+msgid ""
+"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
+"settings."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2402
+msgid ""
+"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
+"settings."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2406
+msgid "<quote>none</quote> disables SUDO explicitly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2409 sssd.conf.5.xml:2495 sssd.conf.5.xml:2565
+#: sssd.conf.5.xml:2590
+msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2413
+msgid ""
+"The detailed instructions for configuration of sudo_provider are in the "
+"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry>.  There are many configuration "
+"options that can be used to adjust the behavior. Please refer to "
+"\"ldap_sudo_*\" in <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2428
+msgid ""
+"<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the "
+"background unless the sudo provider is explicitly disabled. Set "
+"<emphasis>sudo_provider = None</emphasis> to disable all sudo-related "
+"activity in SSSD if you do not want to use sudo with SSSD at all."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2438
+msgid "selinux_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2441
+msgid ""
+"The provider which should handle loading of selinux settings. Note that this "
+"provider will be called right after access provider ends.  Supported selinux "
+"providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2447
+msgid ""
+"<quote>ipa</quote> to load selinux settings from an IPA server. See "
+"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> for more information on configuring IPA."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2455
+msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2458
+msgid ""
+"Default: <quote>id_provider</quote> is used if it is set and can handle "
+"selinux loading requests."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2464
+msgid "subdomains_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2467
+msgid ""
+"The provider which should handle fetching of subdomains. This value should "
+"be always the same as id_provider.  Supported subdomain providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2473
+msgid ""
+"<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
+"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> for more information on configuring IPA."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2482
+msgid ""
+"<quote>ad</quote> to load a list of subdomains from an Active Directory "
+"server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring "
+"the AD provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2491
+msgid "<quote>none</quote> disallows fetching subdomains explicitly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2501
+msgid "session_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2504
+msgid ""
+"The provider which configures and manages user session related tasks. The "
+"only user session task currently provided is the integration with Fleet "
+"Commander, which works only with IPA.  Supported session providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2511
+msgid "<quote>ipa</quote> to allow performing user session related tasks."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2515
+msgid ""
+"<quote>none</quote> does not perform any kind of user session related tasks."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2519
+msgid ""
+"Default: <quote>id_provider</quote> is used if it is set and can perform "
+"session related tasks."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2523
+msgid ""
+"<emphasis>NOTE:</emphasis> In order to have this feature working as expected "
+"SSSD must be running as \"root\" and not as the unprivileged user."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2531
+msgid "autofs_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2534
+msgid ""
+"The autofs provider used for the domain.  Supported autofs providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2538
+msgid ""
+"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
+"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2545
+msgid ""
+"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
+"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring IPA."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2553
+msgid ""
+"<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
+"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring the AD provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2562
+msgid "<quote>none</quote> disables autofs explicitly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2572
+msgid "hostid_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2575
+msgid ""
+"The provider used for retrieving host identity information.  Supported "
+"hostid providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2579
+msgid ""
+"<quote>ipa</quote> to load host identity stored in an IPA server. See "
+"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> for more information on configuring IPA."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2587
+msgid "<quote>none</quote> disables hostid explicitly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2600
+msgid ""
+"Regular expression for this domain that describes how to parse the string "
+"containing user name and domain into these components.  The \"domain\" can "
+"match either the SSSD configuration domain name, or, in the case of IPA "
+"trust subdomains and Active Directory domains, the flat (NetBIOS) name of "
+"the domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2609
+msgid ""
+"Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
+"\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
+"P&lt;name&gt;[^@\\\\]+)$))</quote> which allows three different styles for "
+"user names:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:2614
+msgid "username"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:2617
+msgid "username@domain.name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:2620
+msgid "domain\\username"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2623
+msgid ""
+"While the first two correspond to the general default the third one is "
+"introduced to allow easy integration of users from Windows domains."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2628
+msgid ""
+"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
+"which translates to \"the name is everything up to the <quote>@</quote> "
+"sign, the domain everything after that\""
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2634
+msgid ""
+"PLEASE NOTE: the support for non-unique named subpatterns is not available "
+"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
+"version 7 or higher can support non-unique named subpatterns."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2641
+msgid ""
+"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
+"P&lt;name&gt;) to label subpatterns."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2688
+msgid "Default: <quote>%1$s@%2$s</quote>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2694
+msgid "lookup_family_order (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2697
+msgid ""
+"Provides the ability to select preferred address family to use when "
+"performing DNS lookups."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2701
+msgid "Supported values:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2704
+msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2707
+msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2710
+msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2713
+msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2716
+msgid "Default: ipv4_first"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2722
+msgid "dns_resolver_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2725
+msgid ""
+"Defines the amount of time (in seconds) to wait for a reply from the "
+"internal fail over service before assuming that the service is unreachable. "
+"If this timeout is reached, the domain will continue to operate in offline "
+"mode."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2732
+msgid ""
+"Please see the section <quote>FAILOVER</quote> for more information about "
+"the service resolution."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2737 sssd-ldap.5.xml:1396 sssd-ldap.5.xml:1438
+#: sssd-ldap.5.xml:1456 sssd-krb5.5.xml:248
+msgid "Default: 6"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2743
+msgid "dns_discovery_domain (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2746
+msgid ""
+"If service discovery is used in the back end, specifies the domain part of "
+"the service discovery DNS query."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2750
+msgid "Default: Use the domain part of machine's hostname"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2756
+msgid "override_gid (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2759
+msgid "Override the primary GID value with the one specified."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2765
+msgid "case_sensitive (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2773
+msgid "True"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2776
+msgid "Case sensitive. This value is invalid for AD provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2782
+msgid "False"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2784
+msgid "Case insensitive."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2788
+msgid "Preserving"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2791
+msgid ""
+"Same as False (case insensitive), but does not lowercase names in the result "
+"of NSS operations. Note that name aliases (and in case of services also "
+"protocol names) are still lowercased in the output."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2768
+msgid ""
+"Treat user and group names as case sensitive. At the moment, this option is "
+"not supported in the local provider. Possible option values are: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2803
+msgid "Default: True (False for AD provider)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2809
+msgid "subdomain_inherit (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2812
+msgid ""
+"Specifies a list of configuration parameters that should be inherited by a "
+"subdomain. Please note that only selected parameters can be inherited.  "
+"Currently the following options can be inherited:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2818
+msgid "ignore_group_members"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2821
+msgid "ldap_purge_cache_timeout"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2824 sssd-ldap.5.xml:1120
+msgid "ldap_use_tokengroups"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2827
+msgid "ldap_user_principal"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2830
+msgid ""
+"ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
+"is not set explicitly)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:2836
+#, no-wrap
+msgid ""
+"subdomain_inherit = ldap_purge_cache_timeout\n"
+"                            "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2834 sssd-secrets.5.xml:448
+msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2843
+msgid "Note: This option only works with the IPA and AD provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2850
+msgid "subdomain_homedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2861
+msgid "%F"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2862
+msgid "flat (NetBIOS) name of a subdomain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2853
+msgid ""
+"Use this homedir as default value for all subdomains within this domain in "
+"IPA AD trust.  See <emphasis>override_homedir</emphasis> for info about "
+"possible values. In addition to those, the expansion below can only be used "
+"with <emphasis>subdomain_homedir</emphasis>.  <placeholder type="
+"\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2867
+msgid ""
+"The value can be overridden by <emphasis>override_homedir</emphasis> option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2871
+msgid "Default: <filename>/home/%d/%u</filename>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2876
+msgid "realmd_tags (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2879
+msgid ""
+"Various tags stored by the realmd configuration service for this domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2885
+msgid "cached_auth_timeout (int)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2888
+msgid ""
+"Specifies time in seconds since last successful online authentication for "
+"which user will be authenticated using cached credentials while SSSD is in "
+"the online mode."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2894
+msgid "Special value 0 implies that this feature is disabled."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2898
+msgid ""
+"Please note that if <quote>cached_auth_timeout</quote> is longer than "
+"<quote>pam_id_timeout</quote> then the back end could be called to handle "
+"<quote>initgroups.</quote>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2909
+msgid "auto_private_groups (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2912
+msgid ""
+"If this option is enabled, SSSD will automatically create user private "
+"groups based on user's UID number. The GID number is ignored in this case."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2917
+msgid ""
+"For POSIX subdomains, setting the option in the main domain is inherited in "
+"the subdomain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2921
+msgid ""
+"For ID-mapping subdomains, auto_private_groups is already enabled for the "
+"subdomains and setting it to false will not have any effect for the "
+"subdomain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2926
+msgid ""
+"NOTE: Because the GID number and the user private group are inferred from "
+"the UID number, it is not supported to have multiple entries with the same "
+"UID or GID number with this option. In other words, enabling this option "
+"enforces uniqueness across the ID space."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:1727
+msgid ""
+"These configuration options can be present in a domain configuration "
+"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
+"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2945
+msgid "proxy_pam_target (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2948
+msgid "The proxy target PAM proxies to."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2951
+msgid ""
+"Default: not set by default, you have to take an existing pam configuration "
+"or create a new one and add the service name here."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2959
+msgid "proxy_lib_name (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2962
+msgid ""
+"The name of the NSS library to use in proxy domains. The NSS functions "
+"searched for in the library are in the form of _nss_$(libName)_$(function), "
+"for example _nss_files_getpwent."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2972
+msgid "proxy_fast_alias (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2975
+msgid ""
+"When a user or group is looked up by name in the proxy provider, a second "
+"lookup by ID is performed to \"canonicalize\" the name in case the requested "
+"name was an alias. Setting this option to true would cause the SSSD to "
+"perform the ID lookup from cache for performance reasons."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2989
+msgid "proxy_max_children (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2992
+msgid ""
+"This option specifies the number of pre-forked proxy children. It is useful "
+"for high-load SSSD environments where sssd may run out of available child "
+"slots, which would cause some issues due to the requests being queued."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:2941
+msgid ""
+"Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
+"\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:3008
+msgid "Application domains"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:3010
+msgid ""
+"SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to "
+"applications as a gateway to an LDAP directory where users and groups are "
+"stored. However, contrary to the traditional SSSD deployment where all users "
+"and groups either have POSIX attributes or those attributes can be inferred "
+"from the Windows SIDs, in many cases the users and groups in the application "
+"support scenario have no POSIX attributes.  Instead of setting a "
+"<quote>[domain/<replaceable>NAME</replaceable>]</quote> section, the "
+"administrator can set up an <quote>[application/<replaceable>NAME</"
+"replaceable>]</quote> section that internally represents a domain with type "
+"<quote>application</quote> optionally inherits settings from a tradition "
+"SSSD domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:3030
+msgid ""
+"Please note that the application domain must still be explicitly enabled in "
+"the <quote>domains</quote> parameter so that the lookup order between the "
+"application domain and its POSIX sibling domain is set correctly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
+#: sssd.conf.5.xml:3036
+msgid "Application domain parameters"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:3038
+msgid "inherit_from (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3041
+msgid ""
+"The SSSD POSIX-type domain the application domain inherits all settings "
+"from. The application domain can moreover add its own settings to the "
+"application settings that augment or override the <quote>sibling</quote> "
+"domain settings."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:3055
+msgid ""
+"The following example illustrates the use of an application domain. In this "
+"setup, the POSIX domain is connected to an LDAP server and is used by the OS "
+"through the NSS responder. In addition, the application domain also requests "
+"the telephoneNumber attribute, stores it as the phone attribute in the cache "
+"and makes the phone attribute reachable through the D-Bus interface."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><programlisting>
+#: sssd.conf.5.xml:3063
+#, no-wrap
+msgid ""
+"[sssd]\n"
+"domains = appdom, posixdom\n"
+"\n"
+"[ifp]\n"
+"user_attributes = +phone\n"
+"\n"
+"[domain/posixdom]\n"
+"id_provider = ldap\n"
+"ldap_uri = ldap://ldap.example.com\n"
+"ldap_search_base = dc=example,dc=com\n"
+"\n"
+"[application/appdom]\n"
+"inherit_from = posixdom\n"
+"ldap_user_extra_attrs = phone:telephoneNumber\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:3081
+msgid "The local domain section"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:3083
+msgid ""
+"This section contains settings for domain that stores users and groups in "
+"SSSD native database, that is, a domain that uses "
+"<replaceable>id_provider=local</replaceable>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:3090
+msgid "default_shell (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3093
+msgid "The default shell for users created with SSSD userspace tools."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3097
+msgid "Default: <filename>/bin/bash</filename>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:3102
+msgid "base_directory (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3105
+msgid ""
+"The tools append the login name to <replaceable>base_directory</replaceable> "
+"and use that as the home directory."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3110
+msgid "Default: <filename>/home</filename>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:3115
+msgid "create_homedir (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3118
+msgid ""
+"Indicate if a home directory should be created by default for new users.  "
+"Can be overridden on command line."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3122 sssd.conf.5.xml:3134
+msgid "Default: TRUE"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:3127
+msgid "remove_homedir (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3130
+msgid ""
+"Indicate if a home directory should be removed by default for deleted "
+"users.  Can be overridden on command line."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:3139
+msgid "homedir_umask (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3142
+msgid ""
+"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
+"on a newly created home directory."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3150
+msgid "Default: 077"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:3155
+msgid "skel_dir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3158
+msgid ""
+"The skeleton directory, which contains files and directories to be copied in "
+"the user's home directory, when the home directory is created by "
+"<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</"
+"manvolnum> </citerefentry>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3168
+msgid "Default: <filename>/etc/skel</filename>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:3173
+msgid "mail_dir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3176
+msgid ""
+"The mail spool directory. This is needed to manipulate the mailbox when its "
+"corresponding user account is modified or deleted.  If not specified, a "
+"default value is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3183
+msgid "Default: <filename>/var/mail</filename>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:3188
+msgid "userdel_cmd (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3191
+msgid ""
+"The command that is run after a user is removed.  The command us passed the "
+"username of the user being removed as the first and only parameter. The "
+"return code of the command is not taken into account."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3197
+msgid "Default: None, no command is run"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd.conf.5.xml:3207
+msgid "TRUSTED DOMAIN SECTION"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:3209
+msgid ""
+"Some options used in the domain section can also be used in the trusted "
+"domain section, that is, in a section called <quote>[domain/"
+"<replaceable>DOMAIN_NAME</replaceable>/<replaceable>TRUSTED_DOMAIN_NAME</"
+"replaceable>]</quote>.  Where DOMAIN_NAME is the actual joined-to base "
+"domain. Please refer to examples below for explanation.  Currently supported "
+"options in the trusted domain section are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:3216
+msgid "ldap_search_base,"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:3217
+msgid "ldap_user_search_base,"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:3218
+msgid "ldap_group_search_base,"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:3219
+msgid "ldap_netgroup_search_base,"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:3220
+msgid "ldap_service_search_base,"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:3221
+msgid "ad_server,"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:3222
+msgid "ad_backup_server,"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:3223
+msgid "ad_site,"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:3224
+msgid "use_fully_qualified_names"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:3226
+msgid ""
+"For more details about these options see their individual description in the "
+"manual page."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd.conf.5.xml:3232 idmap_sss.8.xml:43
+msgid "EXAMPLES"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd.conf.5.xml:3238
+#, no-wrap
+msgid ""
+"[sssd]\n"
+"domains = LDAP\n"
+"services = nss, pam\n"
+"config_file_version = 2\n"
+"\n"
+"[nss]\n"
+"filter_groups = root\n"
+"filter_users = root\n"
+"\n"
+"[pam]\n"
+"\n"
+"[domain/LDAP]\n"
+"id_provider = ldap\n"
+"ldap_uri = ldap://ldap.example.com\n"
+"ldap_search_base = dc=example,dc=com\n"
+"\n"
+"auth_provider = krb5\n"
+"krb5_server = kerberos.example.com\n"
+"krb5_realm = EXAMPLE.COM\n"
+"cache_credentials = true\n"
+"\n"
+"min_id = 10000\n"
+"max_id = 20000\n"
+"enumerate = False\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:3234
+msgid ""
+"1. The following example shows a typical SSSD config. It does not describe "
+"configuration of the domains themselves - refer to documentation on "
+"configuring domains for more details.  <placeholder type=\"programlisting\" "
+"id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd.conf.5.xml:3271
+#, no-wrap
+msgid ""
+"[domain/ipa.com/child.ad.com]\n"
+"use_fully_qualified_names = false\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:3265
+msgid ""
+"2. The following example shows configuration of IPA AD trust where the AD "
+"forest consists of two domains in a parent-child structure.  Suppose IPA "
+"domain (ipa.com) has trust with AD domain(ad.com).  ad.com has child domain "
+"(child.ad.com). To enable shortnames in the child domain the following "
+"configuration should be used.  <placeholder type=\"programlisting\" id=\"0\"/"
+">"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16
+msgid "sssd-ldap"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-ldap.5.xml:17
+msgid "SSSD LDAP provider"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ldap.5.xml:23
+msgid ""
+"This manual page describes the configuration of LDAP domains for "
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry>.  Refer to the <quote>FILE FORMAT</quote> section of the "
+"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> manual page for detailed syntax information."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ldap.5.xml:35
+msgid "You can configure SSSD to use more than one LDAP domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ldap.5.xml:38
+msgid ""
+"LDAP back end supports id, auth, access and chpass providers. If you want to "
+"authenticate against an LDAP server either TLS/SSL or LDAPS is required. "
+"<command>sssd</command> <emphasis>does not</emphasis> support authentication "
+"over an unencrypted channel.  If the LDAP server is used only as an identity "
+"provider, an encrypted channel is not needed. Please refer to "
+"<quote>ldap_access_filter</quote> config option for more information about "
+"using LDAP as an access provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:81 sssd-ad.5.xml:115
+#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44 sssd-files.5.xml:57
+#: sssd-secrets.5.xml:120 sssd-session-recording.5.xml:58 sssd-kcm.8.xml:139
+msgid "CONFIGURATION OPTIONS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:60
+msgid "ldap_uri, ldap_backup_uri (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:63
+msgid ""
+"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
+"should connect in the order of preference. Refer to the <quote>FAILOVER</"
+"quote> section for more information on failover and server redundancy.  If "
+"neither option is specified, service discovery is enabled. For more "
+"information, refer to the <quote>SERVICE DISCOVERY</quote> section."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:70 sssd-secrets.5.xml:264
+msgid "The format of the URI must match the format defined in RFC 2732:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:73
+msgid "ldap[s]://&lt;host&gt;[:port]"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:76
+msgid ""
+"For explicit IPv6 addresses, &lt;host&gt; must be enclosed in brackets []"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:79
+msgid "example: ldap://[fc00::126:25]:389"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:85
+msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:88
+msgid ""
+"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
+"should connect in the order of preference to change the password of a user. "
+"Refer to the <quote>FAILOVER</quote> section for more information on "
+"failover and server redundancy."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:95
+msgid "To enable service discovery ldap_chpass_dns_service_name must be set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:99
+msgid "Default: empty, i.e. ldap_uri is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:105
+msgid "ldap_search_base (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:108
+msgid "The default base DN to use for performing LDAP user operations."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:112
+msgid ""
+"Starting with SSSD 1.7.0, SSSD supports multiple search bases using the "
+"syntax:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:116
+msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:119
+msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: sssd-ldap.5.xml:122 include/ldap_search_bases.xml:18
+msgid ""
+"The filter must be a valid LDAP search filter as specified by http://www."
+"ietf.org/rfc/rfc2254.txt"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:662 sssd-ad.5.xml:286
+#: sss_override.8.xml:137 sss_override.8.xml:234
+msgid "Examples:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:129
+msgid ""
+"ldap_search_base = dc=example,dc=com (which is equivalent to)  "
+"ldap_search_base = dc=example,dc=com?subtree?"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:134
+msgid ""
+"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?"
+"(host=thishost)?dc=example.com?subtree?"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:137
+msgid ""
+"Note: It is unsupported to have multiple search bases which reference "
+"identically-named objects (for example, groups with the same name in two "
+"different search bases). This will lead to unpredictable behavior on client "
+"machines."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:144
+msgid ""
+"Default: If not set, the value of the defaultNamingContext or namingContexts "
+"attribute from the RootDSE of the LDAP server is used. If "
+"defaultNamingContext does not exist or has an empty value namingContexts is "
+"used.  The namingContexts attribute must have a single value with the DN of "
+"the search base of the LDAP server to make this work. Multiple values are "
+"are not supported."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:158
+msgid "ldap_schema (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:161
+msgid ""
+"Specifies the Schema Type in use on the target LDAP server.  Depending on "
+"the selected schema, the default attribute names retrieved from the servers "
+"may vary.  The way that some attributes are handled may also differ."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:168
+msgid "Four schema types are currently supported:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ldap.5.xml:172
+msgid "rfc2307"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ldap.5.xml:177
+msgid "rfc2307bis"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ldap.5.xml:182
+msgid "IPA"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ldap.5.xml:187
+msgid "AD"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:193
+msgid ""
+"The main difference between these schema types is how group memberships are "
+"recorded in the server.  With rfc2307, group members are listed by name in "
+"the <emphasis>memberUid</emphasis> attribute.  With rfc2307bis and IPA, "
+"group members are listed by DN and stored in the <emphasis>member</emphasis> "
+"attribute.  The AD schema type sets the attributes to correspond with Active "
+"Directory 2008r2 values."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:203
+msgid "Default: rfc2307"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:209
+msgid "ldap_default_bind_dn (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:212
+msgid "The default bind DN to use for performing LDAP operations."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:219
+msgid "ldap_default_authtok_type (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:222
+msgid "The type of the authentication token of the default bind DN."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:226
+msgid "The two mechanisms currently supported are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:229
+msgid "password"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:232
+msgid "obfuscated_password"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:235
+msgid "Default: password"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:241
+msgid "ldap_default_authtok (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:244
+msgid ""
+"The authentication token of the default bind DN.  Only clear text passwords "
+"are currently supported."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:251
+msgid "ldap_user_object_class (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:254
+msgid "The object class of a user entry in LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:257
+msgid "Default: posixAccount"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:263
+msgid "ldap_user_name (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:266
+msgid "The LDAP attribute that corresponds to the user's login name."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:270
+msgid "Default: uid (rfc2307, rfc2307bis and IPA), sAMAccountName (AD)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:277
+msgid "ldap_user_uid_number (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:280
+msgid "The LDAP attribute that corresponds to the user's id."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:284
+msgid "Default: uidNumber"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:290
+msgid "ldap_user_gid_number (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:293
+msgid "The LDAP attribute that corresponds to the user's primary group id."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:297 sssd-ldap.5.xml:929
+msgid "Default: gidNumber"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:303
+msgid "ldap_user_primary_group (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:306
+msgid ""
+"Active Directory primary group attribute for ID-mapping. Note that this "
+"attribute should only be set manually if you are running the <quote>ldap</"
+"quote> provider with ID mapping."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:312
+msgid "Default: unset (LDAP), primaryGroupID (AD)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:318
+msgid "ldap_user_gecos (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:321
+msgid "The LDAP attribute that corresponds to the user's gecos field."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:325
+msgid "Default: gecos"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:331
+msgid "ldap_user_home_directory (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:334
+msgid "The LDAP attribute that contains the name of the user's home directory."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:338
+msgid "Default: homeDirectory"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:344
+msgid "ldap_user_shell (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:347
+msgid "The LDAP attribute that contains the path to the user's default shell."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:351
+msgid "Default: loginShell"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:357
+msgid "ldap_user_uuid (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:360
+msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:364 sssd-ldap.5.xml:955
+msgid ""
+"Default: not set in the general case, objectGUID for AD and ipaUniqueID for "
+"IPA"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:371
+msgid "ldap_user_objectsid (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:374
+msgid ""
+"The LDAP attribute that contains the objectSID of an LDAP user object. This "
+"is usually only necessary for ActiveDirectory servers."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:379 sssd-ldap.5.xml:970
+msgid "Default: objectSid for ActiveDirectory, not set for other servers."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:386
+msgid "ldap_user_modify_timestamp (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:389 sssd-ldap.5.xml:980 sssd-ldap.5.xml:1203
+msgid ""
+"The LDAP attribute that contains timestamp of the last modification of the "
+"parent object."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:393 sssd-ldap.5.xml:984 sssd-ldap.5.xml:1210
+msgid "Default: modifyTimestamp"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:399
+msgid "ldap_user_shadow_last_change (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:402
+msgid ""
+"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
+"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of "
+"the last password change)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:412
+msgid "Default: shadowLastChange"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:418
+msgid "ldap_user_shadow_min (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:421
+msgid ""
+"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
+"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum "
+"password age)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:430
+msgid "Default: shadowMin"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:436
+msgid "ldap_user_shadow_max (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:439
+msgid ""
+"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
+"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum "
+"password age)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:448
+msgid "Default: shadowMax"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:454
+msgid "ldap_user_shadow_warning (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:457
+msgid ""
+"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
+"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
+"(password warning period)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:467
+msgid "Default: shadowWarning"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:473
+msgid "ldap_user_shadow_inactive (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:476
+msgid ""
+"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
+"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
+"(password inactivity period)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:486
+msgid "Default: shadowInactive"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:492
+msgid "ldap_user_shadow_expire (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:495
+msgid ""
+"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this "
+"parameter contains the name of an LDAP attribute corresponding to its "
+"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> counterpart (account expiration date)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:505
+msgid "Default: shadowExpire"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:511
+msgid "ldap_user_krb_last_pwd_change (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:514
+msgid ""
+"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
+"an LDAP attribute storing the date and time of last password change in "
+"kerberos."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:520
+msgid "Default: krbLastPwdChange"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:526
+msgid "ldap_user_krb_password_expiration (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:529
+msgid ""
+"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
+"an LDAP attribute storing the date and time when current password expires."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:535
+msgid "Default: krbPasswordExpiration"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:541
+msgid "ldap_user_ad_account_expires (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:544
+msgid ""
+"When using ldap_account_expire_policy=ad, this parameter contains the name "
+"of an LDAP attribute storing the expiration time of the account."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:549
+msgid "Default: accountExpires"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:555
+msgid "ldap_user_ad_user_account_control (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:558
+msgid ""
+"When using ldap_account_expire_policy=ad, this parameter contains the name "
+"of an LDAP attribute storing the user account control bit field."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:563
+msgid "Default: userAccountControl"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:569
+msgid "ldap_ns_account_lock (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:572
+msgid ""
+"When using ldap_account_expire_policy=rhds or equivalent, this parameter "
+"determines if access is allowed or not."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:577
+msgid "Default: nsAccountLock"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:583
+msgid "ldap_user_nds_login_disabled (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:586
+msgid ""
+"When using ldap_account_expire_policy=nds, this attribute determines if "
+"access is allowed or not."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:590 sssd-ldap.5.xml:604
+msgid "Default: loginDisabled"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:596
+msgid "ldap_user_nds_login_expiration_time (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:599
+msgid ""
+"When using ldap_account_expire_policy=nds, this attribute determines until "
+"which date access is granted."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:610
+msgid "ldap_user_nds_login_allowed_time_map (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:613
+msgid ""
+"When using ldap_account_expire_policy=nds, this attribute determines the "
+"hours of a day in a week when access is granted."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:618
+msgid "Default: loginAllowedTimeMap"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:624
+msgid "ldap_user_principal (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:627
+msgid ""
+"The LDAP attribute that contains the user's Kerberos User Principal Name "
+"(UPN)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:631
+msgid "Default: krbPrincipalName"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:637
+msgid "ldap_user_extra_attrs (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:640
+msgid ""
+"Comma-separated list of LDAP attributes that SSSD would fetch along with the "
+"usual set of user attributes."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:645
+msgid ""
+"The list can either contain LDAP attribute names only, or colon-separated "
+"tuples of SSSD cache attribute name and LDAP attribute name. In case only "
+"LDAP attribute name is specified, the attribute is saved to the cache "
+"verbatim.  Using a custom SSSD attribute name might be required by "
+"environments that configure several SSSD domains with different LDAP schemas."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:655
+msgid ""
+"Please note that several attribute names are reserved by SSSD, notably the "
+"<quote>name</quote> attribute. SSSD would report an error if any of the "
+"reserved attribute names is used as an extra attribute name."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:665
+msgid "ldap_user_extra_attrs = telephoneNumber"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:668
+msgid ""
+"Save the <quote>telephoneNumber</quote> attribute from LDAP as "
+"<quote>telephoneNumber</quote> to the cache."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:672
+msgid "ldap_user_extra_attrs = phone:telephoneNumber"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:675
+msgid ""
+"Save the <quote>telephoneNumber</quote> attribute from LDAP as <quote>phone</"
+"quote> to the cache."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:685
+msgid "ldap_user_ssh_public_key (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:688
+msgid "The LDAP attribute that contains the user's SSH public keys."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1306
+msgid "Default: sshPublicKey"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:698
+msgid "ldap_force_upper_case_realm (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:701
+msgid ""
+"Some directory servers, for example Active Directory, might deliver the "
+"realm part of the UPN in lower case, which might cause the authentication to "
+"fail. Set this option to a non-zero value if you want to use an upper-case "
+"realm."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:714
+msgid "ldap_enumeration_refresh_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:717
+msgid ""
+"Specifies how many seconds SSSD has to wait before refreshing its cache of "
+"enumerated records."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:728
+msgid "ldap_purge_cache_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:731
+msgid ""
+"Determine how often to check the cache for inactive entries (such as groups "
+"with no members and users who have never logged in) and remove them to save "
+"space."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:737
+msgid ""
+"Setting this option to zero will disable the cache cleanup operation. Please "
+"note that if enumeration is enabled, the cleanup task is required in order "
+"to detect entries removed from the server and can't be disabled. By default, "
+"the cleanup task will run every 3 hours with enumeration enabled."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:752
+msgid "ldap_user_fullname (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:755
+msgid "The LDAP attribute that corresponds to the user's full name."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:759 sssd-ldap.5.xml:1161 sssd-ldap.5.xml:1235
+#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:2394 sssd-ipa.5.xml:607
+msgid "Default: cn"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:765
+msgid "ldap_user_member_of (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:768
+msgid "The LDAP attribute that lists the user's group memberships."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:772 sssd-ldap.5.xml:1274
+msgid "Default: memberOf"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:778
+msgid "ldap_user_authorized_service (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:781
+msgid ""
+"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
+"use the presence of the authorizedService attribute in the user's LDAP entry "
+"to determine access privilege."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:788
+msgid ""
+"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
+"explicit allow (svc) and finally for allow_all (*)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:793
+msgid ""
+"Please note that the ldap_access_order configuration option <emphasis>must</"
+"emphasis> include <quote>authorized_service</quote> in order for the "
+"ldap_user_authorized_service option to work."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:800
+msgid "Default: authorizedService"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:806
+msgid "ldap_user_authorized_host (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:809
+msgid ""
+"If access_provider=ldap and ldap_access_order=host, SSSD will use the "
+"presence of the host attribute in the user's LDAP entry to determine access "
+"privilege."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:815
+msgid ""
+"An explicit deny (!host) is resolved first. Second, SSSD searches for "
+"explicit allow (host) and finally for allow_all (*)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:820
+msgid ""
+"Please note that the ldap_access_order configuration option <emphasis>must</"
+"emphasis> include <quote>host</quote> in order for the "
+"ldap_user_authorized_host option to work."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:827
+msgid "Default: host"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:833
+msgid "ldap_user_authorized_rhost (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:836
+msgid ""
+"If access_provider=ldap and ldap_access_order=rhost, SSSD will use the "
+"presence of the rhost attribute in the user's LDAP entry to determine access "
+"privilege. Similarly to host verification process."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:843
+msgid ""
+"An explicit deny (!rhost) is resolved first. Second, SSSD searches for "
+"explicit allow (rhost) and finally for allow_all (*)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:848
+msgid ""
+"Please note that the ldap_access_order configuration option <emphasis>must</"
+"emphasis> include <quote>rhost</quote> in order for the "
+"ldap_user_authorized_rhost option to work."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:855
+msgid "Default: rhost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:861
+msgid "ldap_user_certificate (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:864
+msgid "Name of the LDAP attribute containing the X509 certificate of the user."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:868
+msgid "Default: userCertificate;binary"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:874
+msgid "ldap_user_email (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:877
+msgid "Name of the LDAP attribute containing the email address of the user."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:881
+msgid ""
+"Note: If an email address of a user conflicts with an email address or fully "
+"qualified name of another user, then SSSD will not be able to serve those "
+"users properly. If for some reason several users need to share the same "
+"email address then set this option to a nonexistent attribute name in order "
+"to disable user lookup/login by email."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:890
+msgid "Default: mail"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:896
+msgid "ldap_group_object_class (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:899
+msgid "The object class of a group entry in LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:902
+msgid "Default: posixGroup"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:908
+msgid "ldap_group_name (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:911
+msgid "The LDAP attribute that corresponds to the group name."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:915
+msgid "Default: cn (rfc2307, rfc2307bis and IPA), sAMAccountName (AD)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:922
+msgid "ldap_group_gid_number (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:925
+msgid "The LDAP attribute that corresponds to the group's id."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:935
+msgid "ldap_group_member (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:938
+msgid "The LDAP attribute that contains the names of the group's members."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:942
+msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:948
+msgid "ldap_group_uuid (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:951
+msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:962
+msgid "ldap_group_objectsid (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:965
+msgid ""
+"The LDAP attribute that contains the objectSID of an LDAP group object. This "
+"is usually only necessary for ActiveDirectory servers."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:977
+msgid "ldap_group_modify_timestamp (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:990
+msgid "ldap_group_type (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:993
+msgid ""
+"The LDAP attribute that contains an integer value indicating the type of the "
+"group and maybe other flags."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:998
+msgid ""
+"This attribute is currently only used by the AD provider to determine if a "
+"group is a domain local groups and has to be filtered out for trusted "
+"domains."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1004
+msgid "Default: groupType in the AD provider, otherwise not set"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1011
+msgid "ldap_group_external_member (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1014
+msgid ""
+"The LDAP attribute that references group members that are defined in an "
+"external domain. At the moment, only IPA's external members are supported."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1020
+msgid "Default: ipaExternalMember in the IPA provider, otherwise unset."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1027
+msgid "ldap_group_nesting_level (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1030
+msgid ""
+"If ldap_schema is set to a schema format that supports nested groups (e.g. "
+"RFC2307bis), then this option controls how many levels of nesting SSSD will "
+"follow. This option has no effect on the RFC2307 schema."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1037
+msgid ""
+"Note: This option specifies the guaranteed level of nested groups to be "
+"processed for any lookup. However, nested groups beyond this limit "
+"<emphasis>may be</emphasis> returned if previous lookups already resolved "
+"the deeper nesting levels.  Also, subsequent lookups for other groups may "
+"enlarge the result set for original lookup if re-queried."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1046
+msgid ""
+"If ldap_group_nesting_level is set to 0 then no nested groups are processed "
+"at all. However, when connected to Active-Directory Server 2008 and later "
+"using <quote>id_provider=ad</quote> it is furthermore required to disable "
+"usage of Token-Groups by setting ldap_use_tokengroups to false in order to "
+"restrict group nesting."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1055
+msgid "Default: 2"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1061
+msgid "ldap_groups_use_matching_rule_in_chain"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1064
+msgid ""
+"This option tells SSSD to take advantage of an Active Directory-specific "
+"feature which may speed up group lookup operations on deployments with "
+"complex or deep nested groups."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1070
+msgid ""
+"In most common cases, it is best to leave this option disabled. It generally "
+"only provides a performance increase on very complex nestings."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1075 sssd-ldap.5.xml:1102
+msgid ""
+"If this option is enabled, SSSD will use it if it detects that the server "
+"supports it during initial connection. So \"True\" here essentially means "
+"\"auto-detect\"."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1081 sssd-ldap.5.xml:1108
+msgid ""
+"Note: This feature is currently known to work only with Active Directory "
+"2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/"
+"windows/desktop/aa746475%28v=vs.85%29.aspx\"> MSDN(TM) documentation</ulink> "
+"for more details."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1093
+msgid "ldap_initgroups_use_matching_rule_in_chain"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1096
+msgid ""
+"This option tells SSSD to take advantage of an Active Directory-specific "
+"feature which might speed up initgroups operations (most notably when "
+"dealing with complex or deep nested groups)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1123
+msgid ""
+"This options enables or disables use of Token-Groups attribute when "
+"performing initgroup for users from Active Directory Server 2008 and later."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1128
+msgid "Default: True for AD and IPA otherwise False."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1134
+msgid "ldap_netgroup_object_class (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1137
+msgid "The object class of a netgroup entry in LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1140
+msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1144
+msgid "Default: nisNetgroup"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1150
+msgid "ldap_netgroup_name (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1153
+msgid "The LDAP attribute that corresponds to the netgroup name."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1157
+msgid "In IPA provider, ipa_netgroup_name should be used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1167
+msgid "ldap_netgroup_member (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1170
+msgid "The LDAP attribute that contains the names of the netgroup's members."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1174
+msgid "In IPA provider, ipa_netgroup_member should be used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1178
+msgid "Default: memberNisNetgroup"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1184
+msgid "ldap_netgroup_triple (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1187
+msgid ""
+"The LDAP attribute that contains the (host, user, domain) netgroup triples."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1191 sssd-ldap.5.xml:1207
+msgid "This option is not available in IPA provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1194
+msgid "Default: nisNetgroupTriple"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1200
+msgid "ldap_netgroup_modify_timestamp (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1216
+msgid "ldap_host_object_class (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1219
+msgid "The object class of a host entry in LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1222 sssd-ldap.5.xml:1331
+msgid "Default: ipService"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1228
+msgid "ldap_host_name (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1257
+msgid "The LDAP attribute that corresponds to the host's name."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1241
+msgid "ldap_host_fqdn (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1244
+msgid ""
+"The LDAP attribute that corresponds to the host's fully-qualified domain "
+"name."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1248
+msgid "Default: fqdn"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1254
+msgid "ldap_host_serverhostname (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1261
+msgid "Default: serverHostname"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1267
+msgid "ldap_host_member_of (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1270
+msgid "The LDAP attribute that lists the host's group memberships."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1280
+msgid "ldap_host_search_base (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1283
+msgid "Optional. Use the given string as search base for host objects."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1287 sssd-ipa.5.xml:359 sssd-ipa.5.xml:378
+#: sssd-ipa.5.xml:397 sssd-ipa.5.xml:416
+msgid ""
+"See <quote>ldap_search_base</quote> for information about configuring "
+"multiple search bases."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: sssd-ldap.5.xml:1292 sssd-ipa.5.xml:364 include/ldap_search_bases.xml:27
+msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1299
+msgid "ldap_host_ssh_public_key (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1302
+msgid "The LDAP attribute that contains the host's SSH public keys."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1312
+msgid "ldap_host_uuid (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1315
+msgid "The LDAP attribute that contains the UUID/GUID of an LDAP host object."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1325
+msgid "ldap_service_object_class (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1328
+msgid "The object class of a service entry in LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1337
+msgid "ldap_service_name (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1340
+msgid ""
+"The LDAP attribute that contains the name of service attributes and their "
+"aliases."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1350
+msgid "ldap_service_port (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1353
+msgid "The LDAP attribute that contains the port managed by this service."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1357
+msgid "Default: ipServicePort"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1363
+msgid "ldap_service_proto (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1366
+msgid ""
+"The LDAP attribute that contains the protocols understood by this service."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1370
+msgid "Default: ipServiceProtocol"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1376
+msgid "ldap_service_search_base (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1381
+msgid "ldap_search_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1384
+msgid ""
+"Specifies the timeout (in seconds) that ldap searches are allowed to run "
+"before they are cancelled and cached results are returned (and offline mode "
+"is entered)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1390
+msgid ""
+"Note: this option is subject to change in future versions of the SSSD. It "
+"will likely be replaced at some point by a series of timeouts for specific "
+"lookup types."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1402
+msgid "ldap_enumeration_search_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1405
+msgid ""
+"Specifies the timeout (in seconds) that ldap searches for user and group "
+"enumerations are allowed to run before they are cancelled and cached results "
+"are returned (and offline mode is entered)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1418
+msgid "ldap_network_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1421
+msgid ""
+"Specifies the timeout (in seconds) after which the <citerefentry> "
+"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
+"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</"
+"manvolnum> </citerefentry> following a <citerefentry> "
+"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </"
+"citerefentry> returns in case of no activity."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1444
+msgid "ldap_opt_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1447
+msgid ""
+"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
+"will abort if no response is received. Also controls the timeout when "
+"communicating with the KDC in case of SASL bind, the timeout of an LDAP bind "
+"operation, password change extended operation and the StartTLS operation."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1462
+msgid "ldap_connection_expire_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1465
+msgid ""
+"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
+"maintained. After this time, the connection will be re-established. If used "
+"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. "
+"the TGT lifetime)  will be used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1473 sssd-ldap.5.xml:2551
+msgid "Default: 900 (15 minutes)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1479
+msgid "ldap_page_size (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1482
+msgid ""
+"Specify the number of records to retrieve from LDAP in a single request. "
+"Some LDAP servers enforce a maximum limit per-request."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1487
+msgid "Default: 1000"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1493
+msgid "ldap_disable_paging (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1496
+msgid ""
+"Disable the LDAP paging control. This option should be used if the LDAP "
+"server reports that it supports the LDAP paging control in its RootDSE but "
+"it is not enabled or does not behave properly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1502
+msgid ""
+"Example: OpenLDAP servers with the paging control module installed on the "
+"server but not enabled will report it in the RootDSE but be unable to use it."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1508
+msgid ""
+"Example: 389 DS has a bug where it can only support a one paging control at "
+"a time on a single connection. On busy clients, this can result in some "
+"requests being denied."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1520
+msgid "ldap_disable_range_retrieval (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1523
+msgid "Disable Active Directory range retrieval."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1526
+msgid ""
+"Active Directory limits the number of members to be retrieved in a single "
+"lookup using the MaxValRange policy (which defaults to 1500 members). If a "
+"group contains more members, the reply would include an AD-specific range "
+"extension. This option disables parsing of the range extension, therefore "
+"large groups will appear as having no members."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1541
+msgid "ldap_sasl_minssf (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1544
+msgid ""
+"When communicating with an LDAP server using SASL, specify the minimum "
+"security level necessary to establish the connection. The values of this "
+"option are defined by OpenLDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1550
+msgid "Default: Use the system default (usually specified by ldap.conf)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1557
+msgid "ldap_deref_threshold (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1560
+msgid ""
+"Specify the number of group members that must be missing from the internal "
+"cache in order to trigger a dereference lookup. If less members are missing, "
+"they are looked up individually."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1566
+msgid ""
+"You can turn off dereference lookups completely by setting the value to 0."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1570
+msgid ""
+"A dereference lookup is a means of fetching all group members in a single "
+"LDAP call.  Different LDAP servers may implement different dereference "
+"methods. The currently supported servers are 389/RHDS, OpenLDAP and Active "
+"Directory."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1578
+msgid ""
+"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
+"filter, then the dereference lookup performance enhancement will be disabled "
+"regardless of this setting."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1591
+msgid "ldap_tls_reqcert (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1594
+msgid ""
+"Specifies what checks to perform on server certificates in a TLS session, if "
+"any. It can be specified as one of the following values:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1600
+msgid ""
+"<emphasis>never</emphasis> = The client will not request or check any server "
+"certificate."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1604
+msgid ""
+"<emphasis>allow</emphasis> = The server certificate is requested. If no "
+"certificate is provided, the session proceeds normally. If a bad certificate "
+"is provided, it will be ignored and the session proceeds normally."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1611
+msgid ""
+"<emphasis>try</emphasis> = The server certificate is requested. If no "
+"certificate is provided, the session proceeds normally. If a bad certificate "
+"is provided, the session is immediately terminated."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1617
+msgid ""
+"<emphasis>demand</emphasis> = The server certificate is requested. If no "
+"certificate is provided, or a bad certificate is provided, the session is "
+"immediately terminated."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1623
+msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1627
+msgid "Default: hard"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1633
+msgid "ldap_tls_cacert (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1636
+msgid ""
+"Specifies the file that contains certificates for all of the Certificate "
+"Authorities that <command>sssd</command> will recognize."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1641 sssd-ldap.5.xml:1659 sssd-ldap.5.xml:1700
+msgid ""
+"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
+"conf</filename>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1648
+msgid "ldap_tls_cacertdir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1651
+msgid ""
+"Specifies the path of a directory that contains Certificate Authority "
+"certificates in separate individual files. Typically the file names need to "
+"be the hash of the certificate followed by '.0'.  If available, "
+"<command>cacertdir_rehash</command> can be used to create the correct names."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1666
+msgid "ldap_tls_cert (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1669
+msgid "Specifies the file that contains the certificate for the client's key."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1679
+msgid "ldap_tls_key (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1682
+msgid "Specifies the file that contains the client's key."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1691
+msgid "ldap_tls_cipher_suite (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1694
+msgid ""
+"Specifies acceptable cipher suites.  Typically this is a colon separated "
+"list.  See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
+"<manvolnum>5</manvolnum></citerefentry> for format."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1707
+msgid "ldap_id_use_start_tls (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1710
+msgid ""
+"Specifies that the id_provider connection must also use <systemitem class="
+"\"protocol\">tls</systemitem> to protect the channel."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1720
+msgid "ldap_id_mapping (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1723
+msgid ""
+"Specifies that SSSD should attempt to map user and group IDs from the "
+"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
+"on ldap_user_uid_number and ldap_group_gid_number."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1729
+msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1739
+msgid "ldap_min_id, ldap_max_id (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1742
+msgid ""
+"In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
+"set to true the allowed ID range for ldap_user_uid_number and "
+"ldap_group_gid_number is unbound. In a setup with sub/trusted-domains this "
+"might lead to ID collisions. To avoid collisions ldap_min_id and ldap_max_id "
+"can be set to restrict the allowed range for the IDs which are read directly "
+"from the server. Sub-domains can then pick other ranges to map IDs."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1754
+msgid "Default: not set (both options are set to 0)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1760
+msgid "ldap_sasl_mech (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1763
+msgid ""
+"Specify the SASL mechanism to use.  Currently only GSSAPI is tested and "
+"supported."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1773
+msgid "ldap_sasl_authid (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1776
+msgid ""
+"Specify the SASL authorization id to use.  When GSSAPI is used, this "
+"represents the Kerberos principal used for authentication to the directory.  "
+"This option can either contain the full principal (for example host/"
+"myhost@EXAMPLE.COM) or just the principal name (for example host/myhost)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1784
+msgid "Default: host/hostname@REALM"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1790
+msgid "ldap_sasl_realm (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1793
+msgid ""
+"Specify the SASL realm to use. When not specified, this option defaults to "
+"the value of krb5_realm.  If the ldap_sasl_authid contains the realm as "
+"well, this option is ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1799
+msgid "Default: the value of krb5_realm."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1805
+msgid "ldap_sasl_canonicalize (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1808
+msgid ""
+"If set to true, the LDAP library would perform a reverse lookup to "
+"canonicalize the host name during a SASL bind."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1813
+msgid "Default: false;"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1819
+msgid "ldap_krb5_keytab (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1822
+msgid "Specify the keytab to use when using SASL/GSSAPI."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1825
+msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1831
+msgid "ldap_krb5_init_creds (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1834
+msgid ""
+"Specifies that the id_provider should init Kerberos credentials (TGT).  This "
+"action is performed only if SASL is used and the mechanism selected is "
+"GSSAPI."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1846
+msgid "ldap_krb5_ticket_lifetime (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1849
+msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1853 sssd-ad.5.xml:937
+msgid "Default: 86400 (24 hours)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1859 sssd-krb5.5.xml:74
+msgid "krb5_server, krb5_backup_server (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1862
+msgid ""
+"Specifies the comma-separated list of IP addresses or hostnames of the "
+"Kerberos servers to which SSSD should connect in the order of preference. "
+"For more information on failover and server redundancy, see the "
+"<quote>FAILOVER</quote> section. An optional port number (preceded by a "
+"colon) may be appended to the addresses or hostnames.  If empty, service "
+"discovery is enabled - for more information, refer to the <quote>SERVICE "
+"DISCOVERY</quote> section."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1874 sssd-krb5.5.xml:89
+msgid ""
+"When using service discovery for KDC or kpasswd servers, SSSD first searches "
+"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
+"none are found."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1879 sssd-krb5.5.xml:94
+msgid ""
+"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
+"While the legacy name is recognized for the time being, users are advised to "
+"migrate their config files to use <quote>krb5_server</quote> instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1888 sssd-ipa.5.xml:428 sssd-krb5.5.xml:103
+msgid "krb5_realm (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1891
+msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1894
+msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1900 sssd-krb5.5.xml:462
+msgid "krb5_canonicalize (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1903
+msgid ""
+"Specifies if the host principal should be canonicalized when connecting to "
+"LDAP server. This feature is available with MIT Kerberos >= 1.7"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1915 sssd-krb5.5.xml:477
+msgid "krb5_use_kdcinfo (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1918 sssd-krb5.5.xml:480
+msgid ""
+"Specifies if the SSSD should instruct the Kerberos libraries what realm and "
+"which KDCs to use. This option is on by default, if you disable it, you need "
+"to configure the Kerberos library using the <citerefentry> "
+"<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> configuration file."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1929 sssd-krb5.5.xml:491
+msgid ""
+"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
+"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
+"information on the locator plugin."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1943
+msgid "ldap_pwd_policy (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1946
+msgid ""
+"Select the policy to evaluate the password expiration on the client side. "
+"The following values are allowed:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1951
+msgid ""
+"<emphasis>none</emphasis> - No evaluation on the client side. This option "
+"cannot disable server-side password policies."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1956
+msgid ""
+"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
+"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
+"evaluate if the password has expired."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1962
+msgid ""
+"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
+"to determine if the password has expired. Use chpass_provider=krb5 to update "
+"these attributes when the password is changed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1971
+msgid ""
+"<emphasis>Note</emphasis>: if a password policy is configured on server "
+"side, it always takes precedence over policy set with this option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1979
+msgid "ldap_referrals (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1982
+msgid "Specifies whether automatic referral chasing should be enabled."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1986
+msgid ""
+"Please note that sssd only supports referral chasing when it is compiled "
+"with OpenLDAP version 2.4.13 or higher."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1991
+msgid ""
+"Chasing referrals may incur a performance penalty in environments that use "
+"them heavily, a notable example is Microsoft Active Directory. If your setup "
+"does not in fact require the use of referrals, setting this option to false "
+"might bring a noticeable performance improvement."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2005
+msgid "ldap_dns_service_name (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2008
+msgid "Specifies the service name to use when service discovery is enabled."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2012
+msgid "Default: ldap"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2018
+msgid "ldap_chpass_dns_service_name (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2021
+msgid ""
+"Specifies the service name to use to find an LDAP server which allows "
+"password changes when service discovery is enabled."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2026
+msgid "Default: not set, i.e. service discovery is disabled"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2032
+msgid "ldap_chpass_update_last_change (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2035
+msgid ""
+"Specifies whether to update the ldap_user_shadow_last_change attribute with "
+"days since the Epoch after a password change operation."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2047
+msgid "ldap_access_filter (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2050
+msgid ""
+"If using access_provider = ldap and ldap_access_order = filter (default), "
+"this option is mandatory. It specifies an LDAP search filter criteria that "
+"must be met for the user to be granted access on this host. If "
+"access_provider = ldap, ldap_access_order = filter and this option is not "
+"set, it will result in all users being denied access.  Use access_provider = "
+"permit to change this default behavior. Please note that this filter is "
+"applied on the LDAP user entry only and thus filtering based on nested "
+"groups may not work (e.g. memberOf attribute on AD entries points only to "
+"direct parents). If filtering based on nested groups is required, please see "
+"<citerefentry> <refentrytitle>sssd-simple</refentrytitle><manvolnum>5</"
+"manvolnum> </citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2070
+msgid "Example:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-ldap.5.xml:2073
+#, no-wrap
+msgid ""
+"access_provider = ldap\n"
+"ldap_access_filter = (employeeType=admin)\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2077
+msgid ""
+"This example means that access to this host is restricted to users whose "
+"employeeType attribute is set to \"admin\"."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2082
+msgid ""
+"Offline caching for this feature is limited to determining whether the "
+"user's last online login was granted access permission. If they were granted "
+"access during their last login, they will continue to be granted access "
+"while offline and vice versa."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2090 sssd-ldap.5.xml:2147
+msgid "Default: Empty"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2096
+msgid "ldap_account_expire_policy (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2099
+msgid ""
+"With this option a client side evaluation of access control attributes can "
+"be enabled."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2103
+msgid ""
+"Please note that it is always recommended to use server side access control, "
+"i.e. the LDAP server should deny the bind request with a suitable error code "
+"even if the password is correct."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2110
+msgid "The following values are allowed:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2113
+msgid ""
+"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
+"determine if the account is expired."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2118
+msgid ""
+"<emphasis>ad</emphasis>: use the value of the 32bit field "
+"ldap_user_ad_user_account_control and allow access if the second bit is not "
+"set. If the attribute is missing access is granted. Also the expiration time "
+"of the account is checked."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2125
+msgid ""
+"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
+"emphasis>: use the value of ldap_ns_account_lock to check if access is "
+"allowed or not."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2131
+msgid ""
+"<emphasis>nds</emphasis>: the values of "
+"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
+"ldap_user_nds_login_expiration_time are used to check if access is allowed. "
+"If both attributes are missing access is granted."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2140
+msgid ""
+"Please note that the ldap_access_order configuration option <emphasis>must</"
+"emphasis> include <quote>expire</quote> in order for the "
+"ldap_account_expire_policy option to work."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2153
+msgid "ldap_access_order (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2156
+msgid "Comma separated list of access control options.  Allowed values are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2160
+msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2163
+msgid ""
+"<emphasis>lockout</emphasis>: use account locking.  If set, this option "
+"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
+"and has value of '000001010000Z'. Please see the option ldap_pwdlockout_dn.  "
+"Please note that 'access_provider = ldap' must be set for this feature to "
+"work."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2173
+msgid ""
+"<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
+"quote> option and might be removed in a future release.  </emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2180
+msgid ""
+"<emphasis>ppolicy</emphasis>: use account locking.  If set, this option "
+"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
+"and has value of '000001010000Z' or represents any time in the past.  The "
+"value of the 'pwdAccountLockedTime' attribute must end with 'Z', which "
+"denotes the UTC time zone.  Other time zones are not currently supported and "
+"will result in \"access-denied\" when users attempt to log in.  Please see "
+"the option ldap_pwdlockout_dn.  Please note that 'access_provider = ldap' "
+"must be set for this feature to work."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2197
+msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2201
+msgid ""
+"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
+"pwd_expire_policy_renew: </emphasis> These options are useful if users are "
+"interested in being warned that password is about to expire and "
+"authentication is based on using a different method than passwords - for "
+"example SSH keys."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2211
+msgid ""
+"The difference between these options is the action taken if user password is "
+"expired: pwd_expire_policy_reject - user is denied to log in, "
+"pwd_expire_policy_warn - user is still able to log in, "
+"pwd_expire_policy_renew - user is prompted to change his password "
+"immediately."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2219
+msgid ""
+"Note If user password is expired no explicit message is prompted by SSSD."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2223
+msgid ""
+"Please note that 'access_provider = ldap' must be set for this feature to "
+"work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2228
+msgid ""
+"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
+"to determine access"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2233
+msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2237
+msgid ""
+"<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
+"remote host can access"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2241
+msgid ""
+"Please note, rhost field in pam is set by application, it is better to check "
+"what the application sends to pam, before enabling this access control option"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2246
+msgid "Default: filter"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2249
+msgid ""
+"Please note that it is a configuration error if a value is used more than "
+"once."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2256
+msgid "ldap_pwdlockout_dn (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2259
+msgid ""
+"This option specifies the DN of password policy entry on LDAP server. Please "
+"note that absence of this option in sssd.conf in case of enabled account "
+"lockout checking will yield access denied as ppolicy attributes on LDAP "
+"server cannot be checked properly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2267
+msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2270
+msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2276
+msgid "ldap_deref (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2279
+msgid ""
+"Specifies how alias dereferencing is done when performing a search. The "
+"following options are allowed:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2284
+msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2288
+msgid ""
+"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
+"the base object, but not in locating the base object of the search."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2293
+msgid ""
+"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
+"the base object of the search."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2298
+msgid ""
+"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
+"in locating the base object of the search."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2303
+msgid ""
+"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
+"client libraries)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2311
+msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2314
+msgid ""
+"Allows to retain local users as members of an LDAP group for servers that "
+"use the RFC2307 schema."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2318
+msgid ""
+"In some environments where the RFC2307 schema is used, local users are made "
+"members of LDAP groups by adding their names to the memberUid attribute.  "
+"The self-consistency of the domain is compromised when this is done, so SSSD "
+"would normally remove the \"missing\" users from the cached group "
+"memberships as soon as nsswitch tries to fetch information about the user "
+"via getpw*() or initgroups() calls."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2329
+msgid ""
+"This option falls back to checking if local users are referenced, and caches "
+"them so that later initgroups() calls will augment the local users with the "
+"additional LDAP groups."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2341 sssd-ifp.5.xml:136
+msgid "wildcard_limit (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2344
+msgid ""
+"Specifies an upper limit on the number of entries that are downloaded during "
+"a wildcard lookup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2348
+msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2352
+msgid "Default: 1000 (often the size of one page)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ldap.5.xml:51
+msgid ""
+"All of the common configuration options that apply to SSSD domains also "
+"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section "
+"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> manual page for full details.  <placeholder type="
+"\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-ldap.5.xml:2362
+msgid "SUDO OPTIONS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ldap.5.xml:2364
+msgid ""
+"The detailed instructions for configuration of sudo_provider are in the "
+"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2375
+msgid "ldap_sudorule_object_class (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2378
+msgid "The object class of a sudo rule entry in LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2381
+msgid "Default: sudoRole"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2387
+msgid "ldap_sudorule_name (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2390
+msgid "The LDAP attribute that corresponds to the sudo rule name."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2400
+msgid "ldap_sudorule_command (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2403
+msgid "The LDAP attribute that corresponds to the command name."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2407
+msgid "Default: sudoCommand"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2413
+msgid "ldap_sudorule_host (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2416
+msgid ""
+"The LDAP attribute that corresponds to the host name (or host IP address, "
+"host IP network, or host netgroup)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2421
+msgid "Default: sudoHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2427
+msgid "ldap_sudorule_user (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2430
+msgid ""
+"The LDAP attribute that corresponds to the user name (or UID, group name or "
+"user's netgroup)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2434
+msgid "Default: sudoUser"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2440
+msgid "ldap_sudorule_option (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2443
+msgid "The LDAP attribute that corresponds to the sudo options."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2447
+msgid "Default: sudoOption"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2453
+msgid "ldap_sudorule_runasuser (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2456
+msgid ""
+"The LDAP attribute that corresponds to the user name that commands may be "
+"run as."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2460
+msgid "Default: sudoRunAsUser"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2466
+msgid "ldap_sudorule_runasgroup (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2469
+msgid ""
+"The LDAP attribute that corresponds to the group name or group GID that "
+"commands may be run as."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2473
+msgid "Default: sudoRunAsGroup"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2479
+msgid "ldap_sudorule_notbefore (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2482
+msgid ""
+"The LDAP attribute that corresponds to the start date/time for when the sudo "
+"rule is valid."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2486
+msgid "Default: sudoNotBefore"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2492
+msgid "ldap_sudorule_notafter (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2495
+msgid ""
+"The LDAP attribute that corresponds to the expiration date/time, after which "
+"the sudo rule will no longer be valid."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2500
+msgid "Default: sudoNotAfter"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2506
+msgid "ldap_sudorule_order (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2509
+msgid "The LDAP attribute that corresponds to the ordering index of the rule."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2513
+msgid "Default: sudoOrder"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2519
+msgid "ldap_sudo_full_refresh_interval (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2522
+msgid ""
+"How many seconds SSSD will wait between executing a full refresh of sudo "
+"rules (which downloads all rules that are stored on the server)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2527
+msgid ""
+"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
+"emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2532
+msgid "Default: 21600 (6 hours)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2538
+msgid "ldap_sudo_smart_refresh_interval (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2541
+msgid ""
+"How many seconds SSSD has to wait before executing a smart refresh of sudo "
+"rules (which downloads all rules that have USN higher than the highest USN "
+"of cached rules)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2547
+msgid ""
+"If USN attributes are not supported by the server, the modifyTimestamp "
+"attribute is used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2557
+msgid "ldap_sudo_use_host_filter (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2560
+msgid ""
+"If true, SSSD will download only rules that are applicable to this machine "
+"(using the IPv4 or IPv6 host/network addresses and hostnames)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2571
+msgid "ldap_sudo_hostnames (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2574
+msgid ""
+"Space separated list of hostnames or fully qualified domain names that "
+"should be used to filter the rules."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2579
+msgid ""
+"If this option is empty, SSSD will try to discover the hostname and the "
+"fully qualified domain name automatically."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2584 sssd-ldap.5.xml:2607 sssd-ldap.5.xml:2625
+#: sssd-ldap.5.xml:2643
+msgid ""
+"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
+"emphasis> then this option has no effect."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2589 sssd-ldap.5.xml:2612
+msgid "Default: not specified"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2595
+msgid "ldap_sudo_ip (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2598
+msgid ""
+"Space separated list of IPv4 or IPv6 host/network addresses that should be "
+"used to filter the rules."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2603
+msgid ""
+"If this option is empty, SSSD will try to discover the addresses "
+"automatically."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2618
+msgid "ldap_sudo_include_netgroups (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2621
+msgid ""
+"If true then SSSD will download every rule that contains a netgroup in "
+"sudoHost attribute."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2636
+msgid "ldap_sudo_include_regexp (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2639
+msgid ""
+"If true then SSSD will download every rule that contains a wildcard in "
+"sudoHost attribute."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ldap.5.xml:2655
+msgid ""
+"This manual page only describes attribute name mapping.  For detailed "
+"explanation of sudo related attribute semantics, see <citerefentry> "
+"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </"
+"citerefentry>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-ldap.5.xml:2665
+msgid "AUTOFS OPTIONS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ldap.5.xml:2667
+msgid ""
+"Some of the defaults for the parameters below are dependent on the LDAP "
+"schema."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2673
+msgid "ldap_autofs_map_master_name (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2676
+msgid "The name of the automount master map in LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2679
+msgid "Default: auto.master"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2686
+msgid "ldap_autofs_map_object_class (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2689
+msgid "The object class of an automount map entry in LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2692
+msgid "Default: nisMap (rfc2307, autofs_provider=ad), otherwise automountMap"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2700
+msgid "ldap_autofs_map_name (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2703
+msgid "The name of an automount map entry in LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2706
+msgid ""
+"Default: nisMapName (rfc2307, autofs_provider=ad), otherwise automountMapName"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2714
+msgid "ldap_autofs_entry_object_class (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2717
+msgid ""
+"The object class of an automount entry in LDAP. The entry usually "
+"corresponds to a mount point."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2722
+msgid "Default: nisObject (rfc2307, autofs_provider=ad), otherwise automount"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2730
+msgid "ldap_autofs_entry_key (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2733 sssd-ldap.5.xml:2748
+msgid ""
+"The key of an automount entry in LDAP. The entry usually corresponds to a "
+"mount point."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2737
+msgid "Default: cn (rfc2307, autofs_provider=ad), otherwise automountKey"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2745
+msgid "ldap_autofs_entry_value (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2752
+msgid ""
+"Default: nisMapEntry (rfc2307, autofs_provider=ad), otherwise "
+"automountInformation"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ldap.5.xml:2671
+msgid ""
+"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
+"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
+"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
+"\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-ldap.5.xml:2763
+msgid "ADVANCED OPTIONS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2770
+msgid "ldap_netgroup_search_base (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2775
+msgid "ldap_user_search_base (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2780
+msgid "ldap_group_search_base (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
+#: sssd-ldap.5.xml:2785
+msgid "<note>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
+#: sssd-ldap.5.xml:2787
+msgid ""
+"If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
+"against Active Directory will not be restricted and return all groups "
+"memberships, even with no GID mapping. It is recommended to disable this "
+"feature, if group names are not being displayed correctly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist>
+#: sssd-ldap.5.xml:2794
+msgid "</note>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2796
+msgid "ldap_sudo_search_base (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2801
+msgid "ldap_autofs_search_base (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ldap.5.xml:2765
+msgid ""
+"These options are supported by LDAP domains, but they should be used with "
+"caution. Please include them in your configuration only if you know what you "
+"are doing.  <placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
+"\"variablelist\" id=\"1\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-ldap.5.xml:2816 sssd-simple.5.xml:131 sssd-ipa.5.xml:736
+#: sssd-ad.5.xml:1041 sssd-krb5.5.xml:570 sss_rpcidmapd.5.xml:98
+#: sssd-files.5.xml:103 sssd-session-recording.5.xml:144
+msgid "EXAMPLE"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ldap.5.xml:2818
+msgid ""
+"The following example assumes that SSSD is correctly configured and LDAP is "
+"set to one of the domains in the <replaceable>[domains]</replaceable> "
+"section."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-ldap.5.xml:2824
+#, no-wrap
+msgid ""
+"[domain/LDAP]\n"
+"id_provider = ldap\n"
+"auth_provider = ldap\n"
+"ldap_uri = ldap://ldap.mydomain.org\n"
+"ldap_search_base = dc=mydomain,dc=org\n"
+"ldap_tls_reqcert = demand\n"
+"cache_credentials = true\n"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: sssd-ldap.5.xml:2823 sssd-ldap.5.xml:2841 sssd-simple.5.xml:139
+#: sssd-ipa.5.xml:744 sssd-ad.5.xml:1049 sssd-sudo.5.xml:56 sssd-krb5.5.xml:579
+#: sssd-files.5.xml:110 sssd-session-recording.5.xml:150
+#: include/ldap_id_mapping.xml:105
+msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-ldap.5.xml:2835
+msgid "LDAP ACCESS FILTER EXAMPLE"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ldap.5.xml:2837
+msgid ""
+"The following example assumes that SSSD is correctly configured and to use "
+"the ldap_access_order=lockout."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-ldap.5.xml:2842
+#, no-wrap
+msgid ""
+"[domain/LDAP]\n"
+"id_provider = ldap\n"
+"auth_provider = ldap\n"
+"access_provider = ldap\n"
+"ldap_access_order = lockout\n"
+"ldap_pwdlockout_dn = cn=ppolicy,ou=policies,dc=mydomain,dc=org\n"
+"ldap_uri = ldap://ldap.mydomain.org\n"
+"ldap_search_base = dc=mydomain,dc=org\n"
+"ldap_tls_reqcert = demand\n"
+"cache_credentials = true\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-ldap.5.xml:2857 sssd_krb5_locator_plugin.8.xml:61 sssd-simple.5.xml:148
+#: sssd-ad.5.xml:1064 sssd.8.xml:230 sss_seed.8.xml:163
+msgid "NOTES"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ldap.5.xml:2859
+msgid ""
+"The descriptions of some of the configuration options in this manual page "
+"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 "
+"distribution."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: pam_sss.8.xml:11 pam_sss.8.xml:16
+msgid "pam_sss"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: pam_sss.8.xml:17
+msgid "PAM module for SSSD"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: pam_sss.8.xml:22
+msgid ""
+"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
+"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
+"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</"
+"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</"
+"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
+"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </"
+"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </"
+"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg> <arg "
+"choice='opt'> <replaceable>allow_missing_name</replaceable> </arg> <arg "
+"choice='opt'> <replaceable>prompt_always</replaceable> </arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: pam_sss.8.xml:58
+msgid ""
+"<command>pam_sss.so</command> is the PAM interface to the System Security "
+"Services daemon (SSSD). Errors and results are logged through "
+"<command>syslog(3)</command> with the LOG_AUTHPRIV facility."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:68
+msgid "<option>quiet</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:71
+msgid "Suppress log messages for unknown users."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:76
+msgid "<option>forward_pass</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:79
+msgid ""
+"If <option>forward_pass</option> is set the entered password is put on the "
+"stack for other PAM modules to use."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:86
+msgid "<option>use_first_pass</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:89
+msgid ""
+"The argument use_first_pass forces the module to use a previous stacked "
+"modules password and will never prompt the user - if no password is "
+"available or the password is not appropriate, the user will be denied access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:97
+msgid "<option>use_authtok</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:100
+msgid ""
+"When password changing enforce the module to set the new password to the one "
+"provided by a previously stacked password module."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:107
+msgid "<option>retry=N</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:110
+msgid ""
+"If specified the user is asked another N times for a password if "
+"authentication fails. Default is 0."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:112
+msgid ""
+"Please note that this option might not work as expected if the application "
+"calling PAM handles the user dialog on its own. A typical example is "
+"<command>sshd</command> with <option>PasswordAuthentication</option>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:121
+msgid "<option>ignore_unknown_user</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:124
+msgid ""
+"If this option is specified and the user does not exist, the PAM module will "
+"return PAM_IGNORE. This causes the PAM framework to ignore this module."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:131
+msgid "<option>ignore_authinfo_unavail</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:135
+msgid ""
+"Specifies that the PAM module should return PAM_IGNORE if it cannot contact "
+"the SSSD daemon. This causes the PAM framework to ignore this module."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:142
+msgid "<option>domains</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:146
+msgid ""
+"Allows the administrator to restrict the domains a particular PAM service is "
+"allowed to authenticate against. The format is a comma-separated list of "
+"SSSD domain names, as specified in the sssd.conf file."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:152
+msgid ""
+"NOTE: Must be used in conjunction with the <quote>pam_trusted_users</quote> "
+"and <quote>pam_public_domains</quote> options.  Please see the "
+"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> manual page for more information on these two PAM "
+"responder options."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:166
+msgid "<option>allow_missing_name</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:170
+msgid ""
+"The main purpose of this option is to let SSSD determine the user name based "
+"on additional information, e.g. the certificate from a Smartcard."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
+#: pam_sss.8.xml:180
+#, no-wrap
+msgid ""
+"auth sufficient pam_sss.so allow_missing_name\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:175
+msgid ""
+"The current use case are login managers which can monitor a Smartcard reader "
+"for card events. In case a Smartcard is inserted the login manager will call "
+"a PAM stack which includes a line like <placeholder type=\"programlisting\" "
+"id=\"0\"/> In this case SSSD will try to determine the user name based on "
+"the content of the Smartcard, returns it to pam_sss which will finally put "
+"it on the PAM stack."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:190
+msgid "<option>prompt_always</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:194
+msgid ""
+"Always prompt the user for credentials. With this option credentials "
+"requested by other PAM modules, typically a password, will be ignored and "
+"pam_sss will prompt for credentials again. Based on the pre-auth reply by "
+"SSSD pam_sss might prompt for a password, a Smartcard PIN or other "
+"credentials."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: pam_sss.8.xml:207
+msgid "MODULE TYPES PROVIDED"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: pam_sss.8.xml:208
+msgid ""
+"All module types (<option>account</option>, <option>auth</option>, "
+"<option>password</option> and <option>session</option>) are provided."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: pam_sss.8.xml:214
+msgid "FILES"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: pam_sss.8.xml:215
+msgid ""
+"If a password reset by root fails, because the corresponding SSSD provider "
+"does not support password resets, an individual message can be displayed. "
+"This message can e.g. contain instructions about how to reset a password."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: pam_sss.8.xml:220
+msgid ""
+"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
+"filename> where LOC stands for a locale string returned by <citerefentry> "
+"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </"
+"citerefentry>. If there is no matching file the content of "
+"<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be "
+"the owner of the files and only root may have read and write permissions "
+"while all other users must have only read permissions."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: pam_sss.8.xml:230
+msgid ""
+"These files are searched in the directory <filename>/etc/sssd/customize/"
+"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
+"displayed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15
+msgid "sssd_krb5_locator_plugin"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd_krb5_locator_plugin.8.xml:16
+msgid "Kerberos locator plugin"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd_krb5_locator_plugin.8.xml:22
+msgid ""
+"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is "
+"used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</"
+"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to tell the Kerberos "
+"libraries what Realm and which KDC to use.  Typically this is done in "
+"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> which is always read by the Kerberos libraries. "
+"To simplify the configuration the Realm and the KDC can be defined in "
+"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> as described in <citerefentry> "
+"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd_krb5_locator_plugin.8.xml:48
+msgid ""
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry> puts the Realm and the name or IP address of the KDC into "
+"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively.  "
+"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
+"libraries it reads and evaluates these variables and returns them to the "
+"libraries."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd_krb5_locator_plugin.8.xml:63
+msgid ""
+"Not all Kerberos implementations support the use of plugins. If "
+"<command>sssd_krb5_locator_plugin</command> is not available on your system "
+"you have to edit /etc/krb5.conf to reflect your Kerberos setup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd_krb5_locator_plugin.8.xml:69
+msgid ""
+"If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value "
+"debug messages will be sent to stderr."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd_krb5_locator_plugin.8.xml:73
+msgid ""
+"If the environment variable SSSD_KRB5_LOCATOR_DISABLE is set to any value "
+"the plugin is disabled and will just return KRB5_PLUGIN_NO_HANDLE to the "
+"caller."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-simple.5.xml:10 sssd-simple.5.xml:16
+msgid "sssd-simple"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-simple.5.xml:17
+msgid "the configuration file for SSSD's 'simple' access-control provider"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-simple.5.xml:24
+msgid ""
+"This manual page describes the configuration of the simple access-control "
+"provider for <citerefentry> <refentrytitle>sssd</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry>.  For a detailed syntax reference, "
+"refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> "
+"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> manual page."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-simple.5.xml:38
+msgid ""
+"The simple access provider grants or denies access based on an access or "
+"deny list of user or group names. The following rules apply:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd-simple.5.xml:43
+msgid "If all lists are empty, access is granted"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd-simple.5.xml:47
+msgid ""
+"If any list is provided, the order of evaluation is allow,deny. This means "
+"that any matching deny rule will supersede any matched allow rule."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd-simple.5.xml:54
+msgid ""
+"If either or both \"allow\" lists are provided, all users are denied unless "
+"they appear in the list."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd-simple.5.xml:60
+msgid ""
+"If only \"deny\" lists are provided, all users are granted access unless "
+"they appear in the list."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-simple.5.xml:78
+msgid "simple_allow_users (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-simple.5.xml:81
+msgid "Comma separated list of users who are allowed to log in."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-simple.5.xml:88
+msgid "simple_deny_users (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-simple.5.xml:91
+msgid "Comma separated list of users who are explicitly denied access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-simple.5.xml:97
+msgid "simple_allow_groups (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-simple.5.xml:100
+msgid ""
+"Comma separated list of groups that are allowed to log in. This applies only "
+"to groups within this SSSD domain. Local groups are not evaluated."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-simple.5.xml:108
+msgid "simple_deny_groups (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-simple.5.xml:111
+msgid ""
+"Comma separated list of groups that are explicitly denied access. This "
+"applies only to groups within this SSSD domain. Local groups are not "
+"evaluated."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:82 sssd-ad.5.xml:116
+msgid ""
+"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
+"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> manual page for details on the configuration of an SSSD "
+"domain.  <placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-simple.5.xml:120
+msgid ""
+"Specifying no values for any of the lists is equivalent to skipping it "
+"entirely. Beware of this while generating parameters for the simple provider "
+"using automated scripts."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-simple.5.xml:125
+msgid ""
+"Please note that it is an configuration error if both, simple_allow_users "
+"and simple_deny_users, are defined."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-simple.5.xml:133
+msgid ""
+"The following example assumes that SSSD is correctly configured and example."
+"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
+"This examples shows only the simple access provider-specific options."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-simple.5.xml:140
+#, no-wrap
+msgid ""
+"[domain/example.com]\n"
+"access_provider = simple\n"
+"simple_allow_users = user1, user2\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-simple.5.xml:150
+msgid ""
+"The complete group membership hierarchy is resolved before the access check, "
+"thus even nested groups can be included in the access lists.  Please be "
+"aware that the <quote>ldap_group_nesting_level</quote> option may impact the "
+"results and should be set to a sufficient value.  (<citerefentry> "
+"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </"
+"citerefentry>) option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss-certmap.5.xml:10 sss-certmap.5.xml:16
+msgid "sss-certmap"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss-certmap.5.xml:17
+msgid "SSSD Certificate Matching and Mapping Rules"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss-certmap.5.xml:23
+msgid ""
+"The manual page describes the rules which can be used by SSSD and other "
+"components to match X.509 certificates and map them to accounts."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss-certmap.5.xml:28
+msgid ""
+"Each rule has four components, a <quote>priority</quote>, a <quote>matching "
+"rule</quote>, a <quote>mapping rule</quote> and a <quote>domain list</"
+"quote>. All components are optional. A missing <quote>priority</quote> will "
+"add the rule with the lowest priority.  The default <quote>matching rule</"
+"quote> will match certificates with the digitalSignature key usage and "
+"clientAuth extended key usage. If the <quote>mapping rule</quote> is empty "
+"the certificates will be searched in the userCertificate attribute as DER "
+"encoded binary. If no domains are given only the local domain will be "
+"searched."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sss-certmap.5.xml:41
+msgid "RULE COMPONENTS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sss-certmap.5.xml:43
+msgid "PRIORITY"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss-certmap.5.xml:45
+msgid ""
+"The rules are processed by priority while the number '0' (zero)  indicates "
+"the highest priority. The higher the number the lower is the priority. A "
+"missing value indicates the lowest priority. The rules processing is stopped "
+"when a matched rule is found and no further rules are checked."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss-certmap.5.xml:52
+msgid ""
+"Internally the priority is treated as unsigned 32bit integer, using a "
+"priority value larger than 4294967295 will cause an error."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sss-certmap.5.xml:57
+msgid "MATCHING RULE"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss-certmap.5.xml:59
+msgid ""
+"The matching rule is used to select a certificate to which the mapping rule "
+"should be applied. It uses a system similar to the one used by "
+"<quote>pkinit_cert_match</quote> option of MIT Kerberos. It consists of a "
+"keyword enclosed by '&lt;' and '&gt;' which identified a certain part of the "
+"certificate and a pattern which should be found for the rule to match. "
+"Multiple keyword pattern pairs can be either joined with '&amp;&amp;' (and) "
+"or '&#124;&#124;' (or)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sss-certmap.5.xml:71
+msgid "&lt;SUBJECT&gt;regular-expression"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:74
+msgid ""
+"With this a part or the whole subject name of the certificate can be "
+"matched. For the matching POSIX Extended Regular Expression syntax is used, "
+"see regex(7)  for details."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:80
+msgid ""
+"For the matching the subject name stored in the certificate in DER encoded "
+"ASN.1 is converted into a string according to RFC 4514. This means the most "
+"specific name component comes first. Please note that not all possible "
+"attribute names are covered by RFC 4514. The names included are 'CN', 'L', "
+"'ST', 'O', 'OU', 'C', 'STREET', 'DC' and 'UID'. Other attribute names might "
+"be shown differently on different platform and by different tools. To avoid "
+"confusion those attribute names are best not used or covered by a suitable "
+"regular-expression."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:93
+msgid "Example: &lt;SUBJECT&gt;.*,DC=MY,DC=DOMAIN"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sss-certmap.5.xml:98
+msgid "&lt;ISSUER&gt;regular-expression"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:101
+msgid ""
+"With this a part or the whole issuer name of the certificate can be matched. "
+"All comments for &lt;SUBJECT&gt; apply her as well."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:106
+msgid "Example: &lt;ISSUER&gt;^CN=My-CA,DC=MY,DC=DOMAIN$"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sss-certmap.5.xml:111
+msgid "&lt;KU&gt;key-usage"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:114
+msgid ""
+"This option can be used to specify which key usage values the certificate "
+"should have. The following values can be used in a comma separated list:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sss-certmap.5.xml:118
+msgid "digitalSignature"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sss-certmap.5.xml:119
+msgid "nonRepudiation"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sss-certmap.5.xml:120
+msgid "keyEncipherment"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sss-certmap.5.xml:121
+msgid "dataEncipherment"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sss-certmap.5.xml:122
+msgid "keyAgreement"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sss-certmap.5.xml:123
+msgid "keyCertSign"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sss-certmap.5.xml:124
+msgid "cRLSign"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sss-certmap.5.xml:125
+msgid "encipherOnly"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sss-certmap.5.xml:126
+msgid "decipherOnly"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:130
+msgid ""
+"A numerical value in the range of a 32bit unsigned integer can be used as "
+"well to cover special use cases."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:134
+msgid "Example: &lt;KU&gt;digitalSignature,keyEncipherment"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sss-certmap.5.xml:139
+msgid "&lt;EKU&gt;extended-key-usage"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:142
+msgid ""
+"This option can be used to specify which extended key usage the certificate "
+"should have. The following value can be used in a comma separated list:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sss-certmap.5.xml:146
+msgid "serverAuth"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sss-certmap.5.xml:147
+msgid "clientAuth"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sss-certmap.5.xml:148
+msgid "codeSigning"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sss-certmap.5.xml:149
+msgid "emailProtection"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sss-certmap.5.xml:150
+msgid "timeStamping"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sss-certmap.5.xml:151
+msgid "OCSPSigning"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sss-certmap.5.xml:152
+msgid "KPClientAuth"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sss-certmap.5.xml:153
+msgid "pkinit"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sss-certmap.5.xml:154
+msgid "msScLogin"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:158
+msgid ""
+"Extended key usages which are not listed above can be specified with their "
+"OID in dotted-decimal notation."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:162
+msgid "Example: &lt;EKU&gt;clientAuth,1.3.6.1.5.2.3.4"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sss-certmap.5.xml:167
+msgid "&lt;SAN&gt;regular-expression"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:170
+msgid ""
+"To be compatible with the usage of MIT Kerberos this option will match the "
+"Kerberos principals in the PKINIT or AD NT Principal SAN as &lt;SAN:"
+"Principal&gt; does."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:175
+msgid "Example: &lt;SAN&gt;.*@MY\\.REALM"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sss-certmap.5.xml:180
+msgid "&lt;SAN:Principal&gt;regular-expression"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:183
+msgid "Match the Kerberos principals in the PKINIT or AD NT Principal SAN."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:187
+msgid "Example: &lt;SAN:Principal&gt;.*@MY\\.REALM"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sss-certmap.5.xml:192
+msgid "&lt;SAN:ntPrincipalName&gt;regular-expression"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:195
+msgid "Match the Kerberos principals from the AD NT Principal SAN."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:199
+msgid "Example: &lt;SAN:ntPrincipalName&gt;.*@MY.AD.REALM"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sss-certmap.5.xml:204
+msgid "&lt;SAN:pkinit&gt;regular-expression"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:207
+msgid "Match the Kerberos principals from the PKINIT SAN."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:210
+msgid "Example: &lt;SAN:ntPrincipalName&gt;.*@MY\\.PKINIT\\.REALM"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sss-certmap.5.xml:215
+msgid "&lt;SAN:dotted-decimal-oid&gt;regular-expression"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:218
+msgid ""
+"Take the value of the otherName SAN component given by the OID in dotted-"
+"decimal notation, interpret it as string and try to match it against the "
+"regular expression."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:224
+msgid "Example: &lt;SAN:1.2.3.4&gt;test"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sss-certmap.5.xml:229
+msgid "&lt;SAN:otherName&gt;base64-string"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:232
+msgid ""
+"Do a binary match with the base64 encoded blob against all otherName SAN "
+"components. With this option it is possible to match against custom "
+"otherName components with special encodings which could not be treated as "
+"strings."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:239
+msgid "Example: &lt;SAN:otherName&gt;MTIz"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sss-certmap.5.xml:244
+msgid "&lt;SAN:rfc822Name&gt;regular-expression"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:247
+msgid "Match the value of the rfc822Name SAN."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:250
+msgid "Example: &lt;SAN:rfc822Name&gt;.*@email\\.domain"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sss-certmap.5.xml:255
+msgid "&lt;SAN:dNSName&gt;regular-expression"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:258
+msgid "Match the value of the dNSName SAN."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:261
+msgid "Example: &lt;SAN:dNSName&gt;.*\\.my\\.dns\\.domain"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sss-certmap.5.xml:266
+msgid "&lt;SAN:x400Address&gt;base64-string"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:269
+msgid "Binary match the value of the x400Address SAN."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:272
+msgid "Example: &lt;SAN:x400Address&gt;MTIz"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sss-certmap.5.xml:277
+msgid "&lt;SAN:directoryName&gt;regular-expression"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:280
+msgid ""
+"Match the value of the directoryName SAN. The same comments as given for &lt;"
+"ISSUER&gt; and &lt;SUBJECT&gt; apply here as well."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:285
+msgid "Example: &lt;SAN:directoryName&gt;.*,DC=com"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sss-certmap.5.xml:290
+msgid "&lt;SAN:ediPartyName&gt;base64-string"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:293
+msgid "Binary match the value of the ediPartyName SAN."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:296
+msgid "Example: &lt;SAN:ediPartyName&gt;MTIz"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sss-certmap.5.xml:301
+msgid "&lt;SAN:uniformResourceIdentifier&gt;regular-expression"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:304
+msgid "Match the value of the uniformResourceIdentifier SAN."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:307
+msgid "Example: &lt;SAN:uniformResourceIdentifier&gt;URN:.*"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sss-certmap.5.xml:312
+msgid "&lt;SAN:iPAddress&gt;regular-expression"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:315
+msgid "Match the value of the iPAddress SAN."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:318
+msgid "Example: &lt;SAN:iPAddress&gt;192\\.168\\..*"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sss-certmap.5.xml:323
+msgid "&lt;SAN:registeredID&gt;regular-expression"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:326
+msgid "Match the value of the registeredID SAN as dotted-decimal string."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:330
+msgid "Example: &lt;SAN:registeredID&gt;1\\.2\\.3\\..*"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss-certmap.5.xml:68
+msgid ""
+"The available options are: <placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sss-certmap.5.xml:338
+msgid "MAPPING RULE"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss-certmap.5.xml:340
+msgid ""
+"The mapping rule is used to associate a certificate with one or more "
+"accounts. A Smartcard with the certificate and the matching private key can "
+"then be used to authenticate as one of those accounts."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss-certmap.5.xml:345
+msgid ""
+"Currently SSSD basically only supports LDAP to lookup user information (the "
+"exception is the proxy provider which is not of relevance here). Because of "
+"this the mapping rule is based on LDAP search filter syntax with templates "
+"to add certificate content to the filter. It is expected that the filter "
+"will only contain the specific data needed for the mapping and that the "
+"caller will embed it in another filter to do the actual search. Because of "
+"this the filter string should start and stop with '(' and ')' respectively."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss-certmap.5.xml:355
+msgid ""
+"In general it is recommended to use attributes from the certificate and add "
+"them to special attributes to the LDAP user object. E.g. the "
+"'altSecurityIdentities' attribute in AD or the 'ipaCertMapData' attribute "
+"for IPA can be used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss-certmap.5.xml:361
+msgid ""
+"This should be preferred to read user specific data from the certificate "
+"like e.g. an email address and search for it in the LDAP server. The reason "
+"is that the user specific data in LDAP might change for various reasons "
+"would break the mapping. On the other hand it would be hard to break the "
+"mapping on purpose for a specific user."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sss-certmap.5.xml:376
+msgid "{issuer_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:379
+msgid ""
+"This template will add the full issuer DN converted to a string according to "
+"RFC 4514. If X.500 ordering (most specific RDN comes last) an option with "
+"the '_x500' prefix should be used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:385 sss-certmap.5.xml:411
+msgid ""
+"The conversion options starting with 'ad_' will use attribute names as used "
+"by AD, e.g. 'S' instead of 'ST'."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:389 sss-certmap.5.xml:415
+msgid ""
+"The conversion options starting with 'nss_' will use attribute names as used "
+"by NSS."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:393 sss-certmap.5.xml:419
+msgid ""
+"The default conversion option is 'nss', i.e. attribute names according to "
+"NSS and LDAP/RFC 4514 ordering."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:397
+msgid ""
+"Example: (ipacertmapdata=X509:&lt;I&gt;{issuer_dn!ad}&lt;S&gt;{subject_dn!"
+"ad})"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sss-certmap.5.xml:402
+msgid "{subject_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:405
+msgid ""
+"This template will add the full subject DN converted to string according to "
+"RFC 4514. If X.500 ordering (most specific RDN comes last) an option with "
+"the '_x500' prefix should be used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:423
+msgid ""
+"Example: (ipacertmapdata=X509:&lt;I&gt;{issuer_dn!nss_x500}&lt;S&gt;"
+"{subject_dn!nss_x500})"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sss-certmap.5.xml:428
+msgid "{cert[!(bin|base64)]}"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:431
+msgid ""
+"This template will add the whole DER encoded certificate as a string to the "
+"search filter. Depending on the conversion option the binary certificate is "
+"either converted to an escaped hex sequence '\\xx' or base64.  The escaped "
+"hex sequence is the default and can e.g. be used with the LDAP attribute "
+"'userCertificate;binary'."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:439
+msgid "Example: (userCertificate;binary={cert!bin})"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sss-certmap.5.xml:444
+msgid "{subject_principal[.short_name]}"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:447
+msgid ""
+"This template will add the Kerberos principal which is taken either from the "
+"SAN used by pkinit or the one used by AD. The 'short_name' component "
+"represents the first part of the principal before the '@' sign."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:453 sss-certmap.5.xml:481
+msgid ""
+"Example: (|(userPrincipal={subject_principal})"
+"(samAccountName={subject_principal.short_name}))"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sss-certmap.5.xml:458
+msgid "{subject_pkinit_principal[.short_name]}"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:461
+msgid ""
+"This template will add the Kerberos principal which is given by the SAN used "
+"by pkinit. The 'short_name' component represents the first part of the "
+"principal before the '@' sign."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:467
+msgid ""
+"Example: (|(userPrincipal={subject_pkinit_principal})"
+"(uid={subject_pkinit_principal.short_name}))"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sss-certmap.5.xml:472
+msgid "{subject_nt_principal[.short_name]}"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:475
+msgid ""
+"This template will add the Kerberos principal which is given by the SAN used "
+"by AD. The 'short_name' component represent the first part of the principal "
+"before the '@' sign."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sss-certmap.5.xml:486
+msgid "{subject_rfc822_name[.short_name]}"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:489
+msgid ""
+"This template will add the string which is stored in the rfc822Name "
+"component of the SAN, typically an email address. The 'short_name' component "
+"represents the first part of the address before the '@' sign."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:495
+msgid ""
+"Example: (|(mail={subject_rfc822_name})(uid={subject_rfc822_name."
+"short_name}))"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sss-certmap.5.xml:500
+msgid "{subject_dns_name[.short_name]}"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:503
+msgid ""
+"This template will add the string which is stored in the dNSName component "
+"of the SAN, typically a fully-qualified host name.  The 'short_name' "
+"component represents the first part of the name before the first '.' sign."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:509
+msgid ""
+"Example: (|(fqdn={subject_dns_name})(host={subject_dns_name.short_name}))"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sss-certmap.5.xml:514
+msgid "{subject_uri}"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:517
+msgid ""
+"This template will add the string which is stored in the "
+"uniformResourceIdentifier component of the SAN."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:521
+msgid "Example: (uri={subject_uri})"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sss-certmap.5.xml:526
+msgid "{subject_ip_address}"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:529
+msgid ""
+"This template will add the string which is stored in the iPAddress component "
+"of the SAN."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:533
+msgid "Example: (ip={subject_ip_address})"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sss-certmap.5.xml:538
+msgid "{subject_x400_address}"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:541
+msgid ""
+"This template will add the value which is stored in the x400Address "
+"component of the SAN as escaped hex sequence."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:546
+msgid "Example: (attr:binary={subject_x400_address})"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sss-certmap.5.xml:551
+msgid ""
+"{subject_directory_name[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:554
+msgid ""
+"This template will add the DN string of the value which is stored in the "
+"directoryName component of the SAN."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:558
+msgid "Example: (orig_dn={subject_directory_name})"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sss-certmap.5.xml:563
+msgid "{subject_ediparty_name}"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:566
+msgid ""
+"This template will add the value which is stored in the ediPartyName "
+"component of the SAN as escaped hex sequence."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:571
+msgid "Example: (attr:binary={subject_ediparty_name})"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sss-certmap.5.xml:576
+msgid "{subject_registered_id}"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:579
+msgid ""
+"This template will add the OID which is stored in the registeredID component "
+"of the SAN as a dotted-decimal string."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:584
+msgid "Example: (oid={subject_registered_id})"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss-certmap.5.xml:369
+msgid ""
+"The templates to add certificate data to the search filter are based on "
+"Python-style formatting strings. They consist of a keyword in curly braces "
+"with an optional sub-component specifier separated by a '.' or an optional "
+"conversion/formatting option separated by a '!'.  Allowed values are: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sss-certmap.5.xml:592
+msgid "DOMAIN LIST"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss-certmap.5.xml:594
+msgid ""
+"If the domain list is not empty users mapped to a given certificate are not "
+"only searched in the local domain but in the listed domains as well as long "
+"as they are know by SSSD. Domains not know to SSSD will be ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16
+msgid "sssd-ipa"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-ipa.5.xml:17
+msgid "SSSD IPA provider"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:23
+msgid ""
+"This manual page describes the configuration of the IPA provider for "
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry>.  For a detailed syntax reference, refer to the <quote>FILE "
+"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:36
+msgid ""
+"The IPA provider is a back end used to connect to an IPA server.  (Refer to "
+"the freeipa.org web site for information about IPA servers.)  This provider "
+"requires that the machine be joined to the IPA domain; configuration is "
+"almost entirely self-discovered and obtained directly from the server."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:43
+msgid ""
+"The IPA provider enables SSSD to use the <citerefentry> <refentrytitle>sssd-"
+"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> identity "
+"provider and the <citerefentry> <refentrytitle>sssd-krb5</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> authentication provider with "
+"optimizations for IPA environments. The IPA provider accepts the same "
+"options used by the sssd-ldap and sssd-krb5 providers with some exceptions. "
+"However, it is neither necessary nor recommended to set these options."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:57
+msgid ""
+"The IPA provider primarily copies the traditional ldap and krb5 provider "
+"default options with some exceptions, the differences are listed in the "
+"<quote>MODIFIED DEFAULT OPTIONS</quote> section."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:62
+msgid ""
+"As an access provider, the IPA provider uses HBAC (host-based access "
+"control)  rules. Please refer to freeipa.org for more information about "
+"HBAC. No configuration of access provider is required on the client side."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:67
+msgid ""
+"If <quote>auth_provider=ipa</quote> or <quote>access_provider=ipa</quote> is "
+"configured in sssd.conf then the id_provider must also be set to <quote>ipa</"
+"quote>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:73
+msgid ""
+"The IPA provider will use the PAC responder if the Kerberos tickets of users "
+"from trusted realms contain a PAC. To make configuration easier the PAC "
+"responder is started automatically if the IPA ID provider is configured."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:89
+msgid "ipa_domain (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:92
+msgid ""
+"Specifies the name of the IPA domain.  This is optional. If not provided, "
+"the configuration domain name is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:100
+msgid "ipa_server, ipa_backup_server (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:103
+msgid ""
+"The comma-separated list of IP addresses or hostnames of the IPA servers to "
+"which SSSD should connect in the order of preference. For more information "
+"on failover and server redundancy, see the <quote>FAILOVER</quote> section.  "
+"This is optional if autodiscovery is enabled.  For more information on "
+"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:116
+msgid "ipa_hostname (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:119
+msgid ""
+"Optional. May be set on machines where the hostname(5) does not reflect the "
+"fully qualified name used in the IPA domain to identify this host.  The "
+"hostname must be fully qualified."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:866
+msgid "dyndns_update (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:131
+msgid ""
+"Optional. This option tells SSSD to automatically update the DNS server "
+"built into FreeIPA with the IP address of this client. The update is secured "
+"using GSS-TSIG. The IP address of the IPA LDAP connection is used for the "
+"updates, if it is not otherwise specified by using the <quote>dyndns_iface</"
+"quote> option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:140 sssd-ad.5.xml:880
+msgid ""
+"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
+"the default Kerberos realm must be set properly in /etc/krb5.conf"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:145
+msgid ""
+"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_update</"
+"emphasis> option, users should migrate to using <emphasis>dyndns_update</"
+"emphasis> in their config file."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:157 sssd-ad.5.xml:891
+msgid "dyndns_ttl (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:160 sssd-ad.5.xml:894
+msgid ""
+"The TTL to apply to the client DNS record when updating it.  If "
+"dyndns_update is false this has no effect. This will override the TTL "
+"serverside if set by an administrator."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:165
+msgid ""
+"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_ttl</"
+"emphasis> option, users should migrate to using <emphasis>dyndns_ttl</"
+"emphasis> in their config file."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:171
+msgid "Default: 1200 (seconds)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:177 sssd-ad.5.xml:905
+msgid "dyndns_iface (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:180 sssd-ad.5.xml:908
+msgid ""
+"Optional. Applicable only when dyndns_update is true. Choose the interface "
+"or a list of interfaces whose IP addresses should be used for dynamic DNS "
+"updates. Special value <quote>*</quote> implies that IPs from all interfaces "
+"should be used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:187
+msgid ""
+"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</"
+"emphasis> option, users should migrate to using <emphasis>dyndns_iface</"
+"emphasis> in their config file."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:193
+msgid ""
+"Default: Use the IP addresses of the interface which is used for IPA LDAP "
+"connection"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:197 sssd-ad.5.xml:919
+msgid "Example: dyndns_iface = em1, vnet1, vnet2"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:203 sssd-ad.5.xml:970
+msgid "dyndns_auth (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:206 sssd-ad.5.xml:973
+msgid ""
+"Whether the nsupdate utility should use GSS-TSIG authentication for secure "
+"updates with the DNS server, insecure updates can be sent by setting this "
+"option to 'none'."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:212 sssd-ad.5.xml:979
+msgid "Default: GSS-TSIG"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:218
+msgid "ipa_enable_dns_sites (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:221 sssd-ad.5.xml:213
+msgid "Enables DNS sites - location based service discovery."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:225
+msgid ""
+"If true and service discovery (see Service Discovery paragraph at the bottom "
+"of the man page)  is enabled, then the SSSD will first attempt location "
+"based discovery using a query that contains \"_location.hostname.example.com"
+"\" and then fall back to traditional SRV discovery. If the location based "
+"discovery succeeds, the IPA servers located with the location based "
+"discovery are treated as primary servers and the IPA servers located using "
+"the traditional SRV discovery are used as back up servers"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:244 sssd-ad.5.xml:925
+msgid "dyndns_refresh_interval (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:247
+msgid ""
+"How often should the back end perform periodic DNS update in addition to the "
+"automatic update performed when the back end goes online.  This option is "
+"optional and applicable only when dyndns_update is true."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:943
+msgid "dyndns_update_ptr (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:263 sssd-ad.5.xml:946
+msgid ""
+"Whether the PTR record should also be explicitly updated when updating the "
+"client's DNS records.  Applicable only when dyndns_update is true."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:268
+msgid ""
+"This option should be False in most IPA deployments as the IPA server "
+"generates the PTR records automatically when forward records are changed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:274
+msgid "Default: False (disabled)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:280 sssd-ad.5.xml:957
+msgid "dyndns_force_tcp (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:283 sssd-ad.5.xml:960
+msgid ""
+"Whether the nsupdate utility should default to using TCP for communicating "
+"with the DNS server."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:287 sssd-ad.5.xml:964
+msgid "Default: False (let nsupdate choose the protocol)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:293 sssd-ad.5.xml:985
+msgid "dyndns_server (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:296 sssd-ad.5.xml:988
+msgid ""
+"The DNS server to use when performing a DNS update. In most setups, it's "
+"recommended to leave this option unset."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:301 sssd-ad.5.xml:993
+msgid ""
+"Setting this option makes sense for environments where the DNS server is "
+"different from the identity server."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:306 sssd-ad.5.xml:998
+msgid ""
+"Please note that this option will be only used in fallback attempt when "
+"previous attempt using autodetected settings failed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1003
+msgid "Default: None (let nsupdate choose the server)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:317
+msgid "ipa_deskprofile_search_base (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:320
+msgid ""
+"Optional. Use the given string as search base for Desktop Profile related "
+"objects."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:324 sssd-ipa.5.xml:337
+msgid "Default: Use base DN"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:330
+msgid "ipa_hbac_search_base (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:333
+msgid "Optional. Use the given string as search base for HBAC related objects."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:343
+msgid "ipa_host_search_base (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:346
+msgid "Deprecated. Use ldap_host_search_base instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:352
+msgid "ipa_selinux_search_base (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:355
+msgid "Optional. Use the given string as search base for SELinux user maps."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:371
+msgid "ipa_subdomains_search_base (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:374
+msgid "Optional. Use the given string as search base for trusted domains."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:383
+msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:390
+msgid "ipa_master_domain_search_base (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:393
+msgid "Optional. Use the given string as search base for master domain object."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:402
+msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:409
+msgid "ipa_views_search_base (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:412
+msgid "Optional. Use the given string as search base for views containers."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:421
+msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:431
+msgid ""
+"The name of the Kerberos realm. This is optional and defaults to the value "
+"of <quote>ipa_domain</quote>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:435
+msgid ""
+"The name of the Kerberos realm has a special meaning in IPA - it is "
+"converted into the base DN to use for performing LDAP operations."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:443 sssd-ad.5.xml:1012
+msgid "krb5_confd_path (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:446 sssd-ad.5.xml:1015
+msgid ""
+"Absolute path of a directory where SSSD should place Kerberos configuration "
+"snippets."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:450 sssd-ad.5.xml:1019
+msgid ""
+"To disable the creation of the configuration snippets set the parameter to "
+"'none'."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:454 sssd-ad.5.xml:1023
+msgid ""
+"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:461
+msgid "ipa_deskprofile_refresh (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:464
+msgid ""
+"The amount of time between lookups of the Desktop Profile rules against the "
+"IPA server. This will reduce the latency and load on the IPA server if there "
+"are many desktop profiles requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:471 sssd-ipa.5.xml:501 sssd-ipa.5.xml:517 sssd-ad.5.xml:431
+msgid "Default: 5 (seconds)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:477
+msgid "ipa_deskprofile_request_interval (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:480
+msgid ""
+"The amount of time between lookups of the Desktop Profile rules against the "
+"IPA server in case the last request did not return any rule."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:485
+msgid "Default: 60 (minutes)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:491
+msgid "ipa_hbac_refresh (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:494
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server. "
+"This will reduce the latency and load on the IPA server if there are many "
+"access-control requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:507
+msgid "ipa_hbac_selinux (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:510
+msgid ""
+"The amount of time between lookups of the SELinux maps against the IPA "
+"server. This will reduce the latency and load on the IPA server if there are "
+"many user login requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:523
+msgid "ipa_server_mode (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:526
+msgid ""
+"This option will be set by the IPA installer (ipa-server-install) "
+"automatically and denotes if SSSD is running on an IPA server or not."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:531
+msgid ""
+"On an IPA server SSSD will lookup users and groups from trusted domains "
+"directly while on a client it will ask an IPA server."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:536
+msgid ""
+"NOTE: There are currently some assumptions that must be met when SSSD is "
+"running on an IPA server."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ipa.5.xml:541
+msgid ""
+"The <quote>ipa_server</quote> option must be configured to point to the IPA "
+"server itself. This is already the default set by the IPA installer, so no "
+"manual change is required."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ipa.5.xml:550
+msgid ""
+"The <quote>full_name_format</quote> option must not be tweaked to only print "
+"short names for users from trusted domains."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:565
+msgid "ipa_automount_location (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:568
+msgid "The automounter location this IPA client will be using"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:571
+msgid "Default: The location named \"default\""
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-ipa.5.xml:579
+msgid "VIEWS AND OVERRIDES"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:588
+msgid "ipa_view_class (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:591
+msgid "Objectclass of the view container."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:594
+msgid "Default: nsContainer"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:600
+msgid "ipa_view_name (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:603
+msgid "Name of the attribute holding the name of the view."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:613
+msgid "ipa_override_object_class (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:616
+msgid "Objectclass of the override objects."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:619
+msgid "Default: ipaOverrideAnchor"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:625
+msgid "ipa_anchor_uuid (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:628
+msgid ""
+"Name of the attribute containing the reference to the original object in a "
+"remote domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:632
+msgid "Default: ipaAnchorUUID"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:638
+msgid "ipa_user_override_object_class (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:641
+msgid ""
+"Name of the objectclass for user overrides. It is used to determine if the "
+"found override object is related to a user or a group."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:646
+msgid "User overrides can contain attributes given by"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ipa.5.xml:649
+msgid "ldap_user_name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ipa.5.xml:652
+msgid "ldap_user_uid_number"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ipa.5.xml:655
+msgid "ldap_user_gid_number"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ipa.5.xml:658
+msgid "ldap_user_gecos"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ipa.5.xml:661
+msgid "ldap_user_home_directory"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ipa.5.xml:664
+msgid "ldap_user_shell"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ipa.5.xml:667
+msgid "ldap_user_ssh_public_key"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:672
+msgid "Default: ipaUserOverride"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:678
+msgid "ipa_group_override_object_class (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:681
+msgid ""
+"Name of the objectclass for group overrides. It is used to determine if the "
+"found override object is related to a user or a group."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:686
+msgid "Group overrides can contain attributes given by"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ipa.5.xml:689
+msgid "ldap_group_name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ipa.5.xml:692
+msgid "ldap_group_gid_number"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:697
+msgid "Default: ipaGroupOverride"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd-ipa.5.xml:581
+msgid ""
+"SSSD can handle views and overrides which are offered by FreeIPA 4.1 and "
+"later version. Since all paths and objectclasses are fixed on the server "
+"side there is basically no need to configure anything. For completeness the "
+"related options are listed here with their default values.  <placeholder "
+"type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-ipa.5.xml:709
+msgid "SUBDOMAINS PROVIDER"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:711
+msgid ""
+"The IPA subdomains provider behaves slightly differently if it is configured "
+"explicitly or implicitly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:715
+msgid ""
+"If the option 'subdomains_provider = ipa' is found in the domain section of "
+"sssd.conf, the IPA subdomains provider is configured explicitly, and all "
+"subdomain requests are sent to the IPA server if necessary."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:721
+msgid ""
+"If the option 'subdomains_provider' is not set in the domain section of sssd."
+"conf but there is the option 'id_provider = ipa', the IPA subdomains "
+"provider is configured implicitly. In this case, if a subdomain request "
+"fails and indicates that the server does not support subdomains, i.e. is not "
+"configured for trusts, the IPA subdomains provider is disabled. After an "
+"hour or after the IPA provider goes online, the subdomains provider is "
+"enabled again."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:738
+msgid ""
+"The following example assumes that SSSD is correctly configured and example."
+"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
+"This examples shows only the ipa provider-specific options."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-ipa.5.xml:745
+#, no-wrap
+msgid ""
+"[domain/example.com]\n"
+"id_provider = ipa\n"
+"ipa_server = ipaserver.example.com\n"
+"ipa_hostname = myhost.example.com\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-ad.5.xml:10 sssd-ad.5.xml:16
+msgid "sssd-ad"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-ad.5.xml:17
+msgid "SSSD Active Directory provider"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:23
+msgid ""
+"This manual page describes the configuration of the AD provider for "
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry>.  For a detailed syntax reference, refer to the <quote>FILE "
+"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:36
+msgid ""
+"The AD provider is a back end used to connect to an Active Directory server. "
+"This provider requires that the machine be joined to the AD domain and a "
+"keytab is available. Back end communication occurs over a GSSAPI-encrypted "
+"channel, SSL/TLS options should not be used with the AD provider and will be "
+"superseded by Kerberos usage."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:44
+msgid ""
+"The AD provider supports connecting to Active Directory 2008 R2 or later. "
+"Earlier versions may work, but are unsupported."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:48
+msgid ""
+"The AD provider can be used to get user information and authenticate users "
+"from trusted domains. Currently only trusted domains in the same forest are "
+"recognized. In addition servers from trusted domains are always auto-"
+"discovered."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:54
+msgid ""
+"The AD provider enables SSSD to use the <citerefentry> <refentrytitle>sssd-"
+"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> identity "
+"provider and the <citerefentry> <refentrytitle>sssd-krb5</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> authentication provider with "
+"optimizations for Active Directory environments. The AD provider accepts the "
+"same options used by the sssd-ldap and sssd-krb5 providers with some "
+"exceptions. However, it is neither necessary nor recommended to set these "
+"options."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:69
+msgid ""
+"The AD provider primarily copies the traditional ldap and krb5 provider "
+"default options with some exceptions, the differences are listed in the "
+"<quote>MODIFIED DEFAULT OPTIONS</quote> section."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:74
+msgid ""
+"The AD provider can also be used as an access, chpass, sudo and autofs "
+"provider. No configuration of the access provider is required on the client "
+"side."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:79
+msgid ""
+"If <quote>auth_provider=ad</quote> or <quote>access_provider=ad</quote> is "
+"configured in sssd.conf then the id_provider must also be set to <quote>ad</"
+"quote>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-ad.5.xml:91
+#, no-wrap
+msgid ""
+"ldap_id_mapping = False\n"
+"            "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:85
+msgid ""
+"By default, the AD provider will map UID and GID values from the objectSID "
+"parameter in Active Directory. For details on this, see the <quote>ID "
+"MAPPING</quote> section below. If you want to disable ID mapping and instead "
+"rely on POSIX attributes defined in Active Directory, you should set "
+"<placeholder type=\"programlisting\" id=\"0\"/> If POSIX attributes should "
+"be used, it is recommended for performance reasons that the attributes are "
+"also replicated to the Global Catalog. If POSIX attributes are replicated, "
+"SSSD will attempt to locate the domain of a requested numerical ID with the "
+"help of the Global Catalog and only search that domain. In contrast, if "
+"POSIX attributes are not replicated to the Global Catalog, SSSD must search "
+"all the domains in the forest sequentially. Please note that the "
+"<quote>cache_first</quote> option might be also helpful in speeding up "
+"domainless searches.  Note that if only a subset of POSIX attributes is "
+"present in the Global Catalog, the non-replicated attributes are currently "
+"not read from the LDAP port."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:108
+msgid ""
+"Users, groups and other entities served by SSSD are always treated as case-"
+"insensitive in the AD provider for compatibility with Active Directory's "
+"LDAP implementation."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:123
+msgid "ad_domain (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:126
+msgid ""
+"Specifies the name of the Active Directory domain.  This is optional. If not "
+"provided, the configuration domain name is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:131
+msgid ""
+"For proper operation, this option should be specified as the lower-case "
+"version of the long version of the Active Directory domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:136
+msgid ""
+"The short domain name (also known as the NetBIOS or the flat name) is "
+"autodetected by the SSSD."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:143
+msgid "ad_enabled_domains (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:146
+msgid ""
+"A comma-separated list of enabled Active Directory domains.  If provided, "
+"SSSD will ignore any domains not listed in this option. If left unset, all "
+"domains from the AD forest will be available."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd-ad.5.xml:156
+#, no-wrap
+msgid ""
+"ad_enabled_domains = sales.example.com, eng.example.com\n"
+"                            "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:152
+msgid ""
+"For proper operation, this option must be specified in all lower-case and as "
+"the fully qualified domain name of the Active Directory domain. For example: "
+"<placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:160
+msgid ""
+"The short domain name (also known as the NetBIOS or the flat name) will be "
+"autodetected by SSSD."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:170
+msgid "ad_server, ad_backup_server (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:173
+msgid ""
+"The comma-separated list of hostnames of the AD servers to which SSSD should "
+"connect in order of preference. For more information on failover and server "
+"redundancy, see the <quote>FAILOVER</quote> section."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:180
+msgid ""
+"This is optional if autodiscovery is enabled.  For more information on "
+"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:185
+msgid ""
+"Note: Trusted domains will always auto-discover servers even if the primary "
+"server is explicitly defined in the ad_server option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:193
+msgid "ad_hostname (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:196
+msgid ""
+"Optional. May be set on machines where the hostname(5) does not reflect the "
+"fully qualified name used in the Active Directory domain to identify this "
+"host."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:202
+msgid ""
+"This field is used to determine the host principal in use in the keytab. It "
+"must match the hostname for which the keytab was issued."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:210
+msgid "ad_enable_dns_sites (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:217
+msgid ""
+"If true and service discovery (see Service Discovery paragraph at the bottom "
+"of the man page)  is enabled, the SSSD will first attempt to discover the "
+"Active Directory server to connect to using the Active Directory Site "
+"Discovery and fall back to the DNS SRV records if no AD site is found. The "
+"DNS SRV configuration, including the discovery domain, is used during site "
+"discovery as well."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:233
+msgid "ad_access_filter (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:236
+msgid ""
+"This option specifies LDAP access control filter that the user must match in "
+"order to be allowed access. Please note that the <quote>access_provider</"
+"quote> option must be explicitly set to <quote>ad</quote> in order for this "
+"option to have an effect."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:244
+msgid ""
+"The option also supports specifying different filters per domain or forest. "
+"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>.  "
+"The keyword can be either <quote>DOM</quote>, <quote>FOREST</quote> or "
+"missing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:252
+msgid ""
+"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</"
+"quote> specifies the domain or subdomain the filter applies to.  If the "
+"keyword equals to <quote>FOREST</quote>, then the filter equals to all "
+"domains from the forest specified by <quote>NAME</quote>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:260
+msgid ""
+"Multiple filters can be separated with the <quote>?</quote> character, "
+"similarly to how search bases work."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:265
+msgid ""
+"Nested group membership must be searched for using a special OID "
+"<quote>:1.2.840.113556.1.4.1941:</quote> in addition to the full DOM:domain."
+"example.org: syntax to ensure the parser does not attempt to interpret the "
+"colon characters associated with the OID. If you do not use this OID then "
+"nested group membership will not be resolved. See usage example below and "
+"refer here for further information about the OID: <ulink url=\"https://msdn."
+"microsoft.com/en-us/library/cc223367.aspx\"> [MS-ADTS] section LDAP "
+"extensions</ulink>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:278
+msgid ""
+"The most specific match is always used. For example, if the option specified "
+"filter for a domain the user is a member of and a global filter, the per-"
+"domain filter would be applied.  If there are more matches with the same "
+"specification, the first one is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-ad.5.xml:289
+#, no-wrap
+msgid ""
+"# apply filter on domain called dom1 only:\n"
+"dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n"
+"\n"
+"# apply filter on domain called dom2 only:\n"
+"DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n"
+"\n"
+"# apply filter on forest called EXAMPLE.COM only:\n"
+"FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n"
+"\n"
+"# apply filter for a member of a nested group in dom1:\n"
+"DOM:dom1:(memberOf:1.2.840.113556.1.4.1941:=cn=nestedgroup,ou=groups,dc=example,dc=com)\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:308
+msgid "ad_site (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:311
+msgid ""
+"Specify AD site to which client should try to connect.  If this option is "
+"not provided, the AD site will be auto-discovered."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:322
+msgid "ad_enable_gc (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:325
+msgid ""
+"By default, the SSSD connects to the Global Catalog first to retrieve users "
+"from trusted domains and uses the LDAP port to retrieve group memberships or "
+"as a fallback. Disabling this option makes the SSSD only connect to the LDAP "
+"port of the current AD server."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:333
+msgid ""
+"Please note that disabling Global Catalog support does not disable "
+"retrieving users from trusted domains. The SSSD would connect to the LDAP "
+"port of trusted domains instead. However, Global Catalog must be used in "
+"order to resolve cross-domain group memberships."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:347
+msgid "ad_gpo_access_control (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:350
+msgid ""
+"This option specifies the operation mode for GPO-based access control "
+"functionality: whether it operates in disabled mode, enforcing mode, or "
+"permissive mode. Please note that the <quote>access_provider</quote> option "
+"must be explicitly set to <quote>ad</quote> in order for this option to have "
+"an effect."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:359
+msgid ""
+"GPO-based access control functionality uses GPO policy settings to determine "
+"whether or not a particular user is allowed to logon to a particular host."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:365
+msgid ""
+"NOTE: The current version of SSSD does not support host (computer) entries "
+"in the GPO 'Security Filtering' list. Only user and group entries are "
+"supported. Host entries in the list have no effect."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:372
+msgid ""
+"NOTE: If the operation mode is set to enforcing, it is possible that users "
+"that were previously allowed logon access will now be denied logon access "
+"(as dictated by the GPO policy settings). In order to facilitate a smooth "
+"transition for administrators, a permissive mode is available that will not "
+"enforce the access control rules, but will evaluate them and will output a "
+"syslog message if access would have been denied. By examining the logs, "
+"administrators can then make the necessary changes before setting the mode "
+"to enforcing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:385
+msgid "There are three supported values for this option:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:389
+msgid ""
+"disabled: GPO-based access control rules are neither evaluated nor enforced."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:395
+msgid "enforcing: GPO-based access control rules are evaluated and enforced."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:401
+msgid ""
+"permissive: GPO-based access control rules are evaluated, but not enforced.  "
+"Instead, a syslog message will be emitted indicating that the user would "
+"have been denied access if this option's value were set to enforcing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:412
+msgid "Default: permissive"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:415
+msgid "Default: enforcing"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:421
+msgid "ad_gpo_cache_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:424
+msgid ""
+"The amount of time between lookups of GPO policy files against the AD "
+"server. This will reduce the latency and load on the AD server if there are "
+"many access-control requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:437
+msgid "ad_gpo_map_interactive (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:440
+msgid ""
+"A comma-separated list of PAM service names for which GPO-based access "
+"control is evaluated based on the InteractiveLogonRight and "
+"DenyInteractiveLogonRight policy settings."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:446
+msgid ""
+"Note: Using the Group Policy Management Editor this value is called \"Allow "
+"log on locally\" and \"Deny log on locally\"."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd-ad.5.xml:460
+#, no-wrap
+msgid ""
+"ad_gpo_map_interactive = +my_pam_service, -login\n"
+"                            "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:451
+msgid ""
+"It is possible to add another PAM service name to the default set by using "
+"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
+"the default set by using <quote>-service_name</quote>.  For example, in "
+"order to replace a default PAM service name for this logon right (e.g. "
+"<quote>login</quote>)  with a custom pam service name (e.g. "
+"<quote>my_pam_service</quote>), you would use the following configuration: "
+"<placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:464 sssd-ad.5.xml:560 sssd-ad.5.xml:606 sssd-ad.5.xml:651
+#: sssd-ad.5.xml:717
+msgid "Default: the default set of PAM service names includes:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:468
+msgid "login"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:473
+msgid "su"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:478
+msgid "su-l"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:483
+msgid "gdm-fingerprint"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:488
+msgid "gdm-password"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:493
+msgid "gdm-smartcard"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:498
+msgid "kdm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:503
+msgid "lightdm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:508
+msgid "lxdm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:513
+msgid "sddm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:518
+msgid "unity"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:523
+msgid "xdm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:532
+msgid "ad_gpo_map_remote_interactive (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:535
+msgid ""
+"A comma-separated list of PAM service names for which GPO-based access "
+"control is evaluated based on the RemoteInteractiveLogonRight and "
+"DenyRemoteInteractiveLogonRight policy settings."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:541
+msgid ""
+"Note: Using the Group Policy Management Editor this value is called \"Allow "
+"log on through Remote Desktop Services\" and \"Deny log on through Remote "
+"Desktop Services\"."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd-ad.5.xml:556
+#, no-wrap
+msgid ""
+"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n"
+"                            "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:547
+msgid ""
+"It is possible to add another PAM service name to the default set by using "
+"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
+"the default set by using <quote>-service_name</quote>.  For example, in "
+"order to replace a default PAM service name for this logon right (e.g. "
+"<quote>sshd</quote>)  with a custom pam service name (e.g. "
+"<quote>my_pam_service</quote>), you would use the following configuration: "
+"<placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:564
+msgid "sshd"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:569
+msgid "cockpit"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:578
+msgid "ad_gpo_map_network (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:581
+msgid ""
+"A comma-separated list of PAM service names for which GPO-based access "
+"control is evaluated based on the NetworkLogonRight and "
+"DenyNetworkLogonRight policy settings."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:587
+msgid ""
+"Note: Using the Group Policy Management Editor this value is called \"Access "
+"this computer from the network\" and \"Deny access to this computer from the "
+"network\"."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd-ad.5.xml:602
+#, no-wrap
+msgid ""
+"ad_gpo_map_network = +my_pam_service, -ftp\n"
+"                            "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:593
+msgid ""
+"It is possible to add another PAM service name to the default set by using "
+"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
+"the default set by using <quote>-service_name</quote>.  For example, in "
+"order to replace a default PAM service name for this logon right (e.g. "
+"<quote>ftp</quote>)  with a custom pam service name (e.g. "
+"<quote>my_pam_service</quote>), you would use the following configuration: "
+"<placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:610
+msgid "ftp"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:615
+msgid "samba"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:624
+msgid "ad_gpo_map_batch (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:627
+msgid ""
+"A comma-separated list of PAM service names for which GPO-based access "
+"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight "
+"policy settings."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:633
+msgid ""
+"Note: Using the Group Policy Management Editor this value is called \"Allow "
+"log on as a batch job\" and \"Deny log on as a batch job\"."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd-ad.5.xml:647
+#, no-wrap
+msgid ""
+"ad_gpo_map_batch = +my_pam_service, -crond\n"
+"                            "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:638
+msgid ""
+"It is possible to add another PAM service name to the default set by using "
+"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
+"the default set by using <quote>-service_name</quote>.  For example, in "
+"order to replace a default PAM service name for this logon right (e.g. "
+"<quote>crond</quote>)  with a custom pam service name (e.g. "
+"<quote>my_pam_service</quote>), you would use the following configuration: "
+"<placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:655
+msgid "crond"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:664
+msgid "ad_gpo_map_service (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:667
+msgid ""
+"A comma-separated list of PAM service names for which GPO-based access "
+"control is evaluated based on the ServiceLogonRight and "
+"DenyServiceLogonRight policy settings."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:673
+msgid ""
+"Note: Using the Group Policy Management Editor this value is called \"Allow "
+"log on as a service\" and \"Deny log on as a service\"."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd-ad.5.xml:686
+#, no-wrap
+msgid ""
+"ad_gpo_map_service = +my_pam_service\n"
+"                            "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:678 sssd-ad.5.xml:753
+msgid ""
+"It is possible to add a PAM service name to the default set by using <quote>"
+"+service_name</quote>.  Since the default set is empty, it is not possible "
+"to remove a PAM service name from the default set.  For example, in order to "
+"add a custom pam service name (e.g. <quote>my_pam_service</quote>), you "
+"would use the following configuration: <placeholder type=\"programlisting\" "
+"id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:696
+msgid "ad_gpo_map_permit (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:699
+msgid ""
+"A comma-separated list of PAM service names for which GPO-based access is "
+"always granted, regardless of any GPO Logon Rights."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd-ad.5.xml:713
+#, no-wrap
+msgid ""
+"ad_gpo_map_permit = +my_pam_service, -sudo\n"
+"                            "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:704
+msgid ""
+"It is possible to add another PAM service name to the default set by using "
+"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
+"the default set by using <quote>-service_name</quote>.  For example, in "
+"order to replace a default PAM service name for unconditionally permitted "
+"access (e.g. <quote>sudo</quote>)  with a custom pam service name (e.g. "
+"<quote>my_pam_service</quote>), you would use the following configuration: "
+"<placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:721
+msgid "polkit-1"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:726
+msgid "sudo"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:731
+msgid "sudo-i"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:736
+msgid "systemd-user"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:745
+msgid "ad_gpo_map_deny (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:748
+msgid ""
+"A comma-separated list of PAM service names for which GPO-based access is "
+"always denied, regardless of any GPO Logon Rights."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd-ad.5.xml:761
+#, no-wrap
+msgid ""
+"ad_gpo_map_deny = +my_pam_service\n"
+"                            "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:771
+msgid "ad_gpo_default_right (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:774
+msgid ""
+"This option defines how access control is evaluated for PAM service names "
+"that are not explicitly listed in one of the ad_gpo_map_* options. This "
+"option can be set in two different manners. First, this option can be set to "
+"use a default logon right. For example, if this option is set to "
+"'interactive', it means that unmapped PAM service names will be processed "
+"based on the InteractiveLogonRight and DenyInteractiveLogonRight policy "
+"settings. Alternatively, this option can be set to either always permit or "
+"always deny access for unmapped PAM service names."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:787
+msgid "Supported values for this option include:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:791
+msgid "interactive"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:796
+msgid "remote_interactive"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:801
+msgid "network"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:806
+msgid "batch"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:811
+msgid "service"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:816
+msgid "permit"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:821
+msgid "deny"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:827
+msgid "Default: deny"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:833
+msgid "ad_maximum_machine_account_password_age (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:836
+msgid ""
+"SSSD will check once a day if the machine account password is older than the "
+"given age in days and try to renew it. A value of 0 will disable the renewal "
+"attempt."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:842
+msgid "Default: 30 days"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:848
+msgid "ad_machine_account_password_renewal_opts (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:851
+msgid ""
+"This option should only be used to test the machine account renewal task. "
+"The option expects 2 integers separated by a colon (':'). The first integer "
+"defines the interval in seconds how often the task is run. The second "
+"specifies the initial timeout in seconds before the task is run for the "
+"first time after startup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:860
+msgid "Default: 86400:750 (24h and 15m)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:869
+msgid ""
+"Optional. This option tells SSSD to automatically update the Active "
+"Directory DNS server with the IP address of this client. The update is "
+"secured using GSS-TSIG. As a consequence, the Active Directory administrator "
+"only needs to allow secure updates for the DNS zone. The IP address of the "
+"AD LDAP connection is used for the updates, if it is not otherwise specified "
+"by using the <quote>dyndns_iface</quote> option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:899
+msgid "Default: 3600 (seconds)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:915
+msgid ""
+"Default: Use the IP addresses of the interface which is used for AD LDAP "
+"connection"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:928
+msgid ""
+"How often should the back end perform periodic DNS update in addition to the "
+"automatic update performed when the back end goes online.  This option is "
+"optional and applicable only when dyndns_update is true. Note that the "
+"lowest possible value is 60 seconds in-case if value is provided less than "
+"60, parameter will assume lowest value only."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:951 sss_rpcidmapd.5.xml:76
+msgid "Default: True"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:1043
+msgid ""
+"The following example assumes that SSSD is correctly configured and example."
+"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
+"This example shows only the AD provider-specific options."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-ad.5.xml:1050
+#, no-wrap
+msgid ""
+"[domain/EXAMPLE]\n"
+"id_provider = ad\n"
+"auth_provider = ad\n"
+"access_provider = ad\n"
+"chpass_provider = ad\n"
+"\n"
+"ad_server = dc1.example.com\n"
+"ad_hostname = client.example.com\n"
+"ad_domain = example.com\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-ad.5.xml:1070
+#, no-wrap
+msgid ""
+"access_provider = ldap\n"
+"ldap_access_order = expire\n"
+"ldap_account_expire_policy = ad\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:1066
+msgid ""
+"The AD access control provider checks if the account is expired.  It has the "
+"same effect as the following configuration of the LDAP provider: "
+"<placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:1076
+msgid ""
+"However, unless the <quote>ad</quote> access control provider is explicitly "
+"configured, the default access provider is <quote>permit</quote>. Please "
+"note that if you configure an access provider other than <quote>ad</quote>, "
+"you need to set all the connection parameters (such as LDAP URIs and "
+"encryption details) manually."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:1084
+msgid ""
+"When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
+"attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
+"are included in the default Active Directory schema."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16
+msgid "sssd-sudo"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-sudo.5.xml:17
+msgid "Configuring sudo with the SSSD back end"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:23
+msgid ""
+"This manual page describes how to configure <citerefentry> "
+"<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> "
+"to work with <citerefentry> <refentrytitle>sssd</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry> and how SSSD caches sudo rules."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-sudo.5.xml:36
+msgid "Configuring sudo to cooperate with SSSD"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:38
+msgid ""
+"To enable SSSD as a source for sudo rules, add <emphasis>sss</emphasis> to "
+"the <emphasis>sudoers</emphasis> entry in <citerefentry> "
+"<refentrytitle>nsswitch.conf</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:47
+msgid ""
+"For example, to configure sudo to first lookup rules in the standard "
+"<citerefentry> <refentrytitle>sudoers</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> file (which should contain rules that apply to "
+"local users) and then in SSSD, the nsswitch.conf file should contain the "
+"following line:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-sudo.5.xml:57
+#, no-wrap
+msgid "sudoers: files sss\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:61
+msgid ""
+"More information about configuring the sudoers search order from the "
+"nsswitch.conf file as well as information about the LDAP schema that is used "
+"to store sudo rules in the directory can be found in <citerefentry> "
+"<refentrytitle>sudoers.ldap</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:70
+msgid ""
+"<emphasis>Note</emphasis>: in order to use netgroups or IPA hostgroups in "
+"sudo rules, you also need to correctly set <citerefentry> "
+"<refentrytitle>nisdomainname</refentrytitle> <manvolnum>1</manvolnum> </"
+"citerefentry> to your NIS domain name (which equals to IPA domain name when "
+"using hostgroups)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-sudo.5.xml:82
+msgid "Configuring SSSD to fetch sudo rules"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:84
+msgid ""
+"All configuration that is needed on SSSD side is to extend the list of "
+"<emphasis>services</emphasis> with \"sudo\" in [sssd] section of "
+"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry>. To speed up the LDAP lookups, you can also set "
+"search base for sudo rules using <emphasis>ldap_sudo_search_base</emphasis> "
+"option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:94
+msgid ""
+"The following example shows how to configure SSSD to download sudo rules "
+"from an LDAP server."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-sudo.5.xml:99
+#, no-wrap
+msgid ""
+"[sssd]\n"
+"config_file_version = 2\n"
+"services = nss, pam, sudo\n"
+"domains = EXAMPLE\n"
+"\n"
+"[domain/EXAMPLE]\n"
+"id_provider = ldap\n"
+"sudo_provider = ldap\n"
+"ldap_uri = ldap://example.com\n"
+"ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:98
+msgid ""
+"<placeholder type=\"programlisting\" id=\"0\"/> <phrase condition="
+"\"have_systemd\"> It's important to note that on platforms where systemd is "
+"supported there's no need to add the \"sudo\" provider to the list of "
+"services, as it became optional. However, sssd-sudo.socket must be enabled "
+"instead.  </phrase>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:118
+msgid ""
+"When SSSD is configured to use IPA as the ID provider, the sudo provider is "
+"automatically enabled. The sudo search base is configured to use the IPA "
+"native LDAP tree (cn=sudo,$SUFFIX).  If any other search base is defined in "
+"sssd.conf, this value will be used instead. The compat tree (ou=sudoers,"
+"$SUFFIX) is no longer required for IPA sudo functionality."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-sudo.5.xml:128
+msgid "The SUDO rule caching mechanism"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:130
+msgid ""
+"The biggest challenge, when developing sudo support in SSSD, was to ensure "
+"that running sudo with SSSD as the data source provides the same user "
+"experience and is as fast as sudo but keeps providing the most current set "
+"of rules as possible. To satisfy these requirements, SSSD uses three kinds "
+"of updates. They are referred to as full refresh, smart refresh and rules "
+"refresh."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:138
+msgid ""
+"The <emphasis>smart refresh</emphasis> periodically downloads rules that are "
+"new or were modified after the last update. Its primary goal is to keep the "
+"database growing by fetching only small increments that do not generate "
+"large amounts of network traffic."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:144
+msgid ""
+"The <emphasis>full refresh</emphasis> simply deletes all sudo rules stored "
+"in the cache and replaces them with all rules that are stored on the server. "
+"This is used to keep the cache consistent by removing every rule which was "
+"deleted from the server. However, full refresh may produce a lot of traffic "
+"and thus it should be run only occasionally depending on the size and "
+"stability of the sudo rules."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:152
+msgid ""
+"The <emphasis>rules refresh</emphasis> ensures that we do not grant the user "
+"more permission than defined. It is triggered each time the user runs sudo. "
+"Rules refresh will find all rules that apply to this user, check their "
+"expiration time and redownload them if expired.  In the case that any of "
+"these rules are missing on the server, the SSSD will do an out of band full "
+"refresh because more rules (that apply to other users) may have been deleted."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:161
+msgid ""
+"If enabled, SSSD will store only rules that can be applied to this machine. "
+"This means rules that contain one of the following values in "
+"<emphasis>sudoHost</emphasis> attribute:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
+#: sssd-sudo.5.xml:168
+msgid "keyword ALL"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
+#: sssd-sudo.5.xml:173
+msgid "wildcard"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
+#: sssd-sudo.5.xml:178
+msgid "netgroup (in the form \"+netgroup\")"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
+#: sssd-sudo.5.xml:183
+msgid "hostname or fully qualified domain name of this machine"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
+#: sssd-sudo.5.xml:188
+msgid "one of the IP addresses of this machine"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
+#: sssd-sudo.5.xml:193
+msgid "one of the IP addresses of the network (in the form \"address/mask\")"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:199
+msgid ""
+"There are many configuration options that can be used to adjust the "
+"behavior. Please refer to \"ldap_sudo_*\" in <citerefentry> "
+"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> and \"sudo_*\" in <citerefentry> <refentrytitle>sssd.conf</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd.8.xml:10 sssd.8.xml:15
+msgid "sssd"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd.8.xml:16
+msgid "System Security Services Daemon"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sssd.8.xml:21
+msgid ""
+"<command>sssd</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.8.xml:31
+msgid ""
+"<command>SSSD</command> provides a set of daemons to manage access to remote "
+"directories and authentication mechanisms. It provides an NSS and PAM "
+"interface toward the system and a pluggable backend system to connect to "
+"multiple different account sources as well as D-Bus interface. It is also "
+"the basis to provide client auditing and policy services for projects like "
+"FreeIPA. It provides a more robust database to store local users as well as "
+"extended user data."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:46
+msgid ""
+"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:53
+msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:57
+msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:60
+msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:69
+msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:73
+msgid ""
+"<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:76
+msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:85
+msgid "<option>-f</option>,<option>--debug-to-files</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:89
+msgid ""
+"Send the debug output to files instead of stderr. By default, the log files "
+"are stored in <filename>/var/log/sssd</filename> and there are separate log "
+"files for every SSSD service and domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:94
+msgid ""
+"This option is deprecated. It is replaced by <option>--logger=files</option>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:101
+msgid "<option>--logger=</option><replaceable>value</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:105
+msgid ""
+"Location where SSSD will send log messages. This option overrides the value "
+"of the deprecated option <option>--debug-to-files</option>. The deprecated "
+"option will still work if the <option>--logger</option> is not used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:112
+msgid ""
+"<emphasis>stderr</emphasis>: Redirect debug messages to standard error "
+"output."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:116
+msgid ""
+"<emphasis>files</emphasis>: Redirect debug messages to the log files. By "
+"default, the log files are stored in <filename>/var/log/sssd</filename> and "
+"there are separate log files for every SSSD service and domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:122
+msgid ""
+"<emphasis>journald</emphasis>: Redirect debug messages to systemd-journald"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:132
+msgid "<option>-D</option>,<option>--daemon</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:136
+msgid "Become a daemon after starting up."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:142 sss_seed.8.xml:136
+msgid "<option>-i</option>,<option>--interactive</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:146
+msgid "Run in the foreground, don't become a daemon."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:152
+msgid "<option>-c</option>,<option>--config</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:156
+msgid ""
+"Specify a non-default config file. The default is <filename>/etc/sssd/sssd."
+"conf</filename>. For reference on the config file syntax and options, "
+"consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> manual page."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:170
+msgid "<option>--version</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:174
+msgid "Print version number and exit."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd.8.xml:182
+msgid "Signals"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:185
+msgid "SIGTERM/SIGINT"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:188
+msgid ""
+"Informs the SSSD to gracefully terminate all of its child processes and then "
+"shut down the monitor."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:194
+msgid "SIGHUP"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:197
+msgid ""
+"Tells the SSSD to stop writing to its current debug file descriptors and to "
+"close and reopen them. This is meant to facilitate log rolling with programs "
+"like logrotate."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:205
+msgid "SIGUSR1"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:208
+msgid ""
+"Tells the SSSD to simulate offline operation for the duration of the "
+"<quote>offline_timeout</quote> parameter. This is useful for testing. The "
+"signal can be sent to either the sssd process or any sssd_be process "
+"directly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:217
+msgid "SIGUSR2"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:220
+msgid ""
+"Tells the SSSD to go online immediately. This is useful for testing. The "
+"signal can be sent to either the sssd process or any sssd_be process "
+"directly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.8.xml:232
+msgid ""
+"If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client "
+"applications will not use the fast in memory cache."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15
+msgid "sss_obfuscate"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_obfuscate.8.xml:16
+msgid "obfuscate a clear text password"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_obfuscate.8.xml:21
+msgid ""
+"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</"
+"replaceable></arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_obfuscate.8.xml:32
+msgid ""
+"<command>sss_obfuscate</command> converts a given password into human-"
+"unreadable format and places it into appropriate domain section of the SSSD "
+"config file."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_obfuscate.8.xml:37
+msgid ""
+"The cleartext password is read from standard input or entered "
+"interactively.  The obfuscated password is put into "
+"<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the "
+"<quote>ldap_default_authtok_type</quote> parameter is set to "
+"<quote>obfuscated_password</quote>. Refer to <citerefentry> "
+"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more details on these parameters."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_obfuscate.8.xml:49
+msgid ""
+"Please note that obfuscating the password provides <emphasis>no real "
+"security benefit</emphasis> as it is still possible for an attacker to "
+"reverse-engineer the password back. Using better authentication mechanisms "
+"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> "
+"advised."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_obfuscate.8.xml:63
+msgid "<option>-s</option>,<option>--stdin</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_obfuscate.8.xml:67
+msgid "The password to obfuscate will be read from standard input."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:127
+#: sss_ssh_knownhostsproxy.1.xml:78
+msgid ""
+"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_obfuscate.8.xml:79
+msgid ""
+"The SSSD domain to use the password in. The default name is <quote>default</"
+"quote>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_obfuscate.8.xml:86
+msgid ""
+"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_obfuscate.8.xml:91
+msgid "Read the config file specified by the positional parameter."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_obfuscate.8.xml:95
+msgid "Default: <filename>/etc/sssd/sssd.conf</filename>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_override.8.xml:10 sss_override.8.xml:15
+msgid "sss_override"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_override.8.xml:16
+msgid "create local overrides of user and group attributes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_override.8.xml:21
+msgid ""
+"<command>sss_override</command> <arg choice='plain'><replaceable>COMMAND</"
+"replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </"
+"arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_override.8.xml:32
+msgid ""
+"<command>sss_override</command> enables to create a client-side view and "
+"allows to change selected values of specific user and groups. This change "
+"takes effect only on local machine."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_override.8.xml:37
+msgid ""
+"Overrides data are stored in the SSSD cache. If the cache is deleted, all "
+"local overrides are lost. Please note that after the first override is "
+"created using any of the following <emphasis>user-add</emphasis>, "
+"<emphasis>group-add</emphasis>, <emphasis>user-import</emphasis> or "
+"<emphasis>group-import</emphasis> command. SSSD needs to be restarted to "
+"take effect.  <emphasis>sss_override</emphasis> prints message when a "
+"restart is required."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sss_override.8.xml:50 sssctl.8.xml:41
+msgid "AVAILABLE COMMANDS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_override.8.xml:52
+msgid ""
+"Argument <emphasis>NAME</emphasis> is the name of original object in all "
+"commands. It is not possible to override <emphasis>uid</emphasis> or "
+"<emphasis>gid</emphasis> to 0."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:59
+msgid ""
+"<option>user-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--"
+"name</option> NAME</optional> <optional><option>-u,--uid</option> UID</"
+"optional> <optional><option>-g,--gid</option> GID</optional> "
+"<optional><option>-h,--home</option> HOME</optional> <optional><option>-s,--"
+"shell</option> SHELL</optional> <optional><option>-c,--gecos</option> GECOS</"
+"optional> <optional><option>-x,--certificate</option> BASE64 ENCODED "
+"CERTIFICATE</optional>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:72
+msgid ""
+"Override attributes of an user. Please be aware that calling this command "
+"will replace any previous override for the (NAMEd) user."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:80
+msgid "<option>user-del</option> <emphasis>NAME</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:85
+msgid ""
+"Remove user overrides. However be aware that overridden attributes might be "
+"returned from memory cache. Please see SSSD option "
+"<emphasis>memcache_timeout</emphasis> for more details."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:94
+msgid ""
+"<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</"
+"optional>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:99
+msgid ""
+"List all users with set overrides.  If <emphasis>DOMAIN</emphasis> parameter "
+"is set, only users from the domain are listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:107
+msgid "<option>user-show</option> <emphasis>NAME</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:112
+msgid "Show user overrides."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:118
+msgid "<option>user-import</option> <emphasis>FILE</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:123
+msgid ""
+"Import user overrides from <emphasis>FILE</emphasis>.  Data format is "
+"similar to standard passwd file.  The format is:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:128
+msgid "original_name:name:uid:gid:gecos:home:shell:base64_encoded_certificate"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:131
+msgid ""
+"where original_name is original name of the user whose attributes should be "
+"overridden. The rest of fields correspond to new values. You can omit a "
+"value simply by leaving corresponding field empty."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:140
+msgid "ckent:superman::::::"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:143
+msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:149
+msgid "<option>user-export</option> <emphasis>FILE</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:154
+msgid ""
+"Export all overridden attributes and store them in <emphasis>FILE</"
+"emphasis>. See <emphasis>user-import</emphasis> for data format."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:162
+msgid ""
+"<option>group-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--"
+"name</option> NAME</optional> <optional><option>-g,--gid</option> GID</"
+"optional>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:169
+msgid ""
+"Override attributes of a group. Please be aware that calling this command "
+"will replace any previous override for the (NAMEd) group."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:177
+msgid "<option>group-del</option> <emphasis>NAME</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:182
+msgid ""
+"Remove group overrides. However be aware that overridden attributes might be "
+"returned from memory cache. Please see SSSD option "
+"<emphasis>memcache_timeout</emphasis> for more details."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:191
+msgid ""
+"<option>group-find</option> <optional><option>-d,--domain</option> DOMAIN</"
+"optional>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:196
+msgid ""
+"List all groups with set overrides.  If <emphasis>DOMAIN</emphasis> "
+"parameter is set, only groups from the domain are listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:204
+msgid "<option>group-show</option> <emphasis>NAME</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:209
+msgid "Show group overrides."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:215
+msgid "<option>group-import</option> <emphasis>FILE</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:220
+msgid ""
+"Import group overrides from <emphasis>FILE</emphasis>.  Data format is "
+"similar to standard group file.  The format is:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:225
+msgid "original_name:name:gid"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:228
+msgid ""
+"where original_name is original name of the group whose attributes should be "
+"overridden. The rest of fields correspond to new values. You can omit a "
+"value simply by leaving corresponding field empty."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:237
+msgid "admins:administrators:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:240
+msgid "Domain Users:Users:501"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:246
+msgid "<option>group-export</option> <emphasis>FILE</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:251
+msgid ""
+"Export all overridden attributes and store them in <emphasis>FILE</"
+"emphasis>. See <emphasis>group-import</emphasis> for data format."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sss_override.8.xml:261 sssctl.8.xml:50
+msgid "COMMON OPTIONS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_override.8.xml:263 sssctl.8.xml:52
+msgid "Those options are available with all commands."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:268 sssctl.8.xml:57
+msgid "<option>--debug</option> <replaceable>LEVEL</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_useradd.8.xml:10 sss_useradd.8.xml:15
+msgid "sss_useradd"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_useradd.8.xml:16
+msgid "create a new user"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_useradd.8.xml:21
+msgid ""
+"<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
+"arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_useradd.8.xml:32
+msgid ""
+"<command>sss_useradd</command> creates a new user account using the values "
+"specified on the command line plus the default values from the system."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_useradd.8.xml:43 sss_seed.8.xml:76
+msgid ""
+"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_useradd.8.xml:48
+msgid ""
+"Set the UID of the user to the value of <replaceable>UID</replaceable>.  If "
+"not given, it is chosen automatically."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_useradd.8.xml:55 sss_usermod.8.xml:43 sss_seed.8.xml:100
+msgid ""
+"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_useradd.8.xml:60 sss_usermod.8.xml:48 sss_seed.8.xml:105
+msgid ""
+"Any text string describing the user. Often used as the field for the user's "
+"full name."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_useradd.8.xml:67 sss_usermod.8.xml:55 sss_seed.8.xml:112
+msgid ""
+"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_useradd.8.xml:72
+msgid ""
+"The home directory of the user account.  The default is to append the "
+"<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and use "
+"that as the home directory.  The base that is prepended before "
+"<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/"
+"baseDirectory</quote> setting in sssd.conf."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_useradd.8.xml:82 sss_usermod.8.xml:66 sss_seed.8.xml:124
+msgid ""
+"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_useradd.8.xml:87
+msgid ""
+"The user's login shell. The default is currently <filename>/bin/bash</"
+"filename>.  The default can be changed with <quote>user_defaults/"
+"defaultShell</quote> setting in sssd.conf."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_useradd.8.xml:96
+msgid ""
+"<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_useradd.8.xml:101
+msgid "A list of existing groups this user is also a member of."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_useradd.8.xml:107
+msgid "<option>-m</option>,<option>--create-home</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_useradd.8.xml:111
+msgid ""
+"Create the user's home directory if it does not exist. The files and "
+"directories contained in the skeleton directory (which can be defined with "
+"the -k option or in the config file) will be copied to the home directory."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_useradd.8.xml:121
+msgid "<option>-M</option>,<option>--no-create-home</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_useradd.8.xml:125
+msgid ""
+"Do not create the user's home directory. Overrides configuration settings."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_useradd.8.xml:132
+msgid ""
+"<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_useradd.8.xml:137
+msgid ""
+"The skeleton directory, which contains files and directories to be copied in "
+"the user's home directory, when the home directory is created by "
+"<command>sss_useradd</command>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_useradd.8.xml:143
+msgid ""
+"Special files (block devices, character devices, named pipes and unix "
+"sockets) will not be copied."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_useradd.8.xml:147
+msgid ""
+"This option is only valid if the <option>-m</option> (or <option>--create-"
+"home</option>) option is specified, or creation of home directories is set "
+"to TRUE in the configuration."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_useradd.8.xml:156 sss_usermod.8.xml:124
+msgid ""
+"<option>-Z</option>,<option>--selinux-user</option> "
+"<replaceable>SELINUX_USER</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_useradd.8.xml:161
+msgid ""
+"The SELinux user for the user's login. If not specified, the system default "
+"will be used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16
+msgid "sssd-krb5"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-krb5.5.xml:17
+msgid "SSSD Kerberos provider"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-krb5.5.xml:23
+msgid ""
+"This manual page describes the configuration of the Kerberos 5 "
+"authentication backend for <citerefentry> <refentrytitle>sssd</"
+"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>.  For a detailed "
+"syntax reference, please refer to the <quote>FILE FORMAT</quote> section of "
+"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> manual page."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-krb5.5.xml:36
+msgid ""
+"The Kerberos 5 authentication backend contains auth and chpass providers. It "
+"must be paired with an identity provider in order to function properly (for "
+"example, id_provider = ldap). Some information required by the Kerberos 5 "
+"authentication backend must be provided by the identity provider, such as "
+"the user's Kerberos Principal Name (UPN). The configuration of the identity "
+"provider should have an entry to specify the UPN. Please refer to the man "
+"page for the applicable identity provider for details on how to configure "
+"this."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-krb5.5.xml:47
+msgid ""
+"This backend also provides access control based on the .k5login file in the "
+"home directory of the user. See <citerefentry> <refentrytitle>.k5login</"
+"refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. "
+"Please note that an empty .k5login file will deny all access to this user. "
+"To activate this feature, use 'access_provider = krb5' in your SSSD "
+"configuration."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-krb5.5.xml:55
+msgid ""
+"In the case where the UPN is not available in the identity backend, "
+"<command>sssd</command> will construct a UPN using the format "
+"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:77
+msgid ""
+"Specifies the comma-separated list of IP addresses or hostnames of the "
+"Kerberos servers to which SSSD should connect, in the order of preference. "
+"For more information on failover and server redundancy, see the "
+"<quote>FAILOVER</quote> section. An optional port number (preceded by a "
+"colon) may be appended to the addresses or hostnames.  If empty, service "
+"discovery is enabled; for more information, refer to the <quote>SERVICE "
+"DISCOVERY</quote> section."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:106
+msgid ""
+"The name of the Kerberos realm. This option is required and must be "
+"specified."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:113
+msgid "krb5_kpasswd, krb5_backup_kpasswd (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:116
+msgid ""
+"If the change password service is not running on the KDC, alternative "
+"servers can be defined here. An optional port number (preceded by a colon) "
+"may be appended to the addresses or hostnames."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:122
+msgid ""
+"For more information on failover and server redundancy, see the "
+"<quote>FAILOVER</quote> section.  NOTE: Even if there are no more kpasswd "
+"servers to try, the backend is not switched to operate offline if "
+"authentication against the KDC is still possible."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:129
+msgid "Default: Use the KDC"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:135
+msgid "krb5_ccachedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:138
+msgid ""
+"Directory to store credential caches. All the substitution sequences of "
+"krb5_ccname_template can be used here, too, except %d and %P.  The directory "
+"is created as private and owned by the user, with permissions set to 0700."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:145
+msgid "Default: /tmp"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:151
+msgid "krb5_ccname_template (string)"
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:165 include/override_homedir.xml:11
+msgid "%u"
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:166 include/override_homedir.xml:12
+msgid "login name"
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:169 include/override_homedir.xml:15
+msgid "%U"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:170
+msgid "login UID"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:173
+msgid "%p"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:174
+msgid "principal name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:178
+msgid "%r"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:179
+msgid "realm name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:182
+msgid "%h"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:183 sssd-ifp.5.xml:108
+msgid "home directory"
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:187 include/override_homedir.xml:19
+msgid "%d"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:188
+msgid "value of krb5_ccachedir"
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:193 include/override_homedir.xml:31
+msgid "%P"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:194
+msgid "the process ID of the SSSD client"
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:199 include/override_homedir.xml:49
+msgid "%%"
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:200 include/override_homedir.xml:50
+msgid "a literal '%'"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:154
+msgid ""
+"Location of the user's credential cache. Three credential cache types are "
+"currently supported: <quote>FILE</quote>, <quote>DIR</quote> and "
+"<quote>KEYRING:persistent</quote>. The cache can be specified either as "
+"<replaceable>TYPE:RESIDUAL</replaceable>, or as an absolute path, which "
+"implies the <quote>FILE</quote> type. In the template, the following "
+"sequences are substituted: <placeholder type=\"variablelist\" id=\"0\"/> If "
+"the template ends with 'XXXXXX' mkstemp(3) is used to create a unique "
+"filename in a safe way."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:208
+msgid ""
+"When using KEYRING types, the only supported mechanism is <quote>KEYRING:"
+"persistent:%U</quote>, which uses the Linux kernel keyring to store "
+"credentials on a per-UID basis. This is also the recommended choice, as it "
+"is the most secure and predictable method."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:216
+msgid ""
+"The default value for the credential cache name is sourced from the profile "
+"stored in the system wide krb5.conf configuration file in the [libdefaults] "
+"section. The option name is default_ccache_name.  See krb5.conf(5)'s "
+"PARAMETER EXPANSION paragraph for additional information on the expansion "
+"format defined by krb5.conf."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:225
+msgid ""
+"NOTE: Please be aware that libkrb5 ccache expansion template from "
+"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> uses different expansion sequences than SSSD."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:234
+msgid "Default: (from libkrb5)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:240
+msgid "krb5_auth_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:243
+msgid ""
+"Timeout in seconds after an online authentication request or change password "
+"request is aborted. If possible, the authentication request is continued "
+"offline."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:254
+msgid "krb5_validate (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:257
+msgid ""
+"Verify with the help of krb5_keytab that the TGT obtained has not been "
+"spoofed. The keytab is checked for entries sequentially, and the first entry "
+"with a matching realm is used for validation. If no entry matches the realm, "
+"the last entry in the keytab is used. This process can be used to validate "
+"environments using cross-realm trust by placing the appropriate keytab entry "
+"as the last entry or the only entry in the keytab file."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:272
+msgid "krb5_keytab (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:275
+msgid ""
+"The location of the keytab to use when validating credentials obtained from "
+"KDCs."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:279
+msgid "Default: /etc/krb5.keytab"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:285
+msgid "krb5_store_password_if_offline (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:288
+msgid ""
+"Store the password of the user if the provider is offline and use it to "
+"request a TGT when the provider comes online again."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:293
+msgid ""
+"NOTE: this feature is only available on Linux.  Passwords stored in this way "
+"are kept in plaintext in the kernel keyring and are potentially accessible "
+"by the root user (with difficulty)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:306
+msgid "krb5_renewable_lifetime (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:309
+msgid ""
+"Request a renewable ticket with a total lifetime, given as an integer "
+"immediately followed by a time unit:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:314 sssd-krb5.5.xml:348 sssd-krb5.5.xml:385
+msgid "<emphasis>s</emphasis> for seconds"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:317 sssd-krb5.5.xml:351 sssd-krb5.5.xml:388
+msgid "<emphasis>m</emphasis> for minutes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:320 sssd-krb5.5.xml:354 sssd-krb5.5.xml:391
+msgid "<emphasis>h</emphasis> for hours"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:323 sssd-krb5.5.xml:357 sssd-krb5.5.xml:394
+msgid "<emphasis>d</emphasis> for days."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:326 sssd-krb5.5.xml:397
+msgid "If there is no unit given, <emphasis>s</emphasis> is assumed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:330 sssd-krb5.5.xml:401
+msgid ""
+"NOTE: It is not possible to mix units.  To set the renewable lifetime to one "
+"and a half hours, use '90m' instead of '1h30m'."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:335
+msgid "Default: not set, i.e. the TGT is not renewable"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:341
+msgid "krb5_lifetime (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:344
+msgid ""
+"Request ticket with a lifetime, given as an integer immediately followed by "
+"a time unit:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:360
+msgid "If there is no unit given <emphasis>s</emphasis> is assumed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:364
+msgid ""
+"NOTE: It is not possible to mix units.  To set the lifetime to one and a "
+"half hours please use '90m' instead of '1h30m'."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:369
+msgid ""
+"Default: not set, i.e. the default ticket lifetime configured on the KDC."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:376
+msgid "krb5_renew_interval (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:379
+msgid ""
+"The time in seconds between two checks if the TGT should be renewed. TGTs "
+"are renewed if about half of their lifetime is exceeded, given as an integer "
+"immediately followed by a time unit:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:406
+msgid "If this option is not set or is 0 the automatic renewal is disabled."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:416
+msgid "krb5_use_fast (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:419
+msgid ""
+"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
+"authentication. The following options are supported:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:424
+msgid ""
+"<emphasis>never</emphasis> use FAST. This is equivalent to not setting this "
+"option at all."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:428
+msgid ""
+"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, "
+"continue the authentication without it."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:433
+msgid ""
+"<emphasis>demand</emphasis> to use FAST. The authentication fails if the "
+"server does not require fast."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:438
+msgid "Default: not set, i.e. FAST is not used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:441
+msgid "NOTE: a keytab is required to use FAST."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:444
+msgid ""
+"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If "
+"SSSD is used with an older version of MIT Kerberos, using this option is a "
+"configuration error."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:453
+msgid "krb5_fast_principal (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:456
+msgid "Specifies the server principal to use for FAST."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:465
+msgid ""
+"Specifies if the host and user principal should be canonicalized. This "
+"feature is available with MIT Kerberos 1.7 and later versions."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:505
+msgid "krb5_use_enterprise_principal (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:508
+msgid ""
+"Specifies if the user principal should be treated as enterprise principal. "
+"See section 5 of RFC 6806 for more details about enterprise principals."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:514
+msgid "Default: false (AD provider: true)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:517
+msgid ""
+"The IPA provider will set to option to 'true' if it detects that the server "
+"is capable of handling enterprise principals and the option is not set "
+"explicitly in the config file."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:526
+msgid "krb5_map_user (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:529
+msgid ""
+"The list of mappings is given as a comma-separated list of pairs "
+"<quote>username:primary</quote> where <quote>username</quote> is a UNIX user "
+"name and <quote>primary</quote> is a user part of a kerberos principal. This "
+"mapping is used when user is authenticating using <quote>auth_provider = "
+"krb5</quote>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd-krb5.5.xml:541
+#, no-wrap
+msgid ""
+"krb5_realm = REALM\n"
+"krb5_map_user = joe:juser,dick:richard\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:546
+msgid ""
+"<quote>joe</quote> and <quote>dick</quote> are UNIX user names and "
+"<quote>juser</quote> and <quote>richard</quote> are primaries of kerberos "
+"principals. For user <quote>joe</quote> resp.  <quote>dick</quote> SSSD will "
+"try to kinit as <quote>juser@REALM</quote> resp.  <quote>richard@REALM</"
+"quote>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-krb5.5.xml:65
+msgid ""
+"If the auth-module krb5 is used in an SSSD domain, the following options "
+"must be used. See the <citerefentry> <refentrytitle>sssd.conf</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page, section "
+"<quote>DOMAIN SECTIONS</quote>, for details on the configuration of an SSSD "
+"domain.  <placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-krb5.5.xml:572
+msgid ""
+"The following example assumes that SSSD is correctly configured and FOO is "
+"one of the domains in the <replaceable>[sssd]</replaceable> section. This "
+"example shows only configuration of Kerberos authentication; it does not "
+"include any identity provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-krb5.5.xml:580
+#, no-wrap
+msgid ""
+"[domain/FOO]\n"
+"auth_provider = krb5\n"
+"krb5_server = 192.168.1.1\n"
+"krb5_realm = EXAMPLE.COM\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_groupadd.8.xml:10 sss_groupadd.8.xml:15
+msgid "sss_groupadd"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_groupadd.8.xml:16
+msgid "create a new group"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_groupadd.8.xml:21
+msgid ""
+"<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
+"arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_groupadd.8.xml:32
+msgid ""
+"<command>sss_groupadd</command> creates a new group. These groups are "
+"compatible with POSIX groups, with the additional feature that they can "
+"contain other groups as members."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_groupadd.8.xml:43 sss_seed.8.xml:88
+msgid ""
+"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_groupadd.8.xml:48
+msgid ""
+"Set the GID of the group to the value of <replaceable>GID</replaceable>.  If "
+"not given, it is chosen automatically."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_userdel.8.xml:10 sss_userdel.8.xml:15
+msgid "sss_userdel"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_userdel.8.xml:16
+msgid "delete a user account"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_userdel.8.xml:21
+msgid ""
+"<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
+"arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_userdel.8.xml:32
+msgid ""
+"<command>sss_userdel</command> deletes a user identified by login name "
+"<replaceable>LOGIN</replaceable> from the system."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_userdel.8.xml:44
+msgid "<option>-r</option>,<option>--remove</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_userdel.8.xml:48
+msgid ""
+"Files in the user's home directory will be removed along with the home "
+"directory itself and the user's mail spool. Overrides the configuration."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_userdel.8.xml:56
+msgid "<option>-R</option>,<option>--no-remove</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_userdel.8.xml:60
+msgid ""
+"Files in the user's home directory will NOT be removed along with the home "
+"directory itself and the user's mail spool. Overrides the configuration."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_userdel.8.xml:68
+msgid "<option>-f</option>,<option>--force</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_userdel.8.xml:72
+msgid ""
+"This option forces <command>sss_userdel</command> to remove the user's home "
+"directory and mail spool, even if they are not owned by the specified user."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_userdel.8.xml:80
+msgid "<option>-k</option>,<option>--kick</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_userdel.8.xml:84
+msgid "Before actually deleting the user, terminate all his processes."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_groupdel.8.xml:10 sss_groupdel.8.xml:15
+msgid "sss_groupdel"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_groupdel.8.xml:16
+msgid "delete a group"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_groupdel.8.xml:21
+msgid ""
+"<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
+"arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_groupdel.8.xml:32
+msgid ""
+"<command>sss_groupdel</command> deletes a group identified by its name "
+"<replaceable>GROUP</replaceable> from the system."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_groupshow.8.xml:10 sss_groupshow.8.xml:15
+msgid "sss_groupshow"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_groupshow.8.xml:16
+msgid "print properties of a group"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_groupshow.8.xml:21
+msgid ""
+"<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
+"arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_groupshow.8.xml:32
+msgid ""
+"<command>sss_groupshow</command> displays information about a group "
+"identified by its name <replaceable>GROUP</replaceable>. The information "
+"includes the group ID number, members of the group and the parent group."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_groupshow.8.xml:43
+msgid "<option>-R</option>,<option>--recursive</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_groupshow.8.xml:47
+msgid ""
+"Also print indirect group members in a tree-like hierarchy.  Note that this "
+"also affects printing parent groups - without <option>R</option>, only the "
+"direct parent will be printed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_usermod.8.xml:10 sss_usermod.8.xml:15
+msgid "sss_usermod"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_usermod.8.xml:16
+msgid "modify a user account"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_usermod.8.xml:21
+msgid ""
+"<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
+"arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_usermod.8.xml:32
+msgid ""
+"<command>sss_usermod</command> modifies the account specified by "
+"<replaceable>LOGIN</replaceable> to reflect the changes that are specified "
+"on the command line."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_usermod.8.xml:60
+msgid "The home directory of the user account."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_usermod.8.xml:71
+msgid "The user's login shell."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_usermod.8.xml:82
+msgid ""
+"Append this user to groups specified by the <replaceable>GROUPS</"
+"replaceable> parameter.  The <replaceable>GROUPS</replaceable> parameter is "
+"a comma separated list of group names."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_usermod.8.xml:96
+msgid ""
+"Remove this user from groups specified by the <replaceable>GROUPS</"
+"replaceable> parameter."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_usermod.8.xml:103
+msgid "<option>-l</option>,<option>--lock</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_usermod.8.xml:107
+msgid "Lock the user account. The user won't be able to log in."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_usermod.8.xml:114
+msgid "<option>-u</option>,<option>--unlock</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_usermod.8.xml:118
+msgid "Unlock the user account."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_usermod.8.xml:129
+msgid "The SELinux user for the user's login."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_usermod.8.xml:135
+msgid "<option>--addattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_usermod.8.xml:140
+msgid "Add an attribute/value pair. The format is attrname=value."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_usermod.8.xml:147
+msgid "<option>--setattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_usermod.8.xml:152
+msgid ""
+"Set an attribute to a name/value pair. The format is attrname=value. For "
+"multi-valued attributes, the command replaces the values already present"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_usermod.8.xml:160
+msgid "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_usermod.8.xml:165
+msgid "Delete an attribute/value pair. The format is attrname=value."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_cache.8.xml:10 sss_cache.8.xml:15
+msgid "sss_cache"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_cache.8.xml:16
+msgid "perform cache cleanup"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_cache.8.xml:21
+msgid ""
+"<command>sss_cache</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_cache.8.xml:31
+msgid ""
+"<command>sss_cache</command> invalidates records in SSSD cache.  Invalidated "
+"records are forced to be reloaded from server as soon as related SSSD "
+"backend is online. Options that invalidate a single object only accept a "
+"single provided argument."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:43
+msgid "<option>-E</option>,<option>--everything</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:47
+msgid "Invalidate all cached entries."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:53
+msgid ""
+"<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:58
+msgid "Invalidate specific user."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:64
+msgid "<option>-U</option>,<option>--users</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:68
+msgid ""
+"Invalidate all user records. This option overrides invalidation of specific "
+"user if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:75
+msgid ""
+"<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:80
+msgid "Invalidate specific group."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:86
+msgid "<option>-G</option>,<option>--groups</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:90
+msgid ""
+"Invalidate all group records. This option overrides invalidation of specific "
+"group if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:97
+msgid ""
+"<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:102
+msgid "Invalidate specific netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:108
+msgid "<option>-N</option>,<option>--netgroups</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:112
+msgid ""
+"Invalidate all netgroup records. This option overrides invalidation of "
+"specific netgroup if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:119
+msgid ""
+"<option>-s</option>,<option>--service</option> <replaceable>service</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:124
+msgid "Invalidate specific service."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:130
+msgid "<option>-S</option>,<option>--services</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:134
+msgid ""
+"Invalidate all service records. This option overrides invalidation of "
+"specific service if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:141
+msgid ""
+"<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:146
+msgid "Invalidate specific autofs maps."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:152
+msgid "<option>-A</option>,<option>--autofs-maps</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:156
+msgid ""
+"Invalidate all autofs maps. This option overrides invalidation of specific "
+"map if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:163
+msgid ""
+"<option>-h</option>,<option>--ssh-host</option> <replaceable>hostname</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:168
+msgid "Invalidate SSH public keys of a specific host."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:174
+msgid "<option>-H</option>,<option>--ssh-hosts</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:178
+msgid ""
+"Invalidate SSH public keys of all hosts. This option overrides invalidation "
+"of SSH public keys of specific host if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:186
+msgid ""
+"<option>-r</option>,<option>--sudo-rule</option> <replaceable>rule</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:191
+msgid "Invalidate particular sudo rule."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:197
+msgid "<option>-R</option>,<option>--sudo-rules</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:201
+msgid ""
+"Invalidate all cached sudo rules. This option overrides invalidation of "
+"specific sudo rule if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:209
+msgid ""
+"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:214
+msgid "Restrict invalidation process only to a particular domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_debuglevel.8.xml:10 sss_debuglevel.8.xml:15
+msgid "sss_debuglevel"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_debuglevel.8.xml:16
+msgid "[DEPRECATED] change debug level while SSSD is running"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_debuglevel.8.xml:21
+msgid ""
+"<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</"
+"replaceable></arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_debuglevel.8.xml:32
+msgid ""
+"<command>sss_debuglevel</command> is deprecated and replaced by the sssctl "
+"debug-level command. Please refer to the <command>sssctl</command> man page "
+"for more information on sssctl usage."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_seed.8.xml:10 sss_seed.8.xml:15
+msgid "sss_seed"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_seed.8.xml:16
+msgid "seed the SSSD cache with a user"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_seed.8.xml:21
+msgid ""
+"<command>sss_seed</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg> <arg choice='plain'>-D <replaceable>DOMAIN</"
+"replaceable></arg> <arg choice='plain'>-n <replaceable>USER</replaceable></"
+"arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_seed.8.xml:33
+msgid ""
+"<command>sss_seed</command> seeds the SSSD cache with a user entry and "
+"temporary password. If a user entry is already present in the SSSD cache "
+"then the entry is updated with the temporary password."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_seed.8.xml:46
+msgid ""
+"<option>-D</option>,<option>--domain</option> <replaceable>DOMAIN</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_seed.8.xml:51
+msgid ""
+"Provide the name of the domain in which the user is a member of. The domain "
+"is also used to retrieve user information. The domain must be configured in "
+"sssd.conf. The <replaceable>DOMAIN</replaceable> option must be provided.  "
+"Information retrieved from the domain overrides what is provided in the "
+"options."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_seed.8.xml:63
+msgid ""
+"<option>-n</option>,<option>--username</option> <replaceable>USER</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_seed.8.xml:68
+msgid ""
+"The username of the entry to be created or modified in the cache. The "
+"<replaceable>USER</replaceable> option must be provided."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_seed.8.xml:81
+msgid "Set the UID of the user to <replaceable>UID</replaceable>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_seed.8.xml:93
+msgid "Set the GID of the user to <replaceable>GID</replaceable>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_seed.8.xml:117
+msgid ""
+"Set the home directory of the user to <replaceable>HOME_DIR</replaceable>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_seed.8.xml:129
+msgid "Set the login shell of the user to <replaceable>SHELL</replaceable>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_seed.8.xml:140
+msgid ""
+"Interactive mode for entering user information. This option will only prompt "
+"for information not provided in the options or retrieved from the domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_seed.8.xml:148
+msgid ""
+"<option>-p</option>,<option>--password-file</option> <replaceable>PASS_FILE</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_seed.8.xml:153
+msgid ""
+"Specify file to read user's password from. (if not specified password is "
+"prompted for)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_seed.8.xml:165
+msgid ""
+"The length of the password (or the size of file specified with -p or --"
+"password-file option) must be less than or equal to PASS_MAX bytes (64 bytes "
+"on systems with no globally-defined PASS_MAX value)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-ifp.5.xml:10 sssd-ifp.5.xml:16
+msgid "sssd-ifp"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-ifp.5.xml:17
+msgid "SSSD InfoPipe responder"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ifp.5.xml:23
+msgid ""
+"This manual page describes the configuration of the InfoPipe responder for "
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry>.  For a detailed syntax reference, refer to the <quote>FILE "
+"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ifp.5.xml:36
+msgid ""
+"The InfoPipe responder provides a public D-Bus interface accessible over the "
+"system bus. The interface allows the user to query information about remote "
+"users and groups over the system bus."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ifp.5.xml:46
+msgid "These options can be used to configure the InfoPipe responder."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:53
+msgid ""
+"Specifies the comma-separated list of UID values or user names that are "
+"allowed to access the InfoPipe responder. User names are resolved to UIDs at "
+"startup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:59
+msgid ""
+"Default: 0 (only the root user is allowed to access the InfoPipe responder)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:63
+msgid ""
+"Please note that although the UID 0 is used as the default it will be "
+"overwritten with this option. If you still want to allow the root user to "
+"access the InfoPipe responder, which would be the typical case, you have to "
+"add 0 to the list of allowed UIDs as well."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:77
+msgid "Specifies the comma-separated list of white or blacklisted attributes."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:91
+msgid "name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:92
+msgid "user's login name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:95
+msgid "uidNumber"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:96
+msgid "user ID"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:99
+msgid "gidNumber"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:100
+msgid "primary group ID"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:103
+msgid "gecos"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:104
+msgid "user information, typically full name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:107
+msgid "homeDirectory"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:111
+msgid "loginShell"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:112
+msgid "user shell"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:81
+msgid ""
+"By default, the InfoPipe responder only allows the default set of POSIX "
+"attributes to be requested. This set is the same as returned by "
+"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</"
+"manvolnum> </citerefentry> and includes: <placeholder type=\"variablelist\" "
+"id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd-ifp.5.xml:125
+#, no-wrap
+msgid ""
+"user_attributes = +telephoneNumber, -loginShell\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:117
+msgid ""
+"It is possible to add another attribute to this set by using <quote>"
+"+attr_name</quote> or explicitly remove an attribute using <quote>-"
+"attr_name</quote>. For example, to allow <quote>telephoneNumber</quote> but "
+"deny <quote>loginShell</quote>, you would use the following configuration: "
+"<placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:129
+msgid "Default: not set. Only the default set of POSIX attributes is allowed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:139
+msgid ""
+"Specifies an upper limit on the number of entries that are downloaded during "
+"a wildcard lookup that overrides caller-supplied limit."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:144
+msgid "Default: 0 (let the caller set an upper limit)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refentryinfo>
+#: sss_rpcidmapd.5.xml:8
+msgid ""
+"<productname>sss rpc.idmapd plugin</productname> <author> <firstname>Noam</"
+"firstname> <surname>Meltzer</surname> <affiliation> <orgname>Primary Data "
+"Inc.</orgname> </affiliation> <contrib>Developer (2013-2014)</contrib> </"
+"author> <author> <firstname>Noam</firstname> <surname>Meltzer</surname> "
+"<contrib>Developer (2014-)</contrib> <email>tsnoam@gmail.com</email> </"
+"author>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_rpcidmapd.5.xml:26 sss_rpcidmapd.5.xml:32
+msgid "sss_rpcidmapd"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_rpcidmapd.5.xml:33
+msgid "sss plugin configuration directives for rpc.idmapd"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sss_rpcidmapd.5.xml:37
+msgid "CONFIGURATION FILE"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_rpcidmapd.5.xml:39
+msgid ""
+"rpc.idmapd configuration file is usually found at <emphasis>/etc/idmapd."
+"conf</emphasis>. See <citerefentry> <refentrytitle>idmapd.conf</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more information."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sss_rpcidmapd.5.xml:49
+msgid "SSS CONFIGURATION EXTENSION"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sss_rpcidmapd.5.xml:51
+msgid "Enable SSS plugin"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_rpcidmapd.5.xml:53
+msgid ""
+"In section <quote>[Translation]</quote>, modify/set <quote>Method</quote> "
+"attribute to contain <emphasis>sss</emphasis>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sss_rpcidmapd.5.xml:59
+msgid "[sss] config section"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_rpcidmapd.5.xml:61
+msgid ""
+"In order to change the default of one of the configuration attributes of the "
+"<emphasis>sss</emphasis> plugin listed below you will need to create a "
+"config section for it, named <quote>[sss]</quote>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
+#: sss_rpcidmapd.5.xml:67
+msgid "Configuration attributes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sss_rpcidmapd.5.xml:69
+msgid "memcache (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sss_rpcidmapd.5.xml:72
+msgid "Indicates whether or not to use memcache optimisation technique."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sss_rpcidmapd.5.xml:85
+msgid "SSSD INTEGRATION"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_rpcidmapd.5.xml:87
+msgid ""
+"The sss plugin requires the <emphasis>NSS Responder</emphasis> to be enabled "
+"in sssd."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_rpcidmapd.5.xml:91
+msgid ""
+"The attribute <quote>use_fully_qualified_names</quote> must be enabled on "
+"all domains (NFSv4 clients expect a fully qualified name to be sent on the "
+"wire)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sss_rpcidmapd.5.xml:103
+#, no-wrap
+msgid ""
+"[General]\n"
+"Verbosity = 2\n"
+"# domain must be synced between NFSv4 server and clients\n"
+"# Solaris/Illumos/AIX use \"localdomain\" as default!\n"
+"Domain = default\n"
+"\n"
+"[Mapping]\n"
+"Nobody-User = nfsnobody\n"
+"Nobody-Group = nfsnobody\n"
+"\n"
+"[Translation]\n"
+"Method = sss\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_rpcidmapd.5.xml:100
+msgid ""
+"The following example shows a minimal idmapd.conf which makes use of the sss "
+"plugin.  <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <refsect1><title>
+#: sss_rpcidmapd.5.xml:120 sssd-kcm.8.xml:180 include/seealso.xml:2
+msgid "SEE ALSO"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_rpcidmapd.5.xml:122
+msgid ""
+"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>idmapd.conf</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15
+msgid "sss_ssh_authorizedkeys"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refmeta><manvolnum>
+#: sss_ssh_authorizedkeys.1.xml:11 sss_ssh_knownhostsproxy.1.xml:11
+msgid "1"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_ssh_authorizedkeys.1.xml:16
+msgid "get OpenSSH authorized keys"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_ssh_authorizedkeys.1.xml:21
+msgid ""
+"<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> "
+"<replaceable>options</replaceable> </arg> <arg "
+"choice='plain'><replaceable>USER</replaceable></arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_authorizedkeys.1.xml:32
+msgid ""
+"<command>sss_ssh_authorizedkeys</command> acquires SSH public keys for user "
+"<replaceable>USER</replaceable> and outputs them in OpenSSH authorized_keys "
+"format (see the <quote>AUTHORIZED_KEYS FILE FORMAT</quote> section of "
+"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
+"citerefentry> for more information)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_authorizedkeys.1.xml:41
+msgid ""
+"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
+"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</"
+"command> for public key user authentication if it is compiled with support "
+"for <quote>AuthorizedKeysCommand</quote> option. Please refer to the "
+"<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry> man page for more details about this option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sss_ssh_authorizedkeys.1.xml:59
+#, no-wrap
+msgid ""
+"  AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
+"  AuthorizedKeysCommandUser nobody\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_authorizedkeys.1.xml:52
+msgid ""
+"If <quote>AuthorizedKeysCommand</quote> is supported, "
+"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
+"citerefentry> can be configured to use it by putting the following "
+"directives in <citerefentry> <refentrytitle>sshd_config</refentrytitle> "
+"<manvolnum>5</manvolnum></citerefentry>: <placeholder type=\"programlisting"
+"\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sss_ssh_authorizedkeys.1.xml:65
+msgid "KEYS FROM CERTIFICATES"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:67
+msgid ""
+"In addition to the public SSH keys for user <replaceable>USER</replaceable> "
+"<command>sss_ssh_authorizedkeys</command> can return public SSH keys derived "
+"from the public key of a X.509 certificate as well."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:73
+msgid ""
+"To enable this the <quote>ssh_use_certificate_keys</quote> option must be "
+"set to true (default) in the [ssh] section of <filename>sssd.conf</"
+"filename>. If the user entry contains certificates (see "
+"<quote>ldap_user_certificate</quote> in <citerefentry><refentrytitle>sssd-"
+"ldap</refentrytitle> <manvolnum>5</manvolnum></citerefentry> for details) or "
+"there is a certificate in an override entry for the user (see "
+"<citerefentry><refentrytitle>sss_override</refentrytitle> <manvolnum>8</"
+"manvolnum></citerefentry> or <citerefentry><refentrytitle>sssd-ipa</"
+"refentrytitle> <manvolnum>5</manvolnum></citerefentry> for details) and the "
+"certificate is valid SSSD will extract the public key from the certificate "
+"and convert it into the format expected by sshd."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:90
+msgid "Besides <quote>ssh_use_certificate_keys</quote> the options"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+#: sss_ssh_authorizedkeys.1.xml:92
+msgid "ca_db"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+#: sss_ssh_authorizedkeys.1.xml:93
+msgid "p11_child_timeout"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+#: sss_ssh_authorizedkeys.1.xml:94
+msgid "certificate_verification"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:96
+msgid ""
+"can be used to control how the certificates are validated (see "
+"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry> for details)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:101
+msgid ""
+"The validation is the benefit of using X.509 certificates instead of SSH "
+"keys directly because e.g. it gives a better control of the lifetime of the "
+"keys. When the ssh client is configured to use the private keys from a "
+"Smartcard with the help of a PKCS#11 shared library (see "
+"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></"
+"citerefentry> for details) it might be irritating that authentication is "
+"still working even if the related X.509 certificate on the Smartcard is "
+"already expired because neither <command>ssh</command> nor <command>sshd</"
+"command> will look at the certificate at all."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:114
+msgid ""
+"It has to be noted that the derived public SSH key can still be added to the "
+"<filename>authorized_keys</filename> file of the user to bypass the "
+"certificate validation if the <command>sshd</command> configuration permits "
+"this."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_ssh_authorizedkeys.1.xml:132
+msgid ""
+"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sss_ssh_authorizedkeys.1.xml:141 sss_ssh_knownhostsproxy.1.xml:92
+msgid "EXIT STATUS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_authorizedkeys.1.xml:143 sss_ssh_knownhostsproxy.1.xml:94
+msgid ""
+"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_ssh_knownhostsproxy.1.xml:10 sss_ssh_knownhostsproxy.1.xml:15
+msgid "sss_ssh_knownhostsproxy"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_ssh_knownhostsproxy.1.xml:16
+msgid "get OpenSSH host keys"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_ssh_knownhostsproxy.1.xml:21
+msgid ""
+"<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> "
+"<replaceable>options</replaceable> </arg> <arg "
+"choice='plain'><replaceable>HOST</replaceable></arg> <arg "
+"choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_knownhostsproxy.1.xml:33
+msgid ""
+"<command>sss_ssh_knownhostsproxy</command> acquires SSH host public keys for "
+"host <replaceable>HOST</replaceable>, stores them in a custom OpenSSH "
+"known_hosts file (see the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section "
+"of <citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</"
+"manvolnum></citerefentry> for more information)  <filename>/var/lib/sss/"
+"pubconf/known_hosts</filename> and establishes the connection to the host."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_knownhostsproxy.1.xml:43
+msgid ""
+"If <replaceable>PROXY_COMMAND</replaceable> is specified, it is used to "
+"create the connection to the host instead of opening a socket."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sss_ssh_knownhostsproxy.1.xml:55
+#, no-wrap
+msgid ""
+"ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n"
+"GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_knownhostsproxy.1.xml:48
+msgid ""
+"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></"
+"citerefentry> can be configured to use <command>sss_ssh_knownhostsproxy</"
+"command> for host key authentication by using the following directives for "
+"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></"
+"citerefentry> configuration: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_ssh_knownhostsproxy.1.xml:66
+msgid ""
+"<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_ssh_knownhostsproxy.1.xml:71
+msgid ""
+"Use port <replaceable>PORT</replaceable> to connect to the host.  By "
+"default, port 22 is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_ssh_knownhostsproxy.1.xml:83
+msgid ""
+"Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: idmap_sss.8.xml:10 idmap_sss.8.xml:15
+msgid "idmap_sss"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: idmap_sss.8.xml:16
+msgid "SSSD's idmap_sss Backend for Winbind"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: idmap_sss.8.xml:22
+msgid ""
+"The idmap_sss module provides a way to call SSSD to map UIDs/GIDs and SIDs. "
+"No database is required in this case as the mapping is done by SSSD."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: idmap_sss.8.xml:29
+msgid "IDMAP OPTIONS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: idmap_sss.8.xml:33
+msgid "range = low - high"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: idmap_sss.8.xml:35
+msgid ""
+"Defines the available matching UID and GID range for which the backend is "
+"authoritative."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: idmap_sss.8.xml:45
+msgid ""
+"This example shows how to configure idmap_sss as the default mapping module."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><programlisting>
+#: idmap_sss.8.xml:50
+#, no-wrap
+msgid ""
+"[global]\n"
+"security = domain\n"
+"workgroup = MAIN\n"
+"\n"
+"idmap config * : backend        = sss\n"
+"idmap config * : range          = 200000-2147483647\n"
+"        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssctl.8.xml:10 sssctl.8.xml:15
+msgid "sssctl"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssctl.8.xml:16
+msgid "SSSD control and status utility"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sssctl.8.xml:21
+msgid ""
+"<command>sssctl</command> <arg choice='plain'><replaceable>COMMAND</"
+"replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </"
+"arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssctl.8.xml:32
+msgid ""
+"<command>sssctl</command> provides a simple and unified way to obtain "
+"information about SSSD status, such as active server, auto-discovered "
+"servers, domains and cached objects. In addition, it can manage SSSD data "
+"files for troubleshooting in such a way that is safe to manipulate while "
+"SSSD is running."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssctl.8.xml:43
+msgid ""
+"To list all available commands run <command>sssctl</command> without any "
+"parameters. To print help for selected command run <command>sssctl COMMAND --"
+"help</command>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-files.5.xml:10 sssd-files.5.xml:16
+msgid "sssd-files"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-files.5.xml:17
+msgid "SSSD files provider"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-files.5.xml:23
+msgid ""
+"This manual page describes the files provider for <citerefentry> "
+"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry>.  For a detailed syntax reference, refer to the <quote>FILE "
+"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-files.5.xml:36
+msgid ""
+"The files provider mirrors the content of the <citerefentry> "
+"<refentrytitle>passwd</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> and <citerefentry> <refentrytitle>group</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> files. The purpose of the files "
+"provider is to make the users and groups traditionally only accessible with "
+"NSS interfaces also available through the SSSD interfaces such as "
+"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-files.5.xml:69
+msgid "passwd_files (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:72
+msgid ""
+"Comma-separated list of one or multiple password filenames to be read and "
+"enumerated by the files provider, inotify monitor watches will be set on "
+"each file to detect changes dynamically."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:78
+#, fuzzy
+#| msgid "Default: false"
+msgid "Default: /etc/passwd"
+msgstr "Standard: false"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-files.5.xml:84
+msgid "group_files (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:87
+msgid ""
+"Comma-separated list of one or multiple group filenames to be read and "
+"enumerated by the files provider, inotify monitor watches will be set on "
+"each file to detect changes dynamically."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:93
+#, fuzzy
+#| msgid "Default: true"
+msgid "Default: /etc/group"
+msgstr "Standard: true"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-files.5.xml:59
+msgid ""
+"In addition to the options listed below, generic SSSD domain options can be "
+"set where applicable.  Refer to the section <quote>DOMAIN SECTIONS</quote> "
+"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> manual page for details on the configuration of "
+"an SSSD domain.  <placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-files.5.xml:105
+msgid ""
+"The following example assumes that SSSD is correctly configured and files is "
+"one of the domains in the <replaceable>[sssd]</replaceable> section."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-files.5.xml:111
+#, no-wrap
+msgid ""
+"[domain/files]\n"
+"id_provider = files\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-secrets.5.xml:10 sssd-secrets.5.xml:16
+msgid "sssd-secrets"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-secrets.5.xml:17
+msgid "SSSD Secrets responder"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:23
+msgid ""
+"This manual page describes the configuration of the Secrets responder for "
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry>.  For a detailed syntax reference, refer to the <quote>FILE "
+"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:36
+msgid ""
+"Many system and user applications need to store private information such as "
+"passwords or service keys and have no good way to properly deal with them. "
+"The simple approach is to embed these <quote>secrets</quote> into "
+"configuration files potentially ending up exposing sensitive key material to "
+"backups, config management system and in general making it harder to secure "
+"data."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:45
+msgid ""
+"The <ulink url=\"https://github.com/latchset/custodia\">custodia</ulink> "
+"project was born to deal with this problem in cloud like environments, but "
+"we found the idea compelling even at a single system level. As a security "
+"service, SSSD is ideal to host this capability while offering the same API "
+"via a UNIX Socket. This will make it possible to use local calls and have "
+"them transparently routed to a local or a remote key management store like "
+"IPA Vault for storage, escrow and recovery."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:55
+msgid ""
+"The secrets are simple key-value pairs. Each user's secrets are namespaced "
+"using their user ID, which means the secrets will never collide between "
+"users. Secrets can be stored inside <quote>containers</quote> which can be "
+"nested."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:69
+msgid "secrets"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:70
+msgid "secrets for general usage"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:73
+msgid "kcm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:75
+msgid ""
+"used by the <citerefentry> <refentrytitle>sssd-kcm</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry> service."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:61
+msgid ""
+"Since the secrets responder can be used both externally to store general "
+"secrets, as described in the rest of this man page, but also internally by "
+"other SSSD components to store their secret material, some configuration "
+"options, like quotas can be configured per <quote>hive</quote> in a "
+"configuration subsection named after the hive. The currently supported hives "
+"are: <placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-secrets.5.xml:89
+msgid "USING THE SECRETS RESPONDER"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:91
+msgid ""
+"The UNIX socket the SSSD responder listens on is located at <filename>/var/"
+"run/secrets.socket</filename>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-secrets.5.xml:110
+#, no-wrap
+msgid ""
+"systemctl start sssd-secrets.socket\n"
+"systemctl enable sssd-secrets.socket\n"
+"systemctl enable sssd-secrets.service\n"
+"            "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:95
+msgid ""
+"The secrets responder is socket-activated by <citerefentry> "
+"<refentrytitle>systemd</refentrytitle> <manvolnum>1</manvolnum> </"
+"citerefentry>.  Unlike other SSSD responders, it cannot be started by adding "
+"the <quote>secrets</quote> string to the <quote>service</quote> directive.  "
+"The systemd socket unit is called <quote>sssd-secrets.socket</quote> and the "
+"corresponding service file is called <quote>sssd-secrets.service</quote>. In "
+"order for the service to be socket-activated, make sure the socket is "
+"enabled and active and the service is enabled: <placeholder type="
+"\"programlisting\" id=\"0\"/> Please note your distribution may already "
+"configure the units for you."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:122
+msgid ""
+"The generic SSSD responder options such as <quote>debug_level</quote> or "
+"<quote>fd_limit</quote> are accepted by the secrets responder.  Please refer "
+"to the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> manual page for a complete list. In addition, "
+"there are some secrets-specific options as well."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:132
+msgid ""
+"The secrets responder is configured with a global <quote>[secrets]</quote> "
+"section and an optional per-user <quote>[secrets/users/$uid]</quote> section "
+"in <filename>sssd.conf</filename>. Please note that some options, notably as "
+"the provider type, can only be specified in the per-user subsections."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:141
+msgid "provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:157
+msgid "local"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:160
+msgid ""
+"The secrets are stored in a local database, encrypted at rest with a master "
+"key. The local provider does not have any additional config options at the "
+"moment."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:168
+msgid "proxy"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:171
+msgid ""
+"The secrets responder forwards the requests to a Custodia server. The proxy "
+"provider supports several additional options (see below)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:144
+msgid ""
+"This option specifies where should the secrets be stored. The secrets "
+"responder can configure a per-user subsections (e.g. <quote>[secrets/"
+"users/123]</quote> - see bottom of this manual page for a full example using "
+"Custodia for a particular user) that define which provider store the secrets "
+"for this particular user. The per-user subsections should contain all "
+"options for that user's provider. Please note that currently the global "
+"provider is always local, the proxy provider can only be specified in a per-"
+"user section. The following providers are supported: <placeholder type="
+"\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:180
+msgid "Default: local"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:186
+msgid ""
+"The following options affect only the secrets <quote>hive</quote> and "
+"therefore should be set in a per-hive subsection. Setting the option to 0 "
+"means \"unlimited\"."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:192
+msgid "containers_nest_level (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:195
+msgid "This option specifies the maximum allowed number of nested containers."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:199
+msgid "Default: 4"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:204
+msgid "max_secrets (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:207
+msgid ""
+"This option specifies the maximum number of secrets that can be stored in "
+"the hive."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:211
+msgid "Default: 1024 (secrets hive), 256 (kcm hive)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:216
+msgid "max_uid_secrets (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:219
+msgid ""
+"This option specifies the maximum number of secrets that can be stored per-"
+"UID in the hive."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:223
+msgid "Default: 256 (secrets hive), 64 (kcm hive)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:228
+msgid "max_payload_size (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:231
+msgid ""
+"This option specifies the maximum payload size allowed for a secret payload "
+"in kilobytes."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:235
+msgid "Default: 16 (secrets hive), 65536 (64 MiB) (kcm hive)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-secrets.5.xml:244
+#, no-wrap
+msgid ""
+"[secrets/secrets]\n"
+"max_payload_size = 128\n"
+"\n"
+"[secrets/kcm]\n"
+"max_payload_size = 256\n"
+"            "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:241
+msgid ""
+"For example, to adjust quotas differently for both the <quote>secrets</"
+"quote> and the <quote>kcm</quote> hives, configure the following: "
+"<placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:252
+msgid ""
+"The following options are only applicable for configurations that use the "
+"<quote>proxy</quote> provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:257
+msgid "proxy_url (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:260
+msgid ""
+"The URL the Custodia server is listening on. At the moment, http and https "
+"protocols are supported."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:267
+msgid "http[s]://&lt;host&gt;[:port]"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:270
+msgid "Example: http://localhost:8080"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:275
+msgid "auth_type (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:278
+msgid ""
+"The method to use when authenticating to a Custodia server. The following "
+"authentication methods are supported:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:283
+msgid "basic_auth"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:286
+msgid ""
+"Authenticate with a username and a password as set in the <quote>username</"
+"quote> and <quote>password</quote> options."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:293
+msgid "header"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:296
+msgid ""
+"Authenticate with HTTP header value as defined in the "
+"<quote>auth_header_name</quote> and <quote>auth_header_value</quote> "
+"configuration options."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:307
+msgid "auth_header_name (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:310
+msgid ""
+"If set, the secrets responder would put a header with this name into the "
+"HTTP request with the value defined in the <quote>auth_header_value</quote> "
+"configuration option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:315
+msgid "Example: MYSECRETNAME"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:320
+msgid "auth_header_value (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:323
+msgid ""
+"The value sssd-secrets would use for the <quote>auth_header_name</quote>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:327
+msgid "Example: mysecret"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:332
+msgid "forward_headers (list of strings)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:335
+msgid ""
+"The list of HTTP headers to forward to the Custodia server together with the "
+"request."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:344
+msgid "verify_peer (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:347
+msgid ""
+"Whether peer's certificate should be verified and valid if HTTPS protocol is "
+"used with the proxy provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:356
+msgid "verify_host (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:359
+msgid ""
+"Whether peer's hostname must match with hostname in its certificate if HTTPS "
+"protocol is used with the proxy provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:369
+msgid "capath (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:372
+msgid ""
+"Path to directory containing stored certificate authority certificates. "
+"System default path is used if this option is not set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:382
+msgid "cacert (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:385
+msgid ""
+"Path to file containing server's certificate authority certificate. If this "
+"option is not set then the CA's certificate is looked up in <quote>capath</"
+"quote>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:395
+msgid "cert (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:398
+msgid ""
+"Path to file containing client's certificate if required by the server. This "
+"file may also contain private key or the private key may be in separate file "
+"set with <quote>key</quote>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:409
+msgid "key (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:412
+msgid "Path to file containing client's private key."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-secrets.5.xml:422
+msgid "USING THE REST API"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:424
+msgid ""
+"This section lists the available commands and includes examples using the "
+"<citerefentry> <refentrytitle>curl</refentrytitle> <manvolnum>1</manvolnum> "
+"</citerefentry> utility.  All requests towards the proxy provider must set "
+"the Content Type header to <quote>application/json</quote>. In addition, the "
+"local provider also supports Content Type set to <quote>application/octet-"
+"stream</quote>.  Secrets stored with requests that set the Content Type "
+"header to <quote>application/octet-stream</quote> are base64-encoded when "
+"stored and decoded when retrieved, so it's not possible to store a secret "
+"with one Content Type and retrieve with another.  The secret URI must begin "
+"with <filename>/secrets/</filename>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:441
+msgid "Listing secrets"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:444
+msgid ""
+"To list the available secrets, send a HTTP GET request with a trailing slash "
+"appended to the container path."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd-secrets.5.xml:450
+#, no-wrap
+msgid ""
+"curl -H \"Content-Type: application/json\" \\\n"
+"     --unix-socket /var/run/secrets.socket \\\n"
+"     -XGET http://localhost/secrets/\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:458
+msgid "Retrieving a secret"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:461
+msgid ""
+"To read a value of a single secret, send a HTTP GET request without a "
+"trailing slash. The last portion of the URI is the name of the secret."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd-secrets.5.xml:468
+#, no-wrap
+msgid ""
+"curl -H \"Content-Type: application/json\" \\\n"
+"     --unix-socket /var/run/secrets.socket \\\n"
+"     -XGET http://localhost/secrets/foo\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd-secrets.5.xml:473
+#, no-wrap
+msgid ""
+"curl -H \"Content-Type: application/octet-stream\" \\\n"
+"     --unix-socket /var/run/secrets.socket \\\n"
+"     -XGET http://localhost/secrets/bar\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:466
+msgid ""
+"Examples: <placeholder type=\"programlisting\" id=\"0\"/> <placeholder type="
+"\"programlisting\" id=\"1\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:481
+msgid "Setting a secret"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:484
+msgid ""
+"To set a secret using the <quote>application/json</quote> type, send a HTTP "
+"PUT request with a JSON payload that includes type and value. The type "
+"should be set to \"simple\" and the value should be set to the secret value. "
+"If a secret with that name already exists, the response is a 409 HTTP error."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:492
+msgid ""
+"The <quote>application/json</quote> type just sends the secret as the "
+"message payload."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd-secrets.5.xml:501
+#, no-wrap
+msgid ""
+"curl -H \"Content-Type: application/json\" \\\n"
+"     --unix-socket /var/run/secrets.socket \\\n"
+"     -XPUT http://localhost/secrets/foo \\\n"
+"     -d'{\"type\":\"simple\",\"value\":\"foosecret\"}'\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd-secrets.5.xml:507
+#, no-wrap
+msgid ""
+"curl -H \"Content-Type: application/octet-stream\" \\\n"
+"     --unix-socket /var/run/secrets.socket \\\n"
+"     -XPUT http://localhost/secrets/bar \\\n"
+"     -d'barsecret'\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:496
+msgid ""
+"The following example sets a secret named 'foo' to a value of 'foosecret' "
+"and a secret named 'bar' to a value of 'barsecret' using a different Content "
+"Type.  <placeholder type=\"programlisting\" id=\"0\"/> <placeholder type="
+"\"programlisting\" id=\"1\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:516
+msgid "Creating a container"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:519
+msgid ""
+"Containers provide an additional namespace for this user's secrets. To "
+"create a container, send a HTTP POST request, whose URI ends with the "
+"container name. Please note the URI must end with a trailing slash."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd-secrets.5.xml:529
+#, no-wrap
+msgid ""
+"curl -H \"Content-Type: application/json\" \\\n"
+"     --unix-socket /var/run/secrets.socket \\\n"
+"     -XPOST http://localhost/secrets/mycontainer/\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:526
+msgid ""
+"The following example creates a container named 'mycontainer': <placeholder "
+"type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd-secrets.5.xml:538
+#, no-wrap
+msgid ""
+"http://localhost/secrets/mycontainer/mysecret\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:535
+msgid ""
+"To manipulate secrets under this container, just nest the secrets underneath "
+"the container path: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:544
+msgid "Deleting a secret or a container"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:547
+msgid ""
+"To delete a secret or a container, send a HTTP DELETE request with a path to "
+"the secret or the container."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd-secrets.5.xml:553
+#, no-wrap
+msgid ""
+"curl -H \"Content-Type: application/json\" \\\n"
+"     --unix-socket /var/run/secrets.socket \\\n"
+"     -XDELETE http://localhost/secrets/foo\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:551
+msgid ""
+"The following example deletes a secret named 'foo'.  <placeholder type="
+"\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-secrets.5.xml:563
+msgid "EXAMPLE CUSTODIA AND PROXY PROVIDER CONFIGURATION"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:565
+msgid ""
+"For testing the proxy provider, you need to set up a Custodia server to "
+"proxy requests to. Please always consult the Custodia documentation, the "
+"configuration directives might change with different Custodia versions."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-secrets.5.xml:576
+#, no-wrap
+msgid ""
+"[global]\n"
+"server_version = \"Secret/0.0.7\"\n"
+"server_url = http://localhost:8080/\n"
+"auditlog = /var/log/custodia.log\n"
+"debug = True\n"
+"\n"
+"[store:simple]\n"
+"handler = custodia.store.sqlite.SqliteStore\n"
+"dburi = /var/lib/custodia.db\n"
+"table = secrets\n"
+"\n"
+"[auth:header]\n"
+"handler = custodia.httpd.authenticators.SimpleHeaderAuth\n"
+"header = MYSECRETNAME\n"
+"value = mysecretkey\n"
+"\n"
+"[authz:paths]\n"
+"handler = custodia.httpd.authorizers.SimplePathAuthz\n"
+"paths = /secrets\n"
+"\n"
+"[/]\n"
+"handler = custodia.root.Root\n"
+"store = simple\n"
+"            "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:570
+msgid ""
+"This configuration will set up a Custodia server listening on http://"
+"localhost:8080, allowing anyone with header named MYSECRETNAME set to "
+"mysecretkey to communicate with the Custodia server.  Place the contents "
+"into a file (for example, <replaceable>custodia.conf</replaceable>): "
+"<placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:602
+msgid ""
+"Then run the <replaceable>custodia</replaceable> command, pointing it at the "
+"config file as a command line argument."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:606
+msgid ""
+"Please note that currently it's not possible to proxy all requests globally "
+"to a Custodia instance. Instead, per-user subsections for user IDs that "
+"should proxy requests to Custodia must be defined. The following example "
+"illustrates a configuration, where the user with UID 123 would proxy their "
+"requests to Custodia, but all other user's requests would be handled by a "
+"local provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><programlisting>
+#: sssd-secrets.5.xml:614
+#, no-wrap
+msgid ""
+"[secrets]\n"
+"\n"
+"[secrets/users/123]\n"
+"provider = proxy\n"
+"proxy_url = http://localhost:8080/secrets/\n"
+"auth_type = header\n"
+"auth_header_name = MYSECRETNAME\n"
+"auth_header_value = mysecretkey\n"
+"        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-session-recording.5.xml:10 sssd-session-recording.5.xml:16
+msgid "sssd-session-recording"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-session-recording.5.xml:17
+msgid "Configuring session recording with SSSD"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:23
+msgid ""
+"This manual page describes how to configure <citerefentry> "
+"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> "
+"to work with <citerefentry> <refentrytitle>tlog-rec-session</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry>, a part of tlog package, to "
+"implement user session recording on text terminals.  For a detailed "
+"configuration syntax reference, refer to the <quote>FILE FORMAT</quote> "
+"section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> manual page."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:41
+msgid ""
+"SSSD can be set up to enable recording of everything specific users see or "
+"type during their sessions on text terminals. E.g.  when users log in on the "
+"console, or via SSH. SSSD itself doesn't record anything, but makes sure "
+"tlog-rec-session is started upon user login, so it can record according to "
+"its configuration."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:48
+msgid ""
+"For users with session recording enabled, SSSD replaces the user shell with "
+"tlog-rec-session in NSS responses, and adds a variable specifying the "
+"original shell to the user environment, upon PAM session setup. This way "
+"tlog-rec-session can be started in place of the user shell, and know which "
+"actual shell to start, once it set up the recording."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:60
+msgid "These options can be used to configure the session recording."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:146
+msgid ""
+"The following snippet of sssd.conf enables session recording for users "
+"\"contractor1\" and \"contractor2\", and group \"students\"."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-session-recording.5.xml:151
+#, no-wrap
+msgid ""
+"[session_recording]\n"
+"scope = some\n"
+"users = contractor1, contractor2\n"
+"groups = students\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-kcm.8.xml:10 sssd-kcm.8.xml:16
+msgid "sssd-kcm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-kcm.8.xml:17
+msgid "SSSD Kerberos Cache Manager"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-kcm.8.xml:23
+msgid ""
+"This manual page describes the configuration of the SSSD Kerberos Cache "
+"Manager (KCM). KCM is a process that stores, tracks and manages Kerberos "
+"credential caches. It originates in the Heimdal Kerberos project, although "
+"the MIT Kerberos library also provides client side (more details on that "
+"below) support for the KCM credential cache."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-kcm.8.xml:31
+msgid ""
+"In a setup where Kerberos caches are managed by KCM, the Kerberos library "
+"(typically used through an application, like e.g., <citerefentry> "
+"<refentrytitle>kinit</refentrytitle><manvolnum>1</manvolnum> </"
+"citerefentry>, is a <quote>\"KCM client\"</quote> and the KCM daemon is "
+"being referred to as a <quote>\"KCM server\"</quote>. The client and server "
+"communicate over a UNIX socket."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-kcm.8.xml:42
+msgid ""
+"The KCM server keeps track of each credential caches's owner and performs "
+"access check control based on the UID and GID of the KCM client. The root "
+"user has access to all credential caches."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-kcm.8.xml:47
+msgid "The KCM credential cache has several interesting properties:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd-kcm.8.xml:51
+msgid ""
+"since the process runs in userspace, it is subject to UID namespacing, "
+"unlike the kernel keyring"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd-kcm.8.xml:56
+msgid ""
+"unlike the kernel keyring-based cache, which is shared between all "
+"containers, the KCM server is a separate process whose entry point is a UNIX "
+"socket"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd-kcm.8.xml:61
+msgid ""
+"the SSSD implementation stores the ccaches in the SSSD <citerefentry> "
+"<refentrytitle>sssd-secrets</refentrytitle><manvolnum>5</manvolnum> </"
+"citerefentry> secrets store, allowing the ccaches to survive KCM server "
+"restarts or machine reboots."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-kcm.8.xml:69
+msgid ""
+"This allows the system to use a collection-aware credential cache, yet share "
+"the credential cache between some or no containers by bind-mounting the "
+"socket."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-kcm.8.xml:76
+msgid "USING THE KCM CREDENTIAL CACHE"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-kcm.8.xml:86
+#, no-wrap
+msgid ""
+"[libdefaults]\n"
+"    default_ccache_name = KCM:\n"
+"            "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-kcm.8.xml:78
+msgid ""
+"In order to use KCM credential cache, it must be selected as the default "
+"credential type in <citerefentry> <refentrytitle>krb5.conf</"
+"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, The credentials "
+"cache name must be only <quote>KCM:</quote> without any template "
+"expansions.  For example: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-kcm.8.xml:91
+msgid ""
+"Next, make sure the Kerberos client libraries and the KCM server must agree "
+"on the UNIX socket path. By default, both use the same path <replaceable>/"
+"var/run/.heim_org.h5l.kcm-socket</replaceable>. To configure the Kerberos "
+"library, change its <quote>kcm_socket</quote> option which is described in "
+"the <citerefentry> <refentrytitle>krb5.conf</refentrytitle><manvolnum>5</"
+"manvolnum> </citerefentry> manual page."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-kcm.8.xml:113
+#, no-wrap
+msgid ""
+"systemctl start sssd-kcm.socket\n"
+"systemctl enable sssd-kcm.socket\n"
+"            "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-kcm.8.xml:102
+msgid ""
+"Finally, make sure the SSSD KCM server can be contacted.  The KCM service is "
+"typically socket-activated by <citerefentry> <refentrytitle>systemd</"
+"refentrytitle> <manvolnum>1</manvolnum> </citerefentry>.  Unlike other SSSD "
+"services, it cannot be started by adding the <quote>kcm</quote> string to "
+"the <quote>service</quote> directive.  <placeholder type=\"programlisting\" "
+"id=\"0\"/> Please note your distribution may already configure the units for "
+"you."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-kcm.8.xml:122
+msgid "THE CREDENTIAL CACHE STORAGE"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-kcm.8.xml:131
+#, no-wrap
+msgid ""
+"systemctl start sssd-secrets.socket\n"
+"systemctl enable sssd-secrets.socket\n"
+"            "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-kcm.8.xml:124
+msgid ""
+"The credential caches are stored in the SSSD secrets service (see "
+"<citerefentry> <refentrytitle>sssd-secrets</refentrytitle><manvolnum>5</"
+"manvolnum> </citerefentry> for more details). Therefore it is important that "
+"also the sssd-secrets service is enabled and its socket is started: "
+"<placeholder type=\"programlisting\" id=\"0\"/> Your distribution should "
+"already set the dependencies between the services."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-kcm.8.xml:141
+msgid ""
+"The KCM service is configured in the <quote>kcm</quote> section of the sssd."
+"conf file. Please note that currently, is it not sufficient to restart the "
+"sssd-kcm service, because the sssd configuration is only parsed and read to "
+"an internal configuration database by the sssd service. Therefore you must "
+"restart the sssd service if you change anything in the <quote>kcm</quote> "
+"section of sssd.conf.  For a detailed syntax reference, refer to the "
+"<quote>FILE FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd."
+"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-kcm.8.xml:155
+msgid ""
+"The generic SSSD service options such as <quote>debug_level</quote> or "
+"<quote>fd_limit</quote> are accepted by the kcm service.  Please refer to "
+"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> manual page for a complete list. In addition, "
+"there are some KCM-specific options as well."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-kcm.8.xml:166
+msgid "socket_path (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-kcm.8.xml:169
+msgid "The socket the KCM service will listen on."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-kcm.8.xml:172
+msgid "Default: <replaceable>/var/run/.heim_org.h5l.kcm-socket</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-kcm.8.xml:182
+msgid ""
+"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
+"refentrytitle><manvolnum>5</manvolnum> </citerefentry>,"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-systemtap.5.xml:10 sssd-systemtap.5.xml:16
+msgid "sssd-systemtap"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-systemtap.5.xml:17
+msgid "SSSD systemtap information"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-systemtap.5.xml:23
+msgid ""
+"This manual page provides information about the systemtap functionality in "
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-systemtap.5.xml:32
+msgid ""
+"SystemTap Probe points have been added into various locations in SSSD code "
+"to assist in troubleshooting and analyzing performance related issues."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd-systemtap.5.xml:40
+msgid "Sample SystemTap scripts are provided in /usr/share/sssd/systemtap/"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd-systemtap.5.xml:46
+msgid ""
+"Probes and miscellaneous functions are defined in /usr/share/systemtap/"
+"tapset/sssd.stp and /usr/share/systemtap/tapset/sssd_functions.stp "
+"respectively."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-systemtap.5.xml:57
+msgid "PROBE POINTS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd-systemtap.5.xml:59 sssd-systemtap.5.xml:341
+msgid ""
+"The information below lists the probe points and arguments available in the "
+"following format:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:64
+msgid "probe $name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:67
+msgid "Description of probe point"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:70
+#, no-wrap
+msgid ""
+"variable1:datatype\n"
+"variable2:datatype\n"
+"variable3:datatype\n"
+"...\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:80
+msgid "Database Transaction Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:84
+msgid "probe sssd_transaction_start"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:87
+msgid ""
+"Start of a sysdb transaction, probes the sysdb_transaction_start() function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:91 sssd-systemtap.5.xml:105 sssd-systemtap.5.xml:118
+#: sssd-systemtap.5.xml:131
+#, no-wrap
+msgid ""
+"nesting:integer\n"
+"probestr:string\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:97
+msgid "probe sssd_transaction_cancel"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:100
+msgid ""
+"Cancellation of a sysdb transaction, probes the sysdb_transaction_cancel()  "
+"function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:111
+msgid "probe sssd_transaction_commit_before"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:114
+msgid "Probes the sysdb_transaction_commit_before()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:124
+msgid "probe sssd_transaction_commit_after"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:127
+msgid "Probes the sysdb_transaction_commit_after()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:141
+msgid "LDAP Search Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:145
+msgid "probe sdap_search_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:148
+msgid "Probes the sdap_get_generic_ext_send()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:152 sssd-systemtap.5.xml:167 sssd-systemtap.5.xml:196
+#, no-wrap
+msgid ""
+"base:string\n"
+"scope:integer\n"
+"filter:string\n"
+"probestr:string\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:160
+msgid "probe sdap_search_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:163
+msgid "Probes the sdap_get_generic_ext_recv()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:175
+msgid "probe sdap_deref_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:178
+msgid "Probes the sdap_deref_search_send()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:182
+#, no-wrap
+msgid ""
+"base_dn:string\n"
+"deref_attr:string\n"
+"probestr:string\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:189
+msgid "probe sdap_deref_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:192
+msgid "Probes the sdap_deref_search_recv()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:208
+msgid "LDAP Account Request Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:212
+msgid "probe sdap_acct_req_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:215
+msgid "Probes the sdap_acct_req_send()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:219 sssd-systemtap.5.xml:234
+#, no-wrap
+msgid ""
+"entry_type:int\n"
+"filter_type:int\n"
+"filter_value:string\n"
+"extra_value:string\n"
+"                       "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:227
+msgid "probe sdap_acct_req_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:230
+msgid "Probes the sdap_acct_req_recv()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:246
+msgid "LDAP User Search Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:250
+msgid "probe sdap_search_user_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:253
+msgid "Probes the sdap_search_user_send()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:257 sssd-systemtap.5.xml:269 sssd-systemtap.5.xml:281
+#: sssd-systemtap.5.xml:293
+#, no-wrap
+msgid ""
+"filter:string\n"
+"                       "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:262
+msgid "probe sdap_search_user_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:265
+msgid "Probes the sdap_search_user_recv()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:274
+msgid "probe sdap_search_user_save_begin"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:277
+msgid "Probes the sdap_search_user_save_begin()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:286
+msgid "probe sdap_search_user_save_end"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:289
+msgid "Probes the sdap_search_user_save_end()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:302
+msgid "Data Provider Request Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:306
+msgid "probe dp_req_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:309
+msgid "A Data Provider request is submitted."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:312
+#, no-wrap
+msgid ""
+"dp_req_domain:string\n"
+"dp_req_name:string\n"
+"dp_req_target:int\n"
+"dp_req_method:int\n"
+"                       "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:320
+msgid "probe dp_req_done"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:323
+msgid "A Data Provider request is completed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:326
+#, no-wrap
+msgid ""
+"dp_req_name:string\n"
+"dp_req_target:int\n"
+"dp_req_method:int\n"
+"dp_ret:int\n"
+"dp_errorstr:string\n"
+"                       "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:339
+msgid "MISCELLANEOUS FUNCTIONS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:346
+msgid "function acct_req_desc(entry_type)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:349
+msgid "Convert entry_type to string and return string"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:354
+msgid ""
+"function sssd_acct_req_probestr(fc_name, entry_type, filter_type, "
+"filter_value, extra_value)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:358
+msgid "Create probe string based on filter type"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:363
+msgid "function dp_target_str(target)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:366
+msgid "Convert target to string and return string"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:371
+msgid "function dp_method_str(target)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:374
+msgid "Convert method to string and return string"
+msgstr ""
+
+#. type: Content of: <refsect1><title>
+#: include/service_discovery.xml:2
+msgid "SERVICE DISCOVERY"
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/service_discovery.xml:4
+msgid ""
+"The service discovery feature allows back ends to automatically find the "
+"appropriate servers to connect to using a special DNS query. This feature is "
+"not supported for backup servers."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:99
+msgid "Configuration"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/service_discovery.xml:11
+msgid ""
+"If no servers are specified, the back end automatically uses service "
+"discovery to try to find a server. Optionally, the user may choose to use "
+"both fixed server addresses and service discovery by inserting a special "
+"keyword, <quote>_srv_</quote>, in the list of servers. The order of "
+"preference is maintained. This feature is useful if, for example, the user "
+"prefers to use service discovery whenever possible, and fall back to a "
+"specific server when no servers can be discovered using DNS."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/service_discovery.xml:23
+msgid "The domain name"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/service_discovery.xml:25
+msgid ""
+"Please refer to the <quote>dns_discovery_domain</quote> parameter in the "
+"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> manual page for more details."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/service_discovery.xml:35
+msgid "The protocol"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/service_discovery.xml:37
+msgid ""
+"The queries usually specify _tcp as the protocol. Exceptions are documented "
+"in respective option description."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/service_discovery.xml:42
+msgid "See Also"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/service_discovery.xml:44
+msgid ""
+"For more information on the service discovery mechanism, refer to RFC 2782."
+msgstr ""
+
+#. type: Content of: <refentryinfo>
+#: include/upstream.xml:2
+msgid ""
+"<productname>SSSD</productname> <orgname>The SSSD upstream - https://pagure."
+"io/SSSD/sssd/</orgname>"
+msgstr ""
+
+#. type: Content of: outside any tag (error?)
+#: include/upstream.xml:1
+msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <refsect1><title>
+#: include/failover.xml:2
+msgid "FAILOVER"
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/failover.xml:4
+msgid ""
+"The failover feature allows back ends to automatically switch to a different "
+"server if the current server fails."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/failover.xml:8
+msgid "Failover Syntax"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:10
+msgid ""
+"The list of servers is given as a comma-separated list; any number of spaces "
+"is allowed around the comma. The servers are listed in order of preference. "
+"The list can contain any number of servers."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:16
+msgid ""
+"For each failover-enabled config option, two variants exist: "
+"<emphasis>primary</emphasis> and <emphasis>backup</emphasis>.  The idea is "
+"that servers in the primary list are preferred and backup servers are only "
+"searched if no primary servers can be reached. If a backup server is "
+"selected, a timeout of 31 seconds is set. After this timeout SSSD will "
+"periodically try to reconnect to one of the primary servers. If it succeeds, "
+"it will replace the current active (backup) server."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/failover.xml:27
+msgid "The Failover Mechanism"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:29
+msgid ""
+"The failover mechanism distinguishes between a machine and a service. The "
+"back end first tries to resolve the hostname of a given machine; if this "
+"resolution attempt fails, the machine is considered offline. No further "
+"attempts are made to connect to this machine for any other service. If the "
+"resolution attempt succeeds, the back end tries to connect to a service on "
+"this machine. If the service connection attempt fails, then only this "
+"particular service is considered offline and the back end automatically "
+"switches over to the next service.  The machine is still considered online "
+"and might still be tried for another service."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:42
+msgid ""
+"Further connection attempts are made to machines or services marked as "
+"offline after a specified period of time; this is currently hard coded to 30 "
+"seconds."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:47
+msgid ""
+"If there are no more machines to try, the back end as a whole switches to "
+"offline mode, and then attempts to reconnect every 30 seconds."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/failover.xml:53
+msgid "Failover time outs and tuning"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:55
+msgid ""
+"Resolving a server to connect to can be as simple as running a single DNS "
+"query or can involve several steps, such as finding the correct site or "
+"trying out multiple host names in case some of the configured servers are "
+"not reachable. The more complex scenarios can take some time and SSSD needs "
+"to balance between providing enough time to finish the resolution process "
+"but on the other hand, not trying for too long before falling back to "
+"offline mode. If the SSSD debug logs show that the server resolution is "
+"timing out before a live server is contacted, you can consider changing the "
+"time outs."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
+#: include/failover.xml:76
+msgid "dns_resolver_op_timeout"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: include/failover.xml:80
+msgid "How long would SSSD talk to a single DNS server."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
+#: include/failover.xml:86
+msgid "dns_resolver_timeout"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: include/failover.xml:90
+msgid ""
+"How long would SSSD try to resolve a failover service. This service "
+"resolution internally might include several steps, such as resolving DNS SRV "
+"queries or locating the site."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:67
+msgid ""
+"This section lists the available tunables. Please refer to their description "
+"in the <citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
+"manvolnum> </citerefentry>, manual page.  <placeholder type=\"variablelist\" "
+"id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:100
+msgid ""
+"For LDAP-based providers, the resolve operation is performed as part of an "
+"LDAP connection operation. Therefore, also the <quote>ldap_opt_timeout></"
+"quote> timeout should be set to a larger value than "
+"<quote>dns_resolver_timeout</quote> which in turn should be set to a larger "
+"value than <quote>dns_resolver_op_timeout</quote>."
+msgstr ""
+
+#. type: Content of: <refsect1><title>
+#: include/ldap_id_mapping.xml:2
+msgid "ID MAPPING"
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:4
+msgid ""
+"The ID-mapping feature allows SSSD to act as a client of Active Directory "
+"without requiring administrators to extend user attributes to support POSIX "
+"attributes for user and group identifiers."
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:9
+msgid ""
+"NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are "
+"ignored. This is to avoid the possibility of conflicts between automatically-"
+"assigned and manually-assigned values. If you need to use manually-assigned "
+"values, ALL values must be manually-assigned."
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:16
+msgid ""
+"Please note that changing the ID mapping related configuration options will "
+"cause user and group IDs to change. At the moment, SSSD does not support "
+"changing IDs, so the SSSD database must be removed. Because cached passwords "
+"are also stored in the database, removing the database should only be "
+"performed while the authentication servers are reachable, otherwise users "
+"might get locked out. In order to cache the password, an authentication must "
+"be performed. It is not sufficient to use <citerefentry> "
+"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry> to remove the database, rather the process consists of:"
+msgstr ""
+
+#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:33
+msgid "Making sure the remote servers are reachable"
+msgstr ""
+
+#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:38
+msgid "Stopping the SSSD service"
+msgstr ""
+
+#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:43
+msgid "Removing the database"
+msgstr ""
+
+#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:48
+msgid "Starting the SSSD service"
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:52
+msgid ""
+"Moreover, as the change of IDs might necessitate the adjustment of other "
+"system properties such as file and directory ownership, it's advisable to "
+"plan ahead and test the ID mapping configuration thoroughly."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/ldap_id_mapping.xml:59
+msgid "Mapping Algorithm"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:61
+msgid ""
+"Active Directory provides an objectSID for every user and group object in "
+"the directory. This objectSID can be broken up into components that "
+"represent the Active Directory domain identity and the relative identifier "
+"(RID) of the user or group object."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:67
+msgid ""
+"The SSSD ID-mapping algorithm takes a range of available UIDs and divides it "
+"into equally-sized component sections - called \"slices\"-. Each slice "
+"represents the space available to an Active Directory domain."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:73
+msgid ""
+"When a user or group entry for a particular domain is encountered for the "
+"first time, the SSSD allocates one of the available slices for that domain. "
+"In order to make this slice-assignment repeatable on different client "
+"machines, we select the slice based on the following algorithm:"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:80
+msgid ""
+"The SID string is passed through the murmurhash3 algorithm to convert it to "
+"a 32-bit hashed value. We then take the modulus of this value with the total "
+"number of available slices to pick the slice."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:86
+msgid ""
+"NOTE: It is possible to encounter collisions in the hash and subsequent "
+"modulus. In these situations, we will select the next available slice, but "
+"it may not be possible to reproduce the same exact set of slices on other "
+"machines (since the order that they are encountered will determine their "
+"slice). In this situation, it is recommended to either switch to using "
+"explicit POSIX attributes in Active Directory (disabling ID-mapping) or "
+"configure a default domain to guarantee that at least one is always "
+"consistent. See <quote>Configuration</quote> for details."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:101
+msgid ""
+"Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><programlisting>
+#: include/ldap_id_mapping.xml:106
+#, no-wrap
+msgid ""
+"ldap_id_mapping = True\n"
+"ldap_schema = ad\n"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:111
+msgid ""
+"The default configuration results in configuring 10,000 slices, each capable "
+"of holding up to 200,000 IDs, starting from 200,000 and going up to "
+"2,000,200,000. This should be sufficient for most deployments."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><title>
+#: include/ldap_id_mapping.xml:117
+msgid "Advanced Configuration"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:120
+msgid "ldap_idmap_range_min (integer)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:123
+msgid ""
+"Specifies the lower bound of the range of POSIX IDs to use for mapping "
+"Active Directory user and group SIDs."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:127
+msgid ""
+"NOTE: This option is different from <quote>min_id</quote> in that "
+"<quote>min_id</quote> acts to filter the output of requests to this domain, "
+"whereas this option controls the range of ID assignment. This is a subtle "
+"distinction, but the good general advice would be to have <quote>min_id</"
+"quote> be less-than or equal to <quote>ldap_idmap_range_min</quote>"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:191
+msgid "Default: 200000"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:142
+msgid "ldap_idmap_range_max (integer)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:145
+msgid ""
+"Specifies the upper bound of the range of POSIX IDs to use for mapping "
+"Active Directory user and group SIDs."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:149
+msgid ""
+"NOTE: This option is different from <quote>max_id</quote> in that "
+"<quote>max_id</quote> acts to filter the output of requests to this domain, "
+"whereas this option controls the range of ID assignment. This is a subtle "
+"distinction, but the good general advice would be to have <quote>max_id</"
+"quote> be greater-than or equal to <quote>ldap_idmap_range_max</quote>"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:159
+msgid "Default: 2000200000"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:164
+msgid "ldap_idmap_range_size (integer)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:167
+msgid ""
+"Specifies the number of IDs available for each slice.  If the range size "
+"does not divide evenly into the min and max values, it will create as many "
+"complete slices as it can."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:173
+msgid ""
+"NOTE: The value of this option must be at least as large as the highest user "
+"RID planned for use on the Active Directory server. User lookups and login "
+"will fail for any user whose RID is greater than this value."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:179
+msgid ""
+"For example, if your most recently-added Active Directory user has "
+"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, "
+"<quote>ldap_idmap_range_size</quote> must be at least 1108 as range size is "
+"equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1)."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:186
+msgid ""
+"It is important to plan ahead for future expansion, as changing this value "
+"will result in changing all of the ID mappings on the system, leading to "
+"users with different local IDs than they previously had."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:196
+msgid "ldap_idmap_default_domain_sid (string)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:199
+msgid ""
+"Specify the domain SID of the default domain. This will guarantee that this "
+"domain will always be assigned to slice zero in the ID map, bypassing the "
+"murmurhash algorithm described above."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:210
+msgid "ldap_idmap_default_domain (string)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:213
+msgid "Specify the name of the default domain."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:221
+msgid "ldap_idmap_autorid_compat (boolean)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:224
+msgid ""
+"Changes the behavior of the ID-mapping algorithm to behave more similarly to "
+"winbind's <quote>idmap_autorid</quote> algorithm."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:229
+msgid ""
+"When this option is configured, domains will be allocated starting with "
+"slice zero and increasing monatomically with each additional domain."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:234
+msgid ""
+"NOTE: This algorithm is non-deterministic (it depends on the order that "
+"users and groups are requested). If this mode is required for compatibility "
+"with machines running winbind, it is recommended to also use the "
+"<quote>ldap_idmap_default_domain_sid</quote> option to guarantee that at "
+"least one domain is consistently allocated to slice zero."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:249
+msgid "ldap_idmap_helper_table_size (integer)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:252
+msgid ""
+"Maximal number of secondary slices that is tried when performing mapping "
+"from UNIX id to SID."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:256
+msgid ""
+"Note: Additional secondary slices might be generated when SID is being "
+"mapped to UNIX id and RID part of SID is out of range for secondary slices "
+"generated so far. If value of ldap_idmap_helper_table_size is equal to 0 "
+"then no additional secondary slices are generated."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/ldap_id_mapping.xml:273
+msgid "Well-Known SIDs"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:275
+msgid ""
+"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a "
+"special hardcoded meaning. Since the generic users and groups related to "
+"those Well-Known SIDs have no equivalent in a Linux/UNIX environment no "
+"POSIX IDs are available for those objects."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:281
+msgid ""
+"The SID name space is organized in authorities which can be seen as "
+"different domains. The authorities for the Well-Known SIDs are"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:284
+msgid "Null Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:285
+msgid "World Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:286
+msgid "Local Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:287
+msgid "Creator Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:288
+msgid "NT Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:289
+msgid "Built-in"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:291
+msgid ""
+"The capitalized version of these names are used as domain names when "
+"returning the fully qualified name of a Well-Known SID."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:295
+msgid ""
+"Since some utilities allow to modify SID based access control information "
+"with the help of a name instead of using the SID directly SSSD supports to "
+"look up the SID by the name as well. To avoid collisions only the fully "
+"qualified names can be used to look up Well-Known SIDs. As a result the "
+"domain names <quote>NULL AUTHORITY</quote>, <quote>WORLD AUTHORITY</quote>, "
+"<quote> LOCAL AUTHORITY</quote>, <quote>CREATOR AUTHORITY</quote>, <quote>NT "
+"AUTHORITY</quote> and <quote>BUILTIN</quote> should not be used as domain "
+"names in <filename>sssd.conf</filename>."
+msgstr ""
+
+#. type: Content of: <varlistentry><term>
+#: include/param_help.xml:3
+msgid "<option>-?</option>,<option>--help</option>"
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para>
+#: include/param_help.xml:7 include/param_help_py.xml:7
+msgid "Display help message and exit."
+msgstr ""
+
+#. type: Content of: <varlistentry><term>
+#: include/param_help_py.xml:3
+msgid "<option>-h</option>,<option>--help</option>"
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:3 include/debug_levels_tools.xml:3
+msgid ""
+"SSSD supports two representations for specifying the debug level. The "
+"simplest is to specify a decimal value from 0-9, which represents enabling "
+"that level and all lower-level debug messages. The more comprehensive option "
+"is to specify a hexadecimal bitmask to enable or disable specific levels "
+"(such as if you wish to suppress a level)."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:10
+msgid ""
+"Please note that each SSSD service logs into its own log file. Also please "
+"note that enabling <quote>debug_level</quote> in the <quote>[sssd]</quote> "
+"section only enables debugging just for the sssd process itself, not for the "
+"responder or provider processes. The <quote>debug_level</quote> parameter "
+"should be added to all sections that you wish to produce debug logs from."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:18
+msgid ""
+"In addition to changing the log level in the config file using the "
+"<quote>debug_level</quote> parameter, which is persistent, but requires SSSD "
+"restart, it is also possible to change the debug level on the fly using the "
+"<citerefentry> <refentrytitle>sss_debuglevel</refentrytitle> <manvolnum>8</"
+"manvolnum> </citerefentry> tool."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:29 include/debug_levels_tools.xml:10
+msgid "Currently supported debug levels:"
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:32 include/debug_levels_tools.xml:13
+msgid ""
+"<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Fatal failures. "
+"Anything that would prevent SSSD from starting up or causes it to cease "
+"running."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:38 include/debug_levels_tools.xml:19
+msgid ""
+"<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. An "
+"error that doesn't kill SSSD, but one that indicates that at least one major "
+"feature is not going to work properly."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:45 include/debug_levels_tools.xml:26
+msgid ""
+"<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Serious failures. An "
+"error announcing that a particular request or operation has failed."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:50 include/debug_levels_tools.xml:31
+msgid ""
+"<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Minor failures. These "
+"are the errors that would percolate down to cause the operation failure of 2."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:55 include/debug_levels_tools.xml:36
+msgid ""
+"<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: Configuration settings."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:59 include/debug_levels_tools.xml:40
+msgid "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Function data."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:63 include/debug_levels_tools.xml:44
+msgid ""
+"<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Trace messages for "
+"operation functions."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:67 include/debug_levels_tools.xml:48
+msgid ""
+"<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Trace messages for "
+"internal control functions."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:72 include/debug_levels_tools.xml:53
+msgid ""
+"<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Contents of function-"
+"internal variables that may be interesting."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:77 include/debug_levels_tools.xml:58
+msgid ""
+"<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Extremely low-level "
+"tracing information."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:81 include/debug_levels_tools.xml:62
+msgid ""
+"To log required bitmask debug levels, simply add their numbers together as "
+"shown in following examples:"
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:85 include/debug_levels_tools.xml:66
+msgid ""
+"<emphasis>Example</emphasis>: To log fatal failures, critical failures, "
+"serious failures and function data use 0x0270."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:89 include/debug_levels_tools.xml:70
+msgid ""
+"<emphasis>Example</emphasis>: To log fatal failures, configuration settings, "
+"function data, trace messages for internal control functions use 0x1310."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:94 include/debug_levels_tools.xml:75
+msgid ""
+"<emphasis>Note</emphasis>: The bitmask format of debug levels was introduced "
+"in 1.7.0."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:98 include/debug_levels_tools.xml:79
+msgid "<emphasis>Default</emphasis>: 0"
+msgstr ""
+
+#. type: Content of: outside any tag (error?)
+#: include/experimental.xml:1
+msgid ""
+"<emphasis> This is an experimental feature, please use https://pagure.io/"
+"SSSD/sssd/ to report any issues.  </emphasis>"
+msgstr ""
+
+#. type: Content of: <refsect1><title>
+#: include/local.xml:2
+msgid "THE LOCAL DOMAIN"
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/local.xml:4
+msgid ""
+"In order to function correctly, a domain with <quote>id_provider=local</"
+"quote> must be created and the SSSD must be running."
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/local.xml:9
+msgid ""
+"The administrator might want to use the SSSD local users instead of "
+"traditional UNIX users in cases where the group nesting (see <citerefentry> "
+"<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry>) is needed. The local users are also useful for testing and "
+"development of the SSSD without having to deploy a full remote server. The "
+"<command>sss_user*</command> and <command>sss_group*</command> tools use a "
+"local LDB storage to store users and groups."
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/seealso.xml:4
+msgid ""
+"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
+"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
+"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sssd-simple</refentrytitle><manvolnum>5</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sssd-ipa</"
+"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sssd-ad</refentrytitle><manvolnum>5</manvolnum> </"
+"citerefentry>, <phrase condition=\"with_sudo\"> <citerefentry> "
+"<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry>, </phrase> <phrase condition=\"with_secrets\"> <citerefentry> "
+"<refentrytitle>sssd-secrets</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry>, </phrase> <citerefentry> <refentrytitle>sssd-session-"
+"recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>, "
+"<citerefentry> <refentrytitle>sss_cache</refentrytitle><manvolnum>8</"
+"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_debuglevel</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_obfuscate</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_seed</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <phrase condition="
+"\"with_ssh\"> <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</"
+"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</"
+"manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> "
+"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>.  <citerefentry> "
+"<refentrytitle>sss_rpcidmapd</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> <phrase condition=\"with_stap\"> <citerefentry> "
+"<refentrytitle>sssd-systemtap</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> </phrase>"
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/ldap_search_bases.xml:3
+msgid ""
+"An optional base DN, search scope and LDAP filter to restrict LDAP searches "
+"for this attribute type."
+msgstr ""
+
+#. type: Content of: <listitem><para><programlisting>
+#: include/ldap_search_bases.xml:9
+#, no-wrap
+msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n"
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/ldap_search_bases.xml:7
+msgid "syntax: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/ldap_search_bases.xml:13
+msgid ""
+"The scope can be one of \"base\", \"onelevel\" or \"subtree\". The scope "
+"functions as specified in section 4.5.1.2 of http://tools.ietf.org/html/"
+"rfc4511"
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/ldap_search_bases.xml:23
+msgid ""
+"For examples of this syntax, please refer to the <quote>ldap_search_base</"
+"quote> examples section."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/ldap_search_bases.xml:31
+msgid ""
+"Please note that specifying scope or filter is not supported for searches "
+"against an Active Directory Server that might yield a large number of "
+"results and trigger the Range Retrieval extension in the response."
+msgstr ""
+
+#. type: Content of: <para>
+#: include/autofs_restart.xml:2
+msgid ""
+"Please note that the automounter only reads the master map on startup, so if "
+"any autofs-related changes are made to the sssd.conf, you typically also "
+"need to restart the automounter daemon after restarting the SSSD."
+msgstr ""
+
+#. type: Content of: <varlistentry><term>
+#: include/override_homedir.xml:2
+msgid "override_homedir (string)"
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: include/override_homedir.xml:16
+msgid "UID number"
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: include/override_homedir.xml:20
+msgid "domain name"
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
+#: include/override_homedir.xml:23
+msgid "%f"
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: include/override_homedir.xml:24
+msgid "fully qualified user name (user@domain)"
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
+#: include/override_homedir.xml:27
+msgid "%l"
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: include/override_homedir.xml:28
+msgid "The first letter of the login name."
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: include/override_homedir.xml:32
+msgid "UPN - User Principal Name (name@REALM)"
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
+#: include/override_homedir.xml:35
+msgid "%o"
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: include/override_homedir.xml:37
+msgid "The original home directory retrieved from the identity provider."
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
+#: include/override_homedir.xml:42
+msgid "%H"
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: include/override_homedir.xml:44
+msgid "The value of configure option <emphasis>homedir_substring</emphasis>."
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para>
+#: include/override_homedir.xml:5
+msgid ""
+"Override the user's home directory. You can either provide an absolute value "
+"or a template. In the template, the following sequences are substituted: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para><programlisting>
+#: include/override_homedir.xml:61
+#, no-wrap
+msgid ""
+"override_homedir = /home/%u\n"
+"        "
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para>
+#: include/override_homedir.xml:65
+msgid "Default: Not set (SSSD will use the value retrieved from LDAP)"
+msgstr ""
+
+#. type: Content of: <varlistentry><term>
+#: include/homedir_substring.xml:2
+msgid "homedir_substring (string)"
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para>
+#: include/homedir_substring.xml:5
+msgid ""
+"The value of this option will be used in the expansion of the "
+"<emphasis>override_homedir</emphasis> option if the template contains the "
+"format string <emphasis>%H</emphasis>. An LDAP directory entry can directly "
+"contain this template so that this option can be used to expand the home "
+"directory path for each client machine (or operating system). It can be set "
+"per-domain or globally in the [nss] section. A value specified in a domain "
+"section will override one set in the [nss] section."
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para>
+#: include/homedir_substring.xml:15
+msgid "Default: /home"
+msgstr ""
+
+#. type: Content of: <refsect1><title>
+#: include/ad_modified_defaults.xml:2 include/ipa_modified_defaults.xml:2
+msgid "MODIFIED DEFAULT OPTIONS"
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/ad_modified_defaults.xml:4
+msgid ""
+"Certain option defaults do not match their respective backend provider "
+"defaults, these option names and AD provider-specific defaults are listed "
+"below:"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/ad_modified_defaults.xml:9 include/ipa_modified_defaults.xml:9
+msgid "KRB5 Provider"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ad_modified_defaults.xml:13 include/ipa_modified_defaults.xml:13
+msgid "krb5_validate = true"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ad_modified_defaults.xml:18
+msgid "krb5_use_enterprise_principal = true"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/ad_modified_defaults.xml:24
+msgid "LDAP Provider"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ad_modified_defaults.xml:28
+msgid "ldap_schema = ad"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ad_modified_defaults.xml:33 include/ipa_modified_defaults.xml:38
+msgid "ldap_force_upper_case_realm = true"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ad_modified_defaults.xml:38
+msgid "ldap_id_mapping = true"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ad_modified_defaults.xml:43
+msgid "ldap_sasl_mech = gssapi"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ad_modified_defaults.xml:48
+msgid "ldap_referrals = false"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ad_modified_defaults.xml:53
+msgid "ldap_account_expire_policy = ad"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ad_modified_defaults.xml:58 include/ipa_modified_defaults.xml:58
+msgid "ldap_use_tokengroups = true"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ad_modified_defaults.xml:63
+msgid "ldap_sasl_authid = sAMAccountName@REALM (typically SHORTNAME$@REALM)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ad_modified_defaults.xml:66
+msgid ""
+"The AD provider looks for a different principal than the LDAP provider by "
+"default, because in an Active Directory environment the principals are "
+"divided into two groups - User Principals and Service Principals. Only User "
+"Principal can be used to obtain a TGT and by default, computer object's "
+"principal is constructed from its sAMAccountName and the AD realm. The well-"
+"known host/hostname@REALM principal is a Service Principal and thus cannot "
+"be used to get a TGT with."
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/ipa_modified_defaults.xml:4
+msgid ""
+"Certain option defaults do not match their respective backend provider "
+"defaults, these option names and IPA provider-specific defaults are listed "
+"below:"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ipa_modified_defaults.xml:18
+msgid "krb5_use_fast = try"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ipa_modified_defaults.xml:23
+msgid "krb5_canonicalize = true"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/ipa_modified_defaults.xml:29
+msgid "LDAP Provider - General"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ipa_modified_defaults.xml:33
+msgid "ldap_schema = ipa_v1"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ipa_modified_defaults.xml:43
+msgid "ldap_sasl_mech = GSSAPI"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ipa_modified_defaults.xml:48
+msgid "ldap_sasl_minssf = 56"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ipa_modified_defaults.xml:53
+msgid "ldap_account_expire_policy = ipa"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/ipa_modified_defaults.xml:64
+msgid "LDAP Provider - User options"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ipa_modified_defaults.xml:68
+msgid "ldap_user_member_of = memberOf"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ipa_modified_defaults.xml:73
+msgid "ldap_user_uuid = ipaUniqueID"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ipa_modified_defaults.xml:78
+msgid "ldap_user_ssh_public_key = ipaSshPubKey"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ipa_modified_defaults.xml:83
+msgid "ldap_user_auth_type = ipaUserAuthType"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/ipa_modified_defaults.xml:89
+msgid "LDAP Provider - Group options"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ipa_modified_defaults.xml:93
+msgid "ldap_group_object_class = ipaUserGroup"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ipa_modified_defaults.xml:98
+msgid "ldap_group_object_class_alt = posixGroup"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ipa_modified_defaults.xml:103
+msgid "ldap_group_member = member"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ipa_modified_defaults.xml:108
+msgid "ldap_group_uuid = ipaUniqueID"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ipa_modified_defaults.xml:113
+msgid "ldap_group_objectsid = ipaNTSecurityIdentifier"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ipa_modified_defaults.xml:118
+msgid "ldap_group_external_member = ipaExternalMember"
+msgstr ""
diff --git a/src/man/po/tg.po b/src/man/po/tg.po
index 3c83f81..3db996b 100644
--- a/src/man/po/tg.po
+++ b/src/man/po/tg.po
@@ -5,10 +5,10 @@
 # Translators:
 msgid ""
 msgstr ""
-"Project-Id-Version: sssd-docs 1.15.3\n"
+"Project-Id-Version: sssd-docs 1.16.1\n"
 "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2018-03-09 12:30+0100\n"
-"PO-Revision-Date: 2014-12-15 12:10-0500\n"
+"POT-Creation-Date: 2018-06-08 21:00+0200\n"
+"PO-Revision-Date: 2014-12-15 12:10+0000\n"
 "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
 "Language-Team: Tajik (http://www.transifex.com/projects/p/sssd/language/"
 "tg/)\n"
@@ -17,7 +17,7 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
-"X-Generator: Zanata 3.9.6\n"
+"X-Generator: Zanata 4.4.5\n"
 
 #. type: Content of: <reference><title>
 #: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
@@ -88,7 +88,7 @@ msgstr ""
 #: sss_groupmod.8.xml:39 pam_sss.8.xml:64 sssd.8.xml:42 sss_obfuscate.8.xml:58
 #: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
 #: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
-#: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:66
+#: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:123
 #: sss_ssh_knownhostsproxy.1.xml:62
 msgid "OPTIONS"
 msgstr "ИМКОНОТҲО"
@@ -184,7 +184,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd.conf.5.xml:41
 msgid ""
-"A line comment starts with a hash sign (<quote>#</quote>) or a semicolon "
+"A comment line starts with a hash sign (<quote>#</quote>) or a semicolon "
 "(<quote>;</quote>).  Inline comments are not supported."
 msgstr ""
 
@@ -292,11 +292,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:133 sssd.conf.5.xml:543 sssd.conf.5.xml:837
-#: sssd.conf.5.xml:1474 sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1937
-#: sssd-ldap.5.xml:1999 sssd-ldap.5.xml:2565 sssd-ldap.5.xml:2630
-#: sssd-ldap.5.xml:2648 sssd-ad.5.xml:224 sssd-ad.5.xml:338 sssd-ad.5.xml:882
-#: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
+#: sssd.conf.5.xml:133 sssd.conf.5.xml:543 sssd.conf.5.xml:839
+#: sssd.conf.5.xml:1491 sssd.conf.5.xml:1521 sssd-ldap.5.xml:1840
+#: sssd-ldap.5.xml:1937 sssd-ldap.5.xml:1999 sssd-ldap.5.xml:2565
+#: sssd-ldap.5.xml:2630 sssd-ldap.5.xml:2648 sssd-ad.5.xml:227
+#: sssd-ad.5.xml:341 sssd-ad.5.xml:885 sssd-krb5.5.xml:499
+#: sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
 msgid "Default: true"
 msgstr "Пешфарз: true"
 
@@ -313,8 +314,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:146 sssd.conf.5.xml:540 sssd.conf.5.xml:721
-#: sssd.conf.5.xml:1407 sssd.conf.5.xml:2925 sssd-ldap.5.xml:708
+#: sssd.conf.5.xml:146 sssd.conf.5.xml:540 sssd.conf.5.xml:722
+#: sssd.conf.5.xml:1424 sssd.conf.5.xml:2983 sssd-ldap.5.xml:708
 #: sssd-ldap.5.xml:1714 sssd-ldap.5.xml:1733 sssd-ldap.5.xml:1909
 #: sssd-ldap.5.xml:2335 sssd-ipa.5.xml:151 sssd-ipa.5.xml:238
 #: sssd-ipa.5.xml:559 sssd-krb5.5.xml:266 sssd-krb5.5.xml:300
@@ -348,7 +349,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:169 sssd.conf.5.xml:1359 sssd.conf.5.xml:2941
+#: sssd.conf.5.xml:169 sssd.conf.5.xml:1376 sssd.conf.5.xml:2999
 #: sssd-ldap.5.xml:1585 include/ldap_id_mapping.xml:264
 msgid "Default: 10"
 msgstr "Пешфарз: 10"
@@ -364,7 +365,7 @@ msgid "The [sssd] section"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:191 sssd.conf.5.xml:3030
+#: sssd.conf.5.xml:191 sssd.conf.5.xml:3088
 msgid "Section parameters"
 msgstr ""
 
@@ -412,19 +413,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231 sssd.conf.5.xml:613
+#: sssd.conf.5.xml:231 sssd.conf.5.xml:614
 msgid "reconnection_retries (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:234 sssd.conf.5.xml:616
+#: sssd.conf.5.xml:234 sssd.conf.5.xml:617
 msgid ""
 "Number of times services should attempt to reconnect in the event of a Data "
 "Provider crash or restart before they give up"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:239 sssd.conf.5.xml:621
+#: sssd.conf.5.xml:239 sssd.conf.5.xml:622
 msgid "Default: 3"
 msgstr "Пешфарз: 3"
 
@@ -444,7 +445,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:259 sssd.conf.5.xml:2539
+#: sssd.conf.5.xml:259 sssd.conf.5.xml:2597
 msgid "re_expression (string)"
 msgstr ""
 
@@ -464,12 +465,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:276 sssd.conf.5.xml:2590
+#: sssd.conf.5.xml:276 sssd.conf.5.xml:2648
 msgid "full_name_format (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:279 sssd.conf.5.xml:2593
+#: sssd.conf.5.xml:279 sssd.conf.5.xml:2651
 msgid ""
 "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
 "manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -477,39 +478,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:290 sssd.conf.5.xml:2604
+#: sssd.conf.5.xml:290 sssd.conf.5.xml:2662
 msgid "%1$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:291 sssd.conf.5.xml:2605
+#: sssd.conf.5.xml:291 sssd.conf.5.xml:2663
 msgid "user name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:294 sssd.conf.5.xml:2608
+#: sssd.conf.5.xml:294 sssd.conf.5.xml:2666
 msgid "%2$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:297 sssd.conf.5.xml:2611
+#: sssd.conf.5.xml:297 sssd.conf.5.xml:2669
 msgid "domain name as specified in the SSSD config file."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:303 sssd.conf.5.xml:2617
+#: sssd.conf.5.xml:303 sssd.conf.5.xml:2675
 msgid "%3$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:306 sssd.conf.5.xml:2620
+#: sssd.conf.5.xml:306 sssd.conf.5.xml:2678
 msgid ""
 "domain flat name. Mostly usable for Active Directory domains, both directly "
 "configured or discovered via IPA trusts."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:287 sssd.conf.5.xml:2601
+#: sssd.conf.5.xml:287 sssd.conf.5.xml:2659
 msgid ""
 "The following expansions are supported: <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
@@ -633,9 +634,9 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:418 sssd.conf.5.xml:1163 sssd-ldap.5.xml:679
+#: sssd.conf.5.xml:418 sssd.conf.5.xml:1165 sssd-ldap.5.xml:679
 #: sssd-ldap.5.xml:1319 sssd-ldap.5.xml:1673 sssd-ldap.5.xml:1685
-#: sssd-ldap.5.xml:1767 sssd-ad.5.xml:687 sssd-ad.5.xml:762 sssd.8.xml:126
+#: sssd-ldap.5.xml:1767 sssd-ad.5.xml:690 sssd-ad.5.xml:765 sssd.8.xml:126
 #: sssd-krb5.5.xml:410 sssd-krb5.5.xml:556 sssd-secrets.5.xml:339
 #: sssd-secrets.5.xml:377 sssd-secrets.5.xml:390 sssd-secrets.5.xml:404
 #: sssd-secrets.5.xml:415 include/ldap_id_mapping.xml:205
@@ -813,21 +814,22 @@ msgstr ""
 #: sssd.conf.5.xml:563
 msgid ""
 "Please, note that when this option is set the output format of all commands "
-"is always fully-qualified even when using short names for input.  In case "
-"the administrator wants the output not fully-qualified, the full_name_format "
-"option can be used as shown below: <quote>full_name_format=%1$s</quote> "
-"However, keep in mind that during login, login applications often "
-"canonicalize the username by calling <citerefentry> <refentrytitle>getpwnam</"
-"refentrytitle> <manvolnum>3</manvolnum> </citerefentry> which, if a "
-"shortname is returned for a qualified input (while trying to reach a user "
-"which exists in multiple domains) might re-route the login attempt into the "
-"domain which users shortnames, making this workaround totally not "
-"recommended in cases where usernames may overlap between domains."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587 sssd.conf.5.xml:1371 sssd.conf.5.xml:2991
-#: sssd-ad.5.xml:161 sssd-ad.5.xml:299 sssd-ad.5.xml:313
+"is always fully-qualified even when using short names for input, for all "
+"users but the ones managed by the files provider.  In case the administrator "
+"wants the output not fully-qualified, the full_name_format option can be "
+"used as shown below: <quote>full_name_format=%1$s</quote> However, keep in "
+"mind that during login, login applications often canonicalize the username "
+"by calling <citerefentry> <refentrytitle>getpwnam</refentrytitle> "
+"<manvolnum>3</manvolnum> </citerefentry> which, if a shortname is returned "
+"for a qualified input (while trying to reach a user which exists in multiple "
+"domains) might re-route the login attempt into the domain which uses "
+"shortnames, making this workaround totally not recommended in cases where "
+"usernames may overlap between domains."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:588 sssd.conf.5.xml:1388 sssd.conf.5.xml:3049
+#: sssd-ad.5.xml:164 sssd-ad.5.xml:302 sssd-ad.5.xml:316
 msgid "Default: Not set"
 msgstr ""
 
@@ -843,12 +845,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:598
+#: sssd.conf.5.xml:599
 msgid "SERVICES SECTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:600
+#: sssd.conf.5.xml:601
 msgid ""
 "Settings that can be used to configure different services are described in "
 "this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -857,22 +859,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:607
+#: sssd.conf.5.xml:608
 msgid "General service configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:609
+#: sssd.conf.5.xml:610
 msgid "These options can be used to configure any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:626
+#: sssd.conf.5.xml:627
 msgid "fd_limit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:629
+#: sssd.conf.5.xml:630
 msgid ""
 "This option specifies the maximum number of file descriptors that may be "
 "opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -882,17 +884,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:638
+#: sssd.conf.5.xml:639
 msgid "Default: 8192 (or limits.conf \"hard\" limit)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:643
+#: sssd.conf.5.xml:644
 msgid "client_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:646
+#: sssd.conf.5.xml:647
 msgid ""
 "This option specifies the number of seconds that a client of an SSSD process "
 "can hold onto a file descriptor without communicating on it. This value is "
@@ -902,18 +904,18 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:655 sssd.conf.5.xml:687 sssd.conf.5.xml:968
-#: sssd.conf.5.xml:1229 sssd-ldap.5.xml:1412
+#: sssd.conf.5.xml:656 sssd.conf.5.xml:688 sssd.conf.5.xml:970
+#: sssd.conf.5.xml:1231 sssd-ldap.5.xml:1412
 msgid "Default: 60"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:660
+#: sssd.conf.5.xml:661
 msgid "offline_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:663
+#: sssd.conf.5.xml:664
 msgid ""
 "When SSSD switches to offline mode the amount of time before it tries to go "
 "back online will increase based upon the time spent disconnected.  This "
@@ -921,24 +923,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:670
+#: sssd.conf.5.xml:671
 msgid "offline_timeout + random_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:673
+#: sssd.conf.5.xml:674
 msgid ""
 "The random offset can increment up to 30 seconds.  After each unsuccessful "
 "attempt to go online, the new interval is recalculated by the following:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:678
+#: sssd.conf.5.xml:679
 msgid "new_interval = old_interval*2 + random_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:681
+#: sssd.conf.5.xml:682
 msgid ""
 "Note that the maximum length of each interval is currently limited to one "
 "hour. If the calculated length of new_interval is greater than an hour, it "
@@ -946,12 +948,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:692
+#: sssd.conf.5.xml:693
 msgid "responder_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:695
+#: sssd.conf.5.xml:696
 msgid ""
 "This option specifies the number of seconds that an SSSD responder process "
 "can be up without being used. This value is limited in order to avoid "
@@ -963,58 +965,58 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:709 sssd.conf.5.xml:981 sssd.conf.5.xml:1566
+#: sssd.conf.5.xml:710 sssd.conf.5.xml:983 sssd.conf.5.xml:1616
 #: sssd-ldap.5.xml:722
 msgid "Default: 300"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:714
+#: sssd.conf.5.xml:715
 msgid "cache_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:717
+#: sssd.conf.5.xml:718
 msgid ""
 "This option specifies whether the responder should query all caches before "
 "querying the Data Providers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:729
+#: sssd.conf.5.xml:730
 msgid "NSS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:731
+#: sssd.conf.5.xml:732
 msgid ""
 "These options can be used to configure the Name Service Switch (NSS) service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:736
+#: sssd.conf.5.xml:737
 msgid "enum_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:739
+#: sssd.conf.5.xml:740
 msgid ""
 "How many seconds should nss_sss cache enumerations (requests for info about "
 "all users)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:743
+#: sssd.conf.5.xml:744
 msgid "Default: 120"
 msgstr "Пешфарз: 120"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:748
+#: sssd.conf.5.xml:749
 msgid "entry_cache_nowait_percentage (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:751
+#: sssd.conf.5.xml:752
 msgid ""
 "The entry cache can be set to automatically update entries in the background "
 "if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -1022,7 +1024,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:757
+#: sssd.conf.5.xml:758
 msgid ""
 "For example, if the domain's entry_cache_timeout is set to 30s and "
 "entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -1032,7 +1034,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:767
+#: sssd.conf.5.xml:768
 msgid ""
 "Valid values for this option are 0-99 and represent a percentage of the "
 "entry_cache_timeout for each domain. For performance reasons, this "
@@ -1041,17 +1043,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:775 sssd.conf.5.xml:1428
+#: sssd.conf.5.xml:776 sssd.conf.5.xml:1445
 msgid "Default: 50"
 msgstr "Пешфарз: 50"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:780
+#: sssd.conf.5.xml:781
 msgid "entry_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:784
 msgid ""
 "Specifies for how many seconds nss_sss should cache negative cache hits "
 "(that is, queries for invalid database entries, like nonexistent ones)  "
@@ -1059,34 +1061,37 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:789 sssd.conf.5.xml:1452
+#: sssd.conf.5.xml:790 sssd.conf.5.xml:1469
 msgid "Default: 15"
 msgstr "Пешфарз: 15"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:794
+#: sssd.conf.5.xml:795
 msgid "local_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:797
+#: sssd.conf.5.xml:798
 msgid ""
 "Specifies for how many seconds nss_sss should keep local users and groups in "
-"negative cache before trying to look it up in the back end again."
+"negative cache before trying to look it up in the back end again. Setting "
+"the option to 0 disables this feature."
 msgstr ""
 
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:802 sssd.conf.5.xml:1217 sssd.conf.5.xml:2846 sssd.8.xml:79
-msgid "Default: 0"
-msgstr "Пешфарз: 0"
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:804
+#, fuzzy
+#| msgid "Default: 5400"
+msgid "Default: 14400 (4 hours)"
+msgstr "Пешфарз: 5400"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:807
+#: sssd.conf.5.xml:809
 msgid "filter_users, filter_groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:810
+#: sssd.conf.5.xml:812
 msgid ""
 "Exclude certain users or groups from being fetched from the sss NSS "
 "database. This is particularly useful for system accounts. This option can "
@@ -1095,7 +1100,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:817
+#: sssd.conf.5.xml:819
 msgid ""
 "NOTE: The filter_groups option doesn't affect inheritance of nested group "
 "members, since filtering happens after they are propagated for returning via "
@@ -1104,41 +1109,41 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:825
+#: sssd.conf.5.xml:827
 msgid "Default: root"
 msgstr "Пешфарз: root"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:830
+#: sssd.conf.5.xml:832
 msgid "filter_users_in_groups (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:833
+#: sssd.conf.5.xml:835
 msgid ""
 "If you want filtered user still be group members set this option to false."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:844
+#: sssd.conf.5.xml:846
 msgid "fallback_homedir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:849
 msgid ""
 "Set a default template for a user's home directory if one is not specified "
 "explicitly by the domain's data provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:852
+#: sssd.conf.5.xml:854
 msgid ""
 "The available values for this option are the same as for override_homedir."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:858
+#: sssd.conf.5.xml:860
 #, no-wrap
 msgid ""
 "fallback_homedir = /home/%u\n"
@@ -1146,23 +1151,23 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:856 sssd.conf.5.xml:1296 sssd.conf.5.xml:1315
+#: sssd.conf.5.xml:858 sssd.conf.5.xml:1298 sssd.conf.5.xml:1317
 #: sssd-krb5.5.xml:539 include/override_homedir.xml:59
 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:862
+#: sssd.conf.5.xml:864
 msgid "Default: not set (no substitution for unset home directories)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:870
 msgid "override_shell (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:873
 msgid ""
 "Override the login shell for all users. This option supersedes any other "
 "shell options if it takes effect and can be set either in the [nss] section "
@@ -1170,47 +1175,47 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:877
+#: sssd.conf.5.xml:879
 msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:883
+#: sssd.conf.5.xml:885
 msgid "allowed_shells (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:886
+#: sssd.conf.5.xml:888
 msgid ""
 "Restrict user shell to one of the listed values. The order of evaluation is:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:889
+#: sssd.conf.5.xml:891
 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:895
 msgid ""
 "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
 "quote>, use the value of the shell_fallback parameter."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:898
+#: sssd.conf.5.xml:900
 msgid ""
 "3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
 "shells</quote>, a nologin shell is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:903
+#: sssd.conf.5.xml:905
 msgid "The wildcard (*) can be used to allow any shell."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:906
+#: sssd.conf.5.xml:908
 msgid ""
 "The (*) is useful if you want to use shell_fallback in case that user's "
 "shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -1218,112 +1223,112 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:913
+#: sssd.conf.5.xml:915
 msgid "An empty string for shell is passed as-is to libc."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:918
 msgid ""
 "The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
 "that a restart of the SSSD is required in case a new shell is installed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:920
+#: sssd.conf.5.xml:922
 msgid "Default: Not set. The user shell is automatically used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:925
+#: sssd.conf.5.xml:927
 msgid "vetoed_shells (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:928
+#: sssd.conf.5.xml:930
 msgid "Replace any instance of these shells with the shell_fallback"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:933
+#: sssd.conf.5.xml:935
 msgid "shell_fallback (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:936
+#: sssd.conf.5.xml:938
 msgid ""
 "The default shell to use if an allowed shell is not installed on the machine."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
+#: sssd.conf.5.xml:942
 msgid "Default: /bin/sh"
 msgstr "Пешфарз: /bin/sh"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:945
+#: sssd.conf.5.xml:947
 msgid "default_shell"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:950
 msgid ""
 "The default shell to use if the provider does not return one during lookup. "
 "This option can be specified globally in the [nss] section or per-domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:956
 msgid ""
 "Default: not set (Return NULL if no shell is specified and rely on libc to "
 "substitute something sensible when necessary, usually /bin/sh)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:961 sssd.conf.5.xml:1222
+#: sssd.conf.5.xml:963 sssd.conf.5.xml:1224
 msgid "get_domains_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:964 sssd.conf.5.xml:1225
+#: sssd.conf.5.xml:966 sssd.conf.5.xml:1227
 msgid ""
 "Specifies time in seconds for which the list of subdomains will be "
 "considered valid."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:973
+#: sssd.conf.5.xml:975
 msgid "memcache_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:976
+#: sssd.conf.5.xml:978
 msgid ""
 "Specifies time in seconds for which records in the in-memory cache will be "
 "valid. Setting this option to zero will disable the in-memory cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:984
+#: sssd.conf.5.xml:986
 msgid ""
 "WARNING: Disabling the in-memory cache will have significant negative impact "
 "on SSSD's performance and should only be used for testing."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:990
+#: sssd.conf.5.xml:992
 msgid ""
 "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
 "client applications will not use the fast in-memory cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:998 sssd-ifp.5.xml:74
+#: sssd.conf.5.xml:1000 sssd-ifp.5.xml:74
 msgid "user_attributes (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1001
+#: sssd.conf.5.xml:1003
 msgid ""
 "Some of the additional NSS responder requests can return more attributes "
 "than just the POSIX ones defined by the NSS interface. The list of "
@@ -1334,96 +1339,96 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1014
+#: sssd.conf.5.xml:1016
 msgid ""
 "To make configuration more easy the NSS responder will check the InfoPipe "
 "option if it is not set for the NSS responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1019
+#: sssd.conf.5.xml:1021
 msgid "Default: not set, fallback to InfoPipe option"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1026
 msgid "pwfield (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1029
 msgid ""
 "The value that NSS operations that return users or groups will return for "
 "the <quote>password</quote> field."
 msgstr ""
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:1032 include/override_homedir.xml:56
+#: sssd.conf.5.xml:1034 include/override_homedir.xml:56
 msgid "This option can also be set per-domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1035
+#: sssd.conf.5.xml:1037
 msgid ""
 "Default: <quote>*</quote> (remote domains)  or <quote>x</quote> (the files "
 "domain)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1043
+#: sssd.conf.5.xml:1045
 msgid "PAM configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1047
 msgid ""
 "These options can be used to configure the Pluggable Authentication Module "
 "(PAM) service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1050
+#: sssd.conf.5.xml:1052
 msgid "offline_credentials_expiration (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1053
+#: sssd.conf.5.xml:1055
 msgid ""
 "If the authentication provider is offline, how long should we allow cached "
 "logins (in days since the last successful online login)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1058 sssd.conf.5.xml:1071
+#: sssd.conf.5.xml:1060 sssd.conf.5.xml:1073
 msgid "Default: 0 (No limit)"
 msgstr "Пешфарз: 0 (Номаҳдуд)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1064
+#: sssd.conf.5.xml:1066
 msgid "offline_failed_login_attempts (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1067
+#: sssd.conf.5.xml:1069
 msgid ""
 "If the authentication provider is offline, how many failed login attempts "
 "are allowed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1077
+#: sssd.conf.5.xml:1079
 msgid "offline_failed_login_delay (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1080
+#: sssd.conf.5.xml:1082
 msgid ""
 "The time in minutes which has to pass after offline_failed_login_attempts "
 "has been reached before a new login attempt is possible."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1085
+#: sssd.conf.5.xml:1087
 msgid ""
 "If set to 0 the user cannot authenticate offline if "
 "offline_failed_login_attempts has been reached. Only a successful online "
@@ -1431,59 +1436,59 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1091 sssd.conf.5.xml:1189
+#: sssd.conf.5.xml:1093 sssd.conf.5.xml:1191
 msgid "Default: 5"
 msgstr "Пешфарз: 5"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1097
+#: sssd.conf.5.xml:1099
 msgid "pam_verbosity (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1100
+#: sssd.conf.5.xml:1102
 msgid ""
 "Controls what kind of messages are shown to the user during authentication. "
 "The higher the number to more messages are displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1105
+#: sssd.conf.5.xml:1107
 msgid "Currently sssd supports the following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1108
+#: sssd.conf.5.xml:1110
 msgid "<emphasis>0</emphasis>: do not show any message"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1111
+#: sssd.conf.5.xml:1113
 msgid "<emphasis>1</emphasis>: show only important messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1115
+#: sssd.conf.5.xml:1117
 msgid "<emphasis>2</emphasis>: show informational messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1118
+#: sssd.conf.5.xml:1120
 msgid "<emphasis>3</emphasis>: show all messages and debug information"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1122 sssd.8.xml:63
+#: sssd.conf.5.xml:1124 sssd.8.xml:63
 msgid "Default: 1"
 msgstr "Пешфарз: 1"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1128
+#: sssd.conf.5.xml:1130
 msgid "pam_response_filter (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1131
+#: sssd.conf.5.xml:1133
 msgid ""
 "A comma separated list of strings which allows to remove (filter) data sent "
 "by the PAM responder to pam_sss PAM module. There are different kind of "
@@ -1492,61 +1497,61 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1139
+#: sssd.conf.5.xml:1141
 msgid ""
 "While messages already can be controlled with the help of the pam_verbosity "
 "option this option allows to filter out other kind of responses as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1148
 msgid "ENV"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1147
+#: sssd.conf.5.xml:1149
 msgid "Do not send any environment variables to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1150
+#: sssd.conf.5.xml:1152
 msgid "ENV:var_name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1151
+#: sssd.conf.5.xml:1153
 msgid "Do not send environment variable var_name to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1155
+#: sssd.conf.5.xml:1157
 msgid "ENV:var_name:service"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1156
+#: sssd.conf.5.xml:1158
 msgid "Do not send environment variable var_name to service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1144
+#: sssd.conf.5.xml:1146
 msgid ""
 "Currently the following filters are supported: <placeholder type="
 "\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1166
+#: sssd.conf.5.xml:1168
 msgid "Example: ENV:KRB5CCNAME:sudo-i"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1174
 msgid "pam_id_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1175
+#: sssd.conf.5.xml:1177
 msgid ""
 "For any PAM request while SSSD is online, the SSSD will attempt to "
 "immediately update the cached identity information for the user in order to "
@@ -1554,7 +1559,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1181
+#: sssd.conf.5.xml:1183
 msgid ""
 "A complete PAM conversation may perform multiple PAM requests, such as "
 "account management and session opening. This option controls (on a per-"
@@ -1563,17 +1568,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1195
+#: sssd.conf.5.xml:1197
 msgid "pam_pwd_expiration_warning (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1198 sssd.conf.5.xml:2028
+#: sssd.conf.5.xml:1200 sssd.conf.5.xml:2078
 msgid "Display a warning N days before the password expires."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1201
+#: sssd.conf.5.xml:1203
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -1581,26 +1586,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1207 sssd.conf.5.xml:2031
+#: sssd.conf.5.xml:1209 sssd.conf.5.xml:2081
 msgid ""
 "If zero is set, then this filter is not applied, i.e. if the expiration "
 "warning was received from backend server, it will automatically be displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1212
+#: sssd.conf.5.xml:1214
 msgid ""
 "This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
 "emphasis> for a particular domain."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1219 sssd.conf.5.xml:2904 sssd.8.xml:79
+msgid "Default: 0"
+msgstr "Пешфарз: 0"
+
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1234
+#: sssd.conf.5.xml:1236
 msgid "pam_trusted_users (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1237
+#: sssd.conf.5.xml:1239
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to run PAM conversations against trusted domains.  Users not "
@@ -1610,74 +1620,74 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1247
+#: sssd.conf.5.xml:1249
 msgid "Default: All users are considered trusted by default"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1251
+#: sssd.conf.5.xml:1253
 msgid ""
 "Please note that UID 0 is always allowed to access the PAM responder even in "
 "case it is not in the pam_trusted_users list."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1258
+#: sssd.conf.5.xml:1260
 msgid "pam_public_domains (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1261
+#: sssd.conf.5.xml:1263
 msgid ""
 "Specifies the comma-separated list of domain names that are accessible even "
 "to untrusted users."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1265
+#: sssd.conf.5.xml:1267
 msgid "Two special values for pam_public_domains option are defined:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1269
+#: sssd.conf.5.xml:1271
 msgid ""
 "all (Untrusted users are allowed to access all domains in PAM responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1273
+#: sssd.conf.5.xml:1275
 msgid ""
 "none (Untrusted users are not allowed to access any domains PAM in "
 "responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1277 sssd.conf.5.xml:1302 sssd.conf.5.xml:1321
-#: sssd.conf.5.xml:1825 sssd.conf.5.xml:2782 sssd-ldap.5.xml:1968
+#: sssd.conf.5.xml:1279 sssd.conf.5.xml:1304 sssd.conf.5.xml:1323
+#: sssd.conf.5.xml:1875 sssd.conf.5.xml:2840 sssd-ldap.5.xml:1968
 msgid "Default: none"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1282
+#: sssd.conf.5.xml:1284
 msgid "pam_account_expired_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1285
+#: sssd.conf.5.xml:1287
 msgid ""
 "Allows a custom expiration message to be set, replacing the default "
 "'Permission denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1290
+#: sssd.conf.5.xml:1292
 msgid ""
 "Note: Please be aware that message is only printed for the SSH service "
 "unless pam_verbosity is set to 3 (show all messages and debug information)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1298
+#: sssd.conf.5.xml:1300
 #, no-wrap
 msgid ""
 "pam_account_expired_message = Account expired, please contact help desk.\n"
@@ -1685,19 +1695,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1307
+#: sssd.conf.5.xml:1309
 msgid "pam_account_locked_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1310
+#: sssd.conf.5.xml:1312
 msgid ""
 "Allows a custom lockout message to be set, replacing the default 'Permission "
 "denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1317
+#: sssd.conf.5.xml:1319
 #, no-wrap
 msgid ""
 "pam_account_locked_message = Account locked, please contact help desk.\n"
@@ -1705,12 +1715,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1326
+#: sssd.conf.5.xml:1328
 msgid "pam_cert_auth (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1329
+#: sssd.conf.5.xml:1331
 msgid ""
 "Enable certificate based Smartcard authentication.  Since this requires "
 "additional communication with the Smartcard which will delay the "
@@ -1718,58 +1728,82 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1335 sssd.conf.5.xml:2875 sssd-ldap.5.xml:1087
+#: sssd.conf.5.xml:1337 sssd.conf.5.xml:2933 sssd-ldap.5.xml:1087
 #: sssd-ldap.5.xml:1114 sssd-ldap.5.xml:1514 sssd-ldap.5.xml:1535
 #: sssd-ldap.5.xml:2041 include/ldap_id_mapping.xml:244
 msgid "Default: False"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1340
+#: sssd.conf.5.xml:1342
 msgid "pam_cert_db_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1343
+#: sssd.conf.5.xml:1345
 msgid ""
 "The path to the certificate database which contain the PKCS#11 modules to "
 "access the Smartcard."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1347
-msgid "Default: /etc/pki/nssdb (NSS version)"
+#: sssd.conf.5.xml:1349 sssd.conf.5.xml:1534
+#, fuzzy
+#| msgid "Default: 3"
+msgid "Default:"
+msgstr "Пешфарз: 3"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:1351 sssd.conf.5.xml:1536
+msgid "/etc/pki/nssdb (NSS version, path to a NSS database)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:1354 sssd.conf.5.xml:1539
+msgid ""
+"/etc/sssd/pki/sssd_auth_ca_db.pem (OpenSSL version, path to a file with "
+"trusted CA certificates in PEM format)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1361 sssd.conf.5.xml:1546
+msgid "This man page was generated for the NSS version."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1364 sssd.conf.5.xml:1549
+msgid "This man page was generated for the OpenSSL version."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1352
+#: sssd.conf.5.xml:1369
 msgid "p11_child_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1355
+#: sssd.conf.5.xml:1372
 msgid "How many seconds will pam_sss wait for p11_child to finish."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1364
+#: sssd.conf.5.xml:1381
 msgid "pam_app_services (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1367
+#: sssd.conf.5.xml:1384
 msgid ""
 "Which PAM services are permitted to contact domains of type "
 "<quote>application</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1380
+#: sssd.conf.5.xml:1397
 msgid "SUDO configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1382
+#: sssd.conf.5.xml:1399
 msgid ""
 "These options can be used to configure the sudo service.  The detailed "
 "instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -1780,24 +1814,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1399
+#: sssd.conf.5.xml:1416
 msgid "sudo_timed (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1402
+#: sssd.conf.5.xml:1419
 msgid ""
 "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
 "that implement time-dependent sudoers entries."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1414
+#: sssd.conf.5.xml:1431
 msgid "sudo_threshold (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1417
+#: sssd.conf.5.xml:1434
 msgid ""
 "Maximum number of expired rules that can be refreshed at once. If number of "
 "expired rules is below threshold, those rules are refreshed with "
@@ -1807,22 +1841,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1436
+#: sssd.conf.5.xml:1453
 msgid "AUTOFS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1438
+#: sssd.conf.5.xml:1455
 msgid "These options can be used to configure the autofs service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1442
+#: sssd.conf.5.xml:1459
 msgid "autofs_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1445
+#: sssd.conf.5.xml:1462
 msgid ""
 "Specifies for how many seconds should the autofs responder negative cache "
 "hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1830,68 +1864,77 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1461
+#: sssd.conf.5.xml:1478
 msgid "SSH configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1463
+#: sssd.conf.5.xml:1480
 msgid "These options can be used to configure the SSH service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1467
+#: sssd.conf.5.xml:1484
 msgid "ssh_hash_known_hosts (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1470
+#: sssd.conf.5.xml:1487
 msgid ""
 "Whether or not to hash host names and addresses in the managed known_hosts "
 "file."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1479
+#: sssd.conf.5.xml:1496
 msgid "ssh_known_hosts_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1482
+#: sssd.conf.5.xml:1499
 msgid ""
 "How many seconds to keep a host in the managed known_hosts file after its "
 "host keys were requested."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1486
+#: sssd.conf.5.xml:1503
 msgid "Default: 180"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1491
-msgid "ca_db (string)"
+#: sssd.conf.5.xml:1508
+msgid "ssh_use_certificate_keys (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1494
+#: sssd.conf.5.xml:1511
 msgid ""
-"Path to a storage of trusted CA certificates. The option is used to validate "
-"user certificates before deriving public ssh keys from them."
+"If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh "
+"keys derived from the public key of X.509 certificates stored in the user "
+"entry as well. See <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</"
+"refentrytitle> <manvolnum>1</manvolnum> </citerefentry> for details."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1526
+msgid "ca_db (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1499
-msgid "Default: /etc/pki/nssdb"
+#: sssd.conf.5.xml:1529
+msgid ""
+"Path to a storage of trusted CA certificates. The option is used to validate "
+"user certificates before deriving public ssh keys from them."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1507
+#: sssd.conf.5.xml:1557
 msgid "PAC responder configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1509
+#: sssd.conf.5.xml:1559
 msgid ""
 "The PAC responder works together with the authorization data plugin for MIT "
 "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -1902,7 +1945,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1518
+#: sssd.conf.5.xml:1568
 msgid ""
 "If the remote user does not exist in the cache, it is created. The UID is "
 "determined with the help of the SID, trusted domains will have UPGs and the "
@@ -1913,24 +1956,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1526
+#: sssd.conf.5.xml:1576
 msgid ""
 "If there are SIDs of groups from domains sssd knows about, the user will be "
 "added to those groups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1532
+#: sssd.conf.5.xml:1582
 msgid "These options can be used to configure the PAC responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1536 sssd-ifp.5.xml:50
+#: sssd.conf.5.xml:1586 sssd-ifp.5.xml:50
 msgid "allowed_uids (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1539
+#: sssd.conf.5.xml:1589
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -1938,12 +1981,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1545
+#: sssd.conf.5.xml:1595
 msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1549
+#: sssd.conf.5.xml:1599
 msgid ""
 "Please note that although the UID 0 is used as the default it will be "
 "overwritten with this option. If you still want to allow the root user to "
@@ -1952,24 +1995,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1558
+#: sssd.conf.5.xml:1608
 msgid "pac_lifetime (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1561
+#: sssd.conf.5.xml:1611
 msgid ""
 "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
 "data can be used to determine the group memberships of a user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1574
+#: sssd.conf.5.xml:1624
 msgid "Session recording configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1576
+#: sssd.conf.5.xml:1626
 msgid ""
 "Session recording works in conjunction with <citerefentry> "
 "<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </"
@@ -1979,68 +2022,66 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1589
+#: sssd.conf.5.xml:1639
 msgid "These options can be used to configure session recording."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1593 sssd-session-recording.5.xml:64
+#: sssd.conf.5.xml:1643 sssd-session-recording.5.xml:64
 msgid "scope (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1600 sssd-session-recording.5.xml:71
+#: sssd.conf.5.xml:1650 sssd-session-recording.5.xml:71
 msgid "\"none\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1603 sssd-session-recording.5.xml:74
+#: sssd.conf.5.xml:1653 sssd-session-recording.5.xml:74
 msgid "No users are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1608 sssd-session-recording.5.xml:79
+#: sssd.conf.5.xml:1658 sssd-session-recording.5.xml:79
 msgid "\"some\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1611 sssd-session-recording.5.xml:82
+#: sssd.conf.5.xml:1661 sssd-session-recording.5.xml:82
 msgid ""
 "Users/groups specified by <replaceable>users</replaceable> and "
 "<replaceable>groups</replaceable> options are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1620 sssd-session-recording.5.xml:91
+#: sssd.conf.5.xml:1670 sssd-session-recording.5.xml:91
 msgid "\"all\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1623 sssd-session-recording.5.xml:94
+#: sssd.conf.5.xml:1673 sssd-session-recording.5.xml:94
 msgid "All users are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1596 sssd-session-recording.5.xml:67
+#: sssd.conf.5.xml:1646 sssd-session-recording.5.xml:67
 msgid ""
 "One of the following strings specifying the scope of session recording: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1630 sssd-session-recording.5.xml:101
-#, fuzzy
-#| msgid "Default: 3"
+#: sssd.conf.5.xml:1680 sssd-session-recording.5.xml:101
 msgid "Default: \"none\""
-msgstr "Пешфарз: 3"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1635 sssd-session-recording.5.xml:106
+#: sssd.conf.5.xml:1685 sssd-session-recording.5.xml:106
 msgid "users (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1638 sssd-session-recording.5.xml:109
+#: sssd.conf.5.xml:1688 sssd-session-recording.5.xml:109
 msgid ""
 "A comma-separated list of users which should have session recording enabled. "
 "Matches user names as returned by NSS. I.e. after the possible space "
@@ -2048,17 +2089,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1644 sssd-session-recording.5.xml:115
+#: sssd.conf.5.xml:1694 sssd-session-recording.5.xml:115
 msgid "Default: Empty. Matches no users."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1649 sssd-session-recording.5.xml:120
+#: sssd.conf.5.xml:1699 sssd-session-recording.5.xml:120
 msgid "groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1652 sssd-session-recording.5.xml:123
+#: sssd.conf.5.xml:1702 sssd-session-recording.5.xml:123
 msgid ""
 "A comma-separated list of groups, members of which should have session "
 "recording enabled. Matches group names as returned by NSS. I.e. after the "
@@ -2066,7 +2107,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1658 sssd-session-recording.5.xml:129
+#: sssd.conf.5.xml:1708 sssd-session-recording.5.xml:129
 msgid ""
 "NOTE: using this option (having it set to anything) has a considerable "
 "performance cost, because each uncached request for a user requires "
@@ -2074,22 +2115,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1665 sssd-session-recording.5.xml:136
+#: sssd.conf.5.xml:1715 sssd-session-recording.5.xml:136
 msgid "Default: Empty. Matches no groups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1675
+#: sssd.conf.5.xml:1725
 msgid "DOMAIN SECTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1682
+#: sssd.conf.5.xml:1732
 msgid "domain_type (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1685
+#: sssd.conf.5.xml:1735
 msgid ""
 "Specifies whether the domain is meant to be used by POSIX-aware clients such "
 "as the Name Service Switch or by applications that do not need POSIX data to "
@@ -2098,14 +2139,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1693
+#: sssd.conf.5.xml:1743
 msgid ""
 "Allowed values for this option are <quote>posix</quote> and "
 "<quote>application</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1697
+#: sssd.conf.5.xml:1747
 msgid ""
 "POSIX domains are reachable by all services. Application domains are only "
 "reachable from the InfoPipe responder (see <citerefentry> "
@@ -2114,38 +2155,38 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1705
+#: sssd.conf.5.xml:1755
 msgid ""
 "NOTE: The application domains are currently well tested with "
 "<quote>id_provider=ldap</quote> only."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1709
+#: sssd.conf.5.xml:1759
 msgid ""
 "For an easy way to configure a non-POSIX domains, please see the "
 "<quote>Application domains</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1713
+#: sssd.conf.5.xml:1763
 msgid "Default: posix"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1719
+#: sssd.conf.5.xml:1769
 msgid "min_id,max_id (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1722
+#: sssd.conf.5.xml:1772
 msgid ""
 "UID and GID limits for the domain. If a domain contains an entry that is "
 "outside these limits, it is ignored."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1727
+#: sssd.conf.5.xml:1777
 msgid ""
 "For users, this affects the primary GID limit. The user will not be returned "
 "to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -2154,24 +2195,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1734
+#: sssd.conf.5.xml:1784
 msgid ""
 "These ID limits affect even saving entries to cache, not only returning them "
 "by name or ID."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1738
+#: sssd.conf.5.xml:1788
 msgid "Default: 1 for min_id, 0 (no limit) for max_id"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1744
+#: sssd.conf.5.xml:1794
 msgid "enumerate (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1747
+#: sssd.conf.5.xml:1797
 msgid ""
 "Determines if a domain can be enumerated, that is, whether the domain can "
 "list all the users and group it contains. Note that it is not required to "
@@ -2180,29 +2221,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1755
+#: sssd.conf.5.xml:1805
 msgid "TRUE = Users and groups are enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1758
+#: sssd.conf.5.xml:1808
 msgid "FALSE = No enumerations for this domain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1761 sssd.conf.5.xml:1983 sssd.conf.5.xml:2150
+#: sssd.conf.5.xml:1811 sssd.conf.5.xml:2033 sssd.conf.5.xml:2208
 msgid "Default: FALSE"
 msgstr "Пешфарз: FALSE"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1764
+#: sssd.conf.5.xml:1814
 msgid ""
 "Enumerating a domain requires SSSD to download and store ALL user and group "
 "entries from the remote server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1769
+#: sssd.conf.5.xml:1819
 msgid ""
 "Note: Enabling enumeration has a moderate performance impact on SSSD while "
 "enumeration is running. It may take up to several minutes after SSSD startup "
@@ -2216,14 +2257,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1784
+#: sssd.conf.5.xml:1834
 msgid ""
 "While the first enumeration is running, requests for the complete user or "
 "group lists may return no results until it completes."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1789
+#: sssd.conf.5.xml:1839
 msgid ""
 "Further, enabling enumeration may increase the time necessary to detect "
 "network disconnection, as longer timeouts are required to ensure that "
@@ -2232,39 +2273,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1797
+#: sssd.conf.5.xml:1847
 msgid ""
 "For the reasons cited above, enabling enumeration is not recommended, "
 "especially in large environments."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1805
+#: sssd.conf.5.xml:1855
 msgid "subdomain_enumerate (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1812
+#: sssd.conf.5.xml:1862
 msgid "all"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1813
+#: sssd.conf.5.xml:1863
 msgid "All discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1816
+#: sssd.conf.5.xml:1866
 msgid "none"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1817
+#: sssd.conf.5.xml:1867
 msgid "No discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1808
+#: sssd.conf.5.xml:1858
 msgid ""
 "Whether any of autodetected trusted domains should be enumerated. The "
 "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -2273,19 +2314,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1831
+#: sssd.conf.5.xml:1881
 msgid "entry_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1834
+#: sssd.conf.5.xml:1884
 msgid ""
 "How many seconds should nss_sss consider entries valid before asking the "
 "backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1838
+#: sssd.conf.5.xml:1888
 msgid ""
 "The cache expiration timestamps are stored as attributes of individual "
 "objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -2296,151 +2337,151 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1851
+#: sssd.conf.5.xml:1901
 msgid "Default: 5400"
 msgstr "Пешфарз: 5400"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1857
+#: sssd.conf.5.xml:1907
 msgid "entry_cache_user_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1860
+#: sssd.conf.5.xml:1910
 msgid ""
 "How many seconds should nss_sss consider user entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1864 sssd.conf.5.xml:1877 sssd.conf.5.xml:1890
-#: sssd.conf.5.xml:1903 sssd.conf.5.xml:1916 sssd.conf.5.xml:1930
-#: sssd.conf.5.xml:1944
+#: sssd.conf.5.xml:1914 sssd.conf.5.xml:1927 sssd.conf.5.xml:1940
+#: sssd.conf.5.xml:1953 sssd.conf.5.xml:1966 sssd.conf.5.xml:1980
+#: sssd.conf.5.xml:1994
 msgid "Default: entry_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1870
+#: sssd.conf.5.xml:1920
 msgid "entry_cache_group_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1873
+#: sssd.conf.5.xml:1923
 msgid ""
 "How many seconds should nss_sss consider group entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1883
+#: sssd.conf.5.xml:1933
 msgid "entry_cache_netgroup_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1886
+#: sssd.conf.5.xml:1936
 msgid ""
 "How many seconds should nss_sss consider netgroup entries valid before "
 "asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1896
+#: sssd.conf.5.xml:1946
 msgid "entry_cache_service_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1899
+#: sssd.conf.5.xml:1949
 msgid ""
 "How many seconds should nss_sss consider service entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1909
+#: sssd.conf.5.xml:1959
 msgid "entry_cache_sudo_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:1962
 msgid ""
 "How many seconds should sudo consider rules valid before asking the backend "
 "again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1922
+#: sssd.conf.5.xml:1972
 msgid "entry_cache_autofs_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1925
+#: sssd.conf.5.xml:1975
 msgid ""
 "How many seconds should the autofs service consider automounter maps valid "
 "before asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1936
+#: sssd.conf.5.xml:1986
 msgid "entry_cache_ssh_host_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1939
+#: sssd.conf.5.xml:1989
 msgid ""
 "How many seconds to keep a host ssh key after refresh. IE how long to cache "
 "the host key for."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1950
+#: sssd.conf.5.xml:2000
 msgid "refresh_expired_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1953
+#: sssd.conf.5.xml:2003
 msgid ""
 "Specifies how many seconds SSSD has to wait before triggering a background "
 "refresh task which will refresh all expired or nearly expired records."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1958
+#: sssd.conf.5.xml:2008
 msgid ""
 "The background refresh will process users, groups and netgroups in the cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1962
+#: sssd.conf.5.xml:2012
 msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1966 sssd-ldap.5.xml:746 sssd-ipa.5.xml:254
+#: sssd.conf.5.xml:2016 sssd-ldap.5.xml:746 sssd-ipa.5.xml:254
 msgid "Default: 0 (disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1972
+#: sssd.conf.5.xml:2022
 msgid "cache_credentials (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1975
+#: sssd.conf.5.xml:2025
 msgid "Determines if user credentials are also cached in the local LDB cache"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1979
+#: sssd.conf.5.xml:2029
 msgid "User credentials are stored in a SHA512 hash, not in plaintext"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1989
+#: sssd.conf.5.xml:2039
 msgid "cache_credentials_minimal_first_factor_length (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1992
+#: sssd.conf.5.xml:2042
 msgid ""
 "If 2-Factor-Authentication (2FA) is used and credentials should be saved "
 "this value determines the minimal length the first authentication factor "
@@ -2448,24 +2489,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1999
+#: sssd.conf.5.xml:2049
 msgid ""
 "This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
 "the cache which would make them easy targets for brute-force attacks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2004
+#: sssd.conf.5.xml:2054
 msgid "Default: 8"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2010
+#: sssd.conf.5.xml:2060
 msgid "account_cache_expiration (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2013
+#: sssd.conf.5.xml:2063
 msgid ""
 "Number of days entries are left in cache after last successful login before "
 "being removed during a cleanup of the cache. 0 means keep forever.  The "
@@ -2474,17 +2515,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2020
+#: sssd.conf.5.xml:2070
 msgid "Default: 0 (unlimited)"
 msgstr "Пешфарз: 0 (номаҳдуд)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2025
+#: sssd.conf.5.xml:2075
 msgid "pwd_expiration_warning (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2036
+#: sssd.conf.5.xml:2086
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -2493,33 +2534,42 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2043
+#: sssd.conf.5.xml:2093
 msgid "Default: 7 (Kerberos), 0 (LDAP)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2049
+#: sssd.conf.5.xml:2099
 msgid "id_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2052
+#: sssd.conf.5.xml:2102
 msgid ""
 "The identification provider used for the domain.  Supported ID providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2056
-msgid "<quote>proxy</quote>: Support a legacy NSS provider"
+#: sssd.conf.5.xml:2106
+msgid "<quote>proxy</quote>: Support a legacy NSS provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2059 sssd.conf.5.xml:2196
-msgid "<quote>local</quote>: SSSD internal provider for local users"
+#: sssd.conf.5.xml:2109
+msgid ""
+"<quote>local</quote>: SSSD internal provider for local users (DEPRECATED)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2063
+#: sssd.conf.5.xml:2113
+msgid ""
+"<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-"
+"files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
+"information on how to mirror local users and groups into SSSD."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2121
 msgid ""
 "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
 "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -2527,8 +2577,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2071 sssd.conf.5.xml:2176 sssd.conf.5.xml:2231
-#: sssd.conf.5.xml:2294
+#: sssd.conf.5.xml:2129 sssd.conf.5.xml:2234 sssd.conf.5.xml:2289
+#: sssd.conf.5.xml:2352
 msgid ""
 "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
 "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -2537,8 +2587,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2080 sssd.conf.5.xml:2185 sssd.conf.5.xml:2240
-#: sssd.conf.5.xml:2303
+#: sssd.conf.5.xml:2138 sssd.conf.5.xml:2243 sssd.conf.5.xml:2298
+#: sssd.conf.5.xml:2361
 msgid ""
 "<quote>ad</quote>: Active Directory provider. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2546,19 +2596,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2091
+#: sssd.conf.5.xml:2149
 msgid "use_fully_qualified_names (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2094
+#: sssd.conf.5.xml:2152
 msgid ""
 "Use the full name and domain (as formatted by the domain's full_name_format) "
 "as the user's login name reported to NSS."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2099
+#: sssd.conf.5.xml:2157
 msgid ""
 "If set to TRUE, all requests to this domain must use fully qualified names. "
 "For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -2567,7 +2617,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2107
+#: sssd.conf.5.xml:2165
 msgid ""
 "NOTE: This option has no effect on netgroup lookups due to their tendency to "
 "include nested netgroups without qualified names. For netgroups, all domains "
@@ -2575,22 +2625,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2114
+#: sssd.conf.5.xml:2172
 msgid "Default: FALSE (TRUE if default_domain_suffix is used)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2120
+#: sssd.conf.5.xml:2178
 msgid "ignore_group_members (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2123
+#: sssd.conf.5.xml:2181
 msgid "Do not return group members for group lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2126
+#: sssd.conf.5.xml:2184
 msgid ""
 "If set to TRUE, the group membership attribute is not requested from the "
 "ldap server, and group members are not returned when processing group lookup "
@@ -2602,7 +2652,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2144
+#: sssd.conf.5.xml:2202
 msgid ""
 "Enabling this option can also make access provider checks for group "
 "membership significantly faster, especially for groups containing many "
@@ -2610,19 +2660,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2155
+#: sssd.conf.5.xml:2213
 msgid "auth_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2158
+#: sssd.conf.5.xml:2216
 msgid ""
 "The authentication provider used for the domain.  Supported auth providers "
 "are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2162 sssd.conf.5.xml:2224
+#: sssd.conf.5.xml:2220 sssd.conf.5.xml:2282
 msgid ""
 "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2630,7 +2680,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2169
+#: sssd.conf.5.xml:2227
 msgid ""
 "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2638,30 +2688,35 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2193
+#: sssd.conf.5.xml:2251
 msgid ""
 "<quote>proxy</quote> for relaying authentication to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2200
+#: sssd.conf.5.xml:2254
+msgid "<quote>local</quote>: SSSD internal provider for local users"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2258
 msgid "<quote>none</quote> disables authentication explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2203
+#: sssd.conf.5.xml:2261
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "authentication requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2209
+#: sssd.conf.5.xml:2267
 msgid "access_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2212
+#: sssd.conf.5.xml:2270
 msgid ""
 "The access control provider used for the domain.  There are two built-in "
 "access providers (in addition to any included in installed backends)  "
@@ -2669,19 +2724,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2218
+#: sssd.conf.5.xml:2276
 msgid ""
 "<quote>permit</quote> always allow access. It's the only permitted access "
 "provider for a local domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2221
+#: sssd.conf.5.xml:2279
 msgid "<quote>deny</quote> always deny access."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2248
+#: sssd.conf.5.xml:2306
 msgid ""
 "<quote>simple</quote> access control based on access or deny lists. See "
 "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -2690,7 +2745,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2255
+#: sssd.conf.5.xml:2313
 msgid ""
 "<quote>krb5</quote>: .k5login based access control.  See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
@@ -2698,29 +2753,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2262
+#: sssd.conf.5.xml:2320
 msgid "<quote>proxy</quote> for relaying access control to another PAM module."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2265
+#: sssd.conf.5.xml:2323
 msgid "Default: <quote>permit</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2270
+#: sssd.conf.5.xml:2328
 msgid "chpass_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2273
+#: sssd.conf.5.xml:2331
 msgid ""
 "The provider which should handle change password operations for the domain.  "
 "Supported change password providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2278
+#: sssd.conf.5.xml:2336
 msgid ""
 "<quote>ldap</quote> to change a password stored in a LDAP server. See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -2728,7 +2783,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2286
+#: sssd.conf.5.xml:2344
 msgid ""
 "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2736,35 +2791,35 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2311
+#: sssd.conf.5.xml:2369
 msgid ""
 "<quote>proxy</quote> for relaying password changes to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2315
+#: sssd.conf.5.xml:2373
 msgid "<quote>none</quote> disallows password changes explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2318
+#: sssd.conf.5.xml:2376
 msgid ""
 "Default: <quote>auth_provider</quote> is used if it is set and can handle "
 "change password requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2325
+#: sssd.conf.5.xml:2383
 msgid "sudo_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2328
+#: sssd.conf.5.xml:2386
 msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2332
+#: sssd.conf.5.xml:2390
 msgid ""
 "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2772,32 +2827,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2340
+#: sssd.conf.5.xml:2398
 msgid ""
 "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2344
+#: sssd.conf.5.xml:2402
 msgid ""
 "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2348
+#: sssd.conf.5.xml:2406
 msgid "<quote>none</quote> disables SUDO explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2351 sssd.conf.5.xml:2437 sssd.conf.5.xml:2507
-#: sssd.conf.5.xml:2532
+#: sssd.conf.5.xml:2409 sssd.conf.5.xml:2495 sssd.conf.5.xml:2565
+#: sssd.conf.5.xml:2590
 msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2355
+#: sssd.conf.5.xml:2413
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -2808,7 +2863,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2370
+#: sssd.conf.5.xml:2428
 msgid ""
 "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the "
 "background unless the sudo provider is explicitly disabled. Set "
@@ -2817,12 +2872,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2380
+#: sssd.conf.5.xml:2438
 msgid "selinux_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2383
+#: sssd.conf.5.xml:2441
 msgid ""
 "The provider which should handle loading of selinux settings. Note that this "
 "provider will be called right after access provider ends.  Supported selinux "
@@ -2830,7 +2885,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2389
+#: sssd.conf.5.xml:2447
 msgid ""
 "<quote>ipa</quote> to load selinux settings from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2838,31 +2893,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2397
+#: sssd.conf.5.xml:2455
 msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2400
+#: sssd.conf.5.xml:2458
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "selinux loading requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2406
+#: sssd.conf.5.xml:2464
 msgid "subdomains_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2409
+#: sssd.conf.5.xml:2467
 msgid ""
 "The provider which should handle fetching of subdomains. This value should "
 "be always the same as id_provider.  Supported subdomain providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2415
+#: sssd.conf.5.xml:2473
 msgid ""
 "<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2870,7 +2925,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2424
+#: sssd.conf.5.xml:2482
 msgid ""
 "<quote>ad</quote> to load a list of subdomains from an Active Directory "
 "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -2879,17 +2934,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2433
+#: sssd.conf.5.xml:2491
 msgid "<quote>none</quote> disallows fetching subdomains explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2443
+#: sssd.conf.5.xml:2501
 msgid "session_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2446
+#: sssd.conf.5.xml:2504
 msgid ""
 "The provider which configures and manages user session related tasks. The "
 "only user session task currently provided is the integration with Fleet "
@@ -2897,43 +2952,43 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2453
+#: sssd.conf.5.xml:2511
 msgid "<quote>ipa</quote> to allow performing user session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2457
+#: sssd.conf.5.xml:2515
 msgid ""
 "<quote>none</quote> does not perform any kind of user session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2461
+#: sssd.conf.5.xml:2519
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can perform "
 "session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2465
+#: sssd.conf.5.xml:2523
 msgid ""
 "<emphasis>NOTE:</emphasis> In order to have this feature working as expected "
 "SSSD must be running as \"root\" and not as the unprivileged user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2473
+#: sssd.conf.5.xml:2531
 msgid "autofs_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2476
+#: sssd.conf.5.xml:2534
 msgid ""
 "The autofs provider used for the domain.  Supported autofs providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2480
+#: sssd.conf.5.xml:2538
 msgid ""
 "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2941,7 +2996,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2487
+#: sssd.conf.5.xml:2545
 msgid ""
 "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
 "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2949,7 +3004,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2495
+#: sssd.conf.5.xml:2553
 msgid ""
 "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2957,24 +3012,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2504
+#: sssd.conf.5.xml:2562
 msgid "<quote>none</quote> disables autofs explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2514
+#: sssd.conf.5.xml:2572
 msgid "hostid_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2517
+#: sssd.conf.5.xml:2575
 msgid ""
 "The provider used for retrieving host identity information.  Supported "
 "hostid providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2521
+#: sssd.conf.5.xml:2579
 msgid ""
 "<quote>ipa</quote> to load host identity stored in an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2982,12 +3037,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2529
+#: sssd.conf.5.xml:2587
 msgid "<quote>none</quote> disables hostid explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2542
+#: sssd.conf.5.xml:2600
 msgid ""
 "Regular expression for this domain that describes how to parse the string "
 "containing user name and domain into these components.  The \"domain\" can "
@@ -2997,7 +3052,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2551
+#: sssd.conf.5.xml:2609
 msgid ""
 "Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
 "\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -3006,29 +3061,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2556
+#: sssd.conf.5.xml:2614
 msgid "username"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2559
+#: sssd.conf.5.xml:2617
 msgid "username@domain.name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2562
+#: sssd.conf.5.xml:2620
 msgid "domain\\username"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2565
+#: sssd.conf.5.xml:2623
 msgid ""
 "While the first two correspond to the general default the third one is "
 "introduced to allow easy integration of users from Windows domains."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2570
+#: sssd.conf.5.xml:2628
 msgid ""
 "Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
 "which translates to \"the name is everything up to the <quote>@</quote> "
@@ -3036,7 +3091,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2576
+#: sssd.conf.5.xml:2634
 msgid ""
 "PLEASE NOTE: the support for non-unique named subpatterns is not available "
 "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -3044,66 +3099,66 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2583
+#: sssd.conf.5.xml:2641
 msgid ""
 "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
 "P&lt;name&gt;) to label subpatterns."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2630
+#: sssd.conf.5.xml:2688
 msgid "Default: <quote>%1$s@%2$s</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2636
+#: sssd.conf.5.xml:2694
 msgid "lookup_family_order (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2639
+#: sssd.conf.5.xml:2697
 msgid ""
 "Provides the ability to select preferred address family to use when "
 "performing DNS lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2643
+#: sssd.conf.5.xml:2701
 msgid "Supported values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2646
+#: sssd.conf.5.xml:2704
 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2649
+#: sssd.conf.5.xml:2707
 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2652
+#: sssd.conf.5.xml:2710
 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2655
+#: sssd.conf.5.xml:2713
 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2658
+#: sssd.conf.5.xml:2716
 msgid "Default: ipv4_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2664
+#: sssd.conf.5.xml:2722
 msgid "dns_resolver_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2667
+#: sssd.conf.5.xml:2725
 msgid ""
 "Defines the amount of time (in seconds) to wait for a reply from the "
 "internal fail over service before assuming that the service is unreachable. "
@@ -3112,77 +3167,77 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2674
+#: sssd.conf.5.xml:2732
 msgid ""
 "Please see the section <quote>FAILOVER</quote> for more information about "
 "the service resolution."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2679 sssd-ldap.5.xml:1396 sssd-ldap.5.xml:1438
+#: sssd.conf.5.xml:2737 sssd-ldap.5.xml:1396 sssd-ldap.5.xml:1438
 #: sssd-ldap.5.xml:1456 sssd-krb5.5.xml:248
 msgid "Default: 6"
 msgstr "Пешфарз: 6"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2685
+#: sssd.conf.5.xml:2743
 msgid "dns_discovery_domain (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2688
+#: sssd.conf.5.xml:2746
 msgid ""
 "If service discovery is used in the back end, specifies the domain part of "
 "the service discovery DNS query."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2692
+#: sssd.conf.5.xml:2750
 msgid "Default: Use the domain part of machine's hostname"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2698
+#: sssd.conf.5.xml:2756
 msgid "override_gid (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2701
+#: sssd.conf.5.xml:2759
 msgid "Override the primary GID value with the one specified."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2707
+#: sssd.conf.5.xml:2765
 msgid "case_sensitive (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2715
+#: sssd.conf.5.xml:2773
 msgid "True"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2718
+#: sssd.conf.5.xml:2776
 msgid "Case sensitive. This value is invalid for AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2724
+#: sssd.conf.5.xml:2782
 msgid "False"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2726
+#: sssd.conf.5.xml:2784
 msgid "Case insensitive."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2730
+#: sssd.conf.5.xml:2788
 msgid "Preserving"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2733
+#: sssd.conf.5.xml:2791
 msgid ""
 "Same as False (case insensitive), but does not lowercase names in the result "
 "of NSS operations. Note that name aliases (and in case of services also "
@@ -3190,7 +3245,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2710
+#: sssd.conf.5.xml:2768
 msgid ""
 "Treat user and group names as case sensitive. At the moment, this option is "
 "not supported in the local provider. Possible option values are: "
@@ -3198,17 +3253,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2745
+#: sssd.conf.5.xml:2803
 msgid "Default: True (False for AD provider)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2751
+#: sssd.conf.5.xml:2809
 msgid "subdomain_inherit (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2754
+#: sssd.conf.5.xml:2812
 msgid ""
 "Specifies a list of configuration parameters that should be inherited by a "
 "subdomain. Please note that only selected parameters can be inherited.  "
@@ -3216,34 +3271,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2760
+#: sssd.conf.5.xml:2818
 msgid "ignore_group_members"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2763
+#: sssd.conf.5.xml:2821
 msgid "ldap_purge_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2766 sssd-ldap.5.xml:1120
+#: sssd.conf.5.xml:2824 sssd-ldap.5.xml:1120
 msgid "ldap_use_tokengroups"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2769
+#: sssd.conf.5.xml:2827
 msgid "ldap_user_principal"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2772
+#: sssd.conf.5.xml:2830
 msgid ""
 "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
 "is not set explicitly)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:2778
+#: sssd.conf.5.xml:2836
 #, no-wrap
 msgid ""
 "subdomain_inherit = ldap_purge_cache_timeout\n"
@@ -3251,32 +3306,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2776 sssd-secrets.5.xml:448
+#: sssd.conf.5.xml:2834 sssd-secrets.5.xml:448
 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2785
+#: sssd.conf.5.xml:2843
 msgid "Note: This option only works with the IPA and AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2792
+#: sssd.conf.5.xml:2850
 msgid "subdomain_homedir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2803
+#: sssd.conf.5.xml:2861
 msgid "%F"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2804
+#: sssd.conf.5.xml:2862
 msgid "flat (NetBIOS) name of a subdomain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2795
+#: sssd.conf.5.xml:2853
 msgid ""
 "Use this homedir as default value for all subdomains within this domain in "
 "IPA AD trust.  See <emphasis>override_homedir</emphasis> for info about "
@@ -3286,34 +3341,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2809
+#: sssd.conf.5.xml:2867
 msgid ""
 "The value can be overridden by <emphasis>override_homedir</emphasis> option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2813
+#: sssd.conf.5.xml:2871
 msgid "Default: <filename>/home/%d/%u</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2818
+#: sssd.conf.5.xml:2876
 msgid "realmd_tags (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2821
+#: sssd.conf.5.xml:2879
 msgid ""
 "Various tags stored by the realmd configuration service for this domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2827
+#: sssd.conf.5.xml:2885
 msgid "cached_auth_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2830
+#: sssd.conf.5.xml:2888
 msgid ""
 "Specifies time in seconds since last successful online authentication for "
 "which user will be authenticated using cached credentials while SSSD is in "
@@ -3321,12 +3376,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2836
+#: sssd.conf.5.xml:2894
 msgid "Special value 0 implies that this feature is disabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2840
+#: sssd.conf.5.xml:2898
 msgid ""
 "Please note that if <quote>cached_auth_timeout</quote> is longer than "
 "<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -3334,26 +3389,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2851
+#: sssd.conf.5.xml:2909
 msgid "auto_private_groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2854
+#: sssd.conf.5.xml:2912
 msgid ""
 "If this option is enabled, SSSD will automatically create user private "
 "groups based on user's UID number. The GID number is ignored in this case."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2859
+#: sssd.conf.5.xml:2917
 msgid ""
 "For POSIX subdomains, setting the option in the main domain is inherited in "
 "the subdomain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2863
+#: sssd.conf.5.xml:2921
 msgid ""
 "For ID-mapping subdomains, auto_private_groups is already enabled for the "
 "subdomains and setting it to false will not have any effect for the "
@@ -3361,7 +3416,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2868
+#: sssd.conf.5.xml:2926
 msgid ""
 "NOTE: Because the GID number and the user private group are inferred from "
 "the UID number, it is not supported to have multiple entries with the same "
@@ -3370,7 +3425,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1677
+#: sssd.conf.5.xml:1727
 msgid ""
 "These configuration options can be present in a domain configuration "
 "section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -3378,29 +3433,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2887
+#: sssd.conf.5.xml:2945
 msgid "proxy_pam_target (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2890
+#: sssd.conf.5.xml:2948
 msgid "The proxy target PAM proxies to."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2893
+#: sssd.conf.5.xml:2951
 msgid ""
 "Default: not set by default, you have to take an existing pam configuration "
 "or create a new one and add the service name here."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2901
+#: sssd.conf.5.xml:2959
 msgid "proxy_lib_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2904
+#: sssd.conf.5.xml:2962
 msgid ""
 "The name of the NSS library to use in proxy domains. The NSS functions "
 "searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -3408,12 +3463,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2914
+#: sssd.conf.5.xml:2972
 msgid "proxy_fast_alias (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2917
+#: sssd.conf.5.xml:2975
 msgid ""
 "When a user or group is looked up by name in the proxy provider, a second "
 "lookup by ID is performed to \"canonicalize\" the name in case the requested "
@@ -3422,12 +3477,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2931
+#: sssd.conf.5.xml:2989
 msgid "proxy_max_children (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2934
+#: sssd.conf.5.xml:2992
 msgid ""
 "This option specifies the number of pre-forked proxy children. It is useful "
 "for high-load SSSD environments where sssd may run out of available child "
@@ -3435,19 +3490,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2883
+#: sssd.conf.5.xml:2941
 msgid ""
 "Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
 "\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2950
+#: sssd.conf.5.xml:3008
 msgid "Application domains"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2952
+#: sssd.conf.5.xml:3010
 msgid ""
 "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</"
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to "
@@ -3464,7 +3519,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2972
+#: sssd.conf.5.xml:3030
 msgid ""
 "Please note that the application domain must still be explicitly enabled in "
 "the <quote>domains</quote> parameter so that the lookup order between the "
@@ -3472,17 +3527,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:2978
+#: sssd.conf.5.xml:3036
 msgid "Application domain parameters"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2980
+#: sssd.conf.5.xml:3038
 msgid "inherit_from (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2983
+#: sssd.conf.5.xml:3041
 msgid ""
 "The SSSD POSIX-type domain the application domain inherits all settings "
 "from. The application domain can moreover add its own settings to the "
@@ -3491,7 +3546,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2997
+#: sssd.conf.5.xml:3055
 msgid ""
 "The following example illustrates the use of an application domain. In this "
 "setup, the POSIX domain is connected to an LDAP server and is used by the OS "
@@ -3501,7 +3556,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting>
-#: sssd.conf.5.xml:3005
+#: sssd.conf.5.xml:3063
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -3521,12 +3576,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:3023
+#: sssd.conf.5.xml:3081
 msgid "The local domain section"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:3025
+#: sssd.conf.5.xml:3083
 msgid ""
 "This section contains settings for domain that stores users and groups in "
 "SSSD native database, that is, a domain that uses "
@@ -3534,73 +3589,73 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3032
+#: sssd.conf.5.xml:3090
 msgid "default_shell (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3035
+#: sssd.conf.5.xml:3093
 msgid "The default shell for users created with SSSD userspace tools."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3039
+#: sssd.conf.5.xml:3097
 msgid "Default: <filename>/bin/bash</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3044
+#: sssd.conf.5.xml:3102
 msgid "base_directory (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3047
+#: sssd.conf.5.xml:3105
 msgid ""
 "The tools append the login name to <replaceable>base_directory</replaceable> "
 "and use that as the home directory."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3052
+#: sssd.conf.5.xml:3110
 msgid "Default: <filename>/home</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3057
+#: sssd.conf.5.xml:3115
 msgid "create_homedir (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3060
+#: sssd.conf.5.xml:3118
 msgid ""
 "Indicate if a home directory should be created by default for new users.  "
 "Can be overridden on command line."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3064 sssd.conf.5.xml:3076
+#: sssd.conf.5.xml:3122 sssd.conf.5.xml:3134
 msgid "Default: TRUE"
 msgstr "Пешфарз: TRUE"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3069
+#: sssd.conf.5.xml:3127
 msgid "remove_homedir (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3072
+#: sssd.conf.5.xml:3130
 msgid ""
 "Indicate if a home directory should be removed by default for deleted "
 "users.  Can be overridden on command line."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3081
+#: sssd.conf.5.xml:3139
 msgid "homedir_umask (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3084
+#: sssd.conf.5.xml:3142
 msgid ""
 "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
 "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -3608,17 +3663,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3092
+#: sssd.conf.5.xml:3150
 msgid "Default: 077"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3097
+#: sssd.conf.5.xml:3155
 msgid "skel_dir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3100
+#: sssd.conf.5.xml:3158
 msgid ""
 "The skeleton directory, which contains files and directories to be copied in "
 "the user's home directory, when the home directory is created by "
@@ -3627,17 +3682,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3110
+#: sssd.conf.5.xml:3168
 msgid "Default: <filename>/etc/skel</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3115
+#: sssd.conf.5.xml:3173
 msgid "mail_dir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3118
+#: sssd.conf.5.xml:3176
 msgid ""
 "The mail spool directory. This is needed to manipulate the mailbox when its "
 "corresponding user account is modified or deleted.  If not specified, a "
@@ -3645,17 +3700,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3125
+#: sssd.conf.5.xml:3183
 msgid "Default: <filename>/var/mail</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3130
+#: sssd.conf.5.xml:3188
 msgid "userdel_cmd (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3133
+#: sssd.conf.5.xml:3191
 msgid ""
 "The command that is run after a user is removed.  The command us passed the "
 "username of the user being removed as the first and only parameter. The "
@@ -3663,17 +3718,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3139
+#: sssd.conf.5.xml:3197
 msgid "Default: None, no command is run"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:3149
+#: sssd.conf.5.xml:3207
 msgid "TRUSTED DOMAIN SECTION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3151
+#: sssd.conf.5.xml:3209
 msgid ""
 "Some options used in the domain section can also be used in the trusted "
 "domain section, that is, in a section called <quote>[domain/"
@@ -3684,64 +3739,64 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3158
+#: sssd.conf.5.xml:3216
 msgid "ldap_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3159
+#: sssd.conf.5.xml:3217
 msgid "ldap_user_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3160
+#: sssd.conf.5.xml:3218
 msgid "ldap_group_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3161
+#: sssd.conf.5.xml:3219
 msgid "ldap_netgroup_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3162
+#: sssd.conf.5.xml:3220
 msgid "ldap_service_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3163
+#: sssd.conf.5.xml:3221
 msgid "ad_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3164
+#: sssd.conf.5.xml:3222
 msgid "ad_backup_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3165
+#: sssd.conf.5.xml:3223
 msgid "ad_site,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3166
+#: sssd.conf.5.xml:3224
 msgid "use_fully_qualified_names"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3168
+#: sssd.conf.5.xml:3226
 msgid ""
 "For more details about these options see their individual description in the "
 "manual page."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:3174 idmap_sss.8.xml:43
+#: sssd.conf.5.xml:3232 idmap_sss.8.xml:43
 msgid "EXAMPLES"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:3180
+#: sssd.conf.5.xml:3238
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -3771,7 +3826,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3176
+#: sssd.conf.5.xml:3234
 msgid ""
 "1. The following example shows a typical SSSD config. It does not describe "
 "configuration of the domains themselves - refer to documentation on "
@@ -3780,7 +3835,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:3213
+#: sssd.conf.5.xml:3271
 #, no-wrap
 msgid ""
 "[domain/ipa.com/child.ad.com]\n"
@@ -3788,7 +3843,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3207
+#: sssd.conf.5.xml:3265
 msgid ""
 "2. The following example shows configuration of IPA AD trust where the AD "
 "forest consists of two domains in a parent-child structure.  Suppose IPA "
@@ -3836,7 +3891,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:81 sssd-ad.5.xml:112
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:81 sssd-ad.5.xml:115
 #: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44 sssd-files.5.xml:57
 #: sssd-secrets.5.xml:120 sssd-session-recording.5.xml:58 sssd-kcm.8.xml:139
 msgid "CONFIGURATION OPTIONS"
@@ -3937,7 +3992,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:662 sssd-ad.5.xml:283
+#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:662 sssd-ad.5.xml:286
 #: sss_override.8.xml:137 sss_override.8.xml:234
 msgid "Examples:"
 msgstr "Намунаҳо:"
@@ -4763,10 +4818,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:855
-#, fuzzy
-#| msgid "Default: root"
 msgid "Default: rhost"
-msgstr "Пешфарз: root"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:861
@@ -5152,10 +5205,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1248
-#, fuzzy
-#| msgid "Default: 3"
 msgid "Default: fqdn"
-msgstr "Пешфарз: 3"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1254
@@ -5164,10 +5215,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1261
-#, fuzzy
-#| msgid "Default: root"
 msgid "Default: serverHostname"
-msgstr "Пешфарз: root"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1267
@@ -5757,7 +5806,7 @@ msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1853 sssd-ad.5.xml:934
+#: sssd-ldap.5.xml:1853 sssd-ad.5.xml:937
 msgid "Default: 86400 (24 hours)"
 msgstr ""
 
@@ -6829,8 +6878,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd-ldap.5.xml:2816 sssd-simple.5.xml:131 sssd-ipa.5.xml:736
-#: sssd-ad.5.xml:1038 sssd-krb5.5.xml:570 sss_rpcidmapd.5.xml:98
-#: sssd-files.5.xml:71 sssd-session-recording.5.xml:144
+#: sssd-ad.5.xml:1041 sssd-krb5.5.xml:570 sss_rpcidmapd.5.xml:98
+#: sssd-files.5.xml:103 sssd-session-recording.5.xml:144
 msgid "EXAMPLE"
 msgstr "НАМУНА"
 
@@ -6857,8 +6906,8 @@ msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para>
 #: sssd-ldap.5.xml:2823 sssd-ldap.5.xml:2841 sssd-simple.5.xml:139
-#: sssd-ipa.5.xml:744 sssd-ad.5.xml:1046 sssd-sudo.5.xml:56 sssd-krb5.5.xml:579
-#: sssd-files.5.xml:78 sssd-session-recording.5.xml:150
+#: sssd-ipa.5.xml:744 sssd-ad.5.xml:1049 sssd-sudo.5.xml:56 sssd-krb5.5.xml:579
+#: sssd-files.5.xml:110 sssd-session-recording.5.xml:150
 #: include/ldap_id_mapping.xml:105
 msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
@@ -6893,7 +6942,7 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd-ldap.5.xml:2857 sssd_krb5_locator_plugin.8.xml:61 sssd-simple.5.xml:148
-#: sssd-ad.5.xml:1061 sssd.8.xml:230 sss_seed.8.xml:163
+#: sssd-ad.5.xml:1064 sssd.8.xml:230 sss_seed.8.xml:163
 msgid "NOTES"
 msgstr "ЭЗОҲҲО"
 
@@ -7304,7 +7353,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:82 sssd-ad.5.xml:113
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:82 sssd-ad.5.xml:116
 msgid ""
 "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
 "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -7401,23 +7450,24 @@ msgstr ""
 msgid ""
 "The rules are processed by priority while the number '0' (zero)  indicates "
 "the highest priority. The higher the number the lower is the priority. A "
-"missing value indicates the lowest priority."
+"missing value indicates the lowest priority. The rules processing is stopped "
+"when a matched rule is found and no further rules are checked."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:50
+#: sss-certmap.5.xml:52
 msgid ""
 "Internally the priority is treated as unsigned 32bit integer, using a "
 "priority value larger than 4294967295 will cause an error."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sss-certmap.5.xml:55
+#: sss-certmap.5.xml:57
 msgid "MATCHING RULE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:57
+#: sss-certmap.5.xml:59
 msgid ""
 "The matching rule is used to select a certificate to which the mapping rule "
 "should be applied. It uses a system similar to the one used by "
@@ -7429,12 +7479,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:69
+#: sss-certmap.5.xml:71
 msgid "&lt;SUBJECT&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:72
+#: sss-certmap.5.xml:74
 msgid ""
 "With this a part or the whole subject name of the certificate can be "
 "matched. For the matching POSIX Extended Regular Expression syntax is used, "
@@ -7442,7 +7492,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:78
+#: sss-certmap.5.xml:80
 msgid ""
 "For the matching the subject name stored in the certificate in DER encoded "
 "ASN.1 is converted into a string according to RFC 4514. This means the most "
@@ -7455,172 +7505,172 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:91
+#: sss-certmap.5.xml:93
 msgid "Example: &lt;SUBJECT&gt;.*,DC=MY,DC=DOMAIN"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:96
+#: sss-certmap.5.xml:98
 msgid "&lt;ISSUER&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:99
+#: sss-certmap.5.xml:101
 msgid ""
 "With this a part or the whole issuer name of the certificate can be matched. "
 "All comments for &lt;SUBJECT&gt; apply her as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:104
+#: sss-certmap.5.xml:106
 msgid "Example: &lt;ISSUER&gt;^CN=My-CA,DC=MY,DC=DOMAIN$"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:109
+#: sss-certmap.5.xml:111
 msgid "&lt;KU&gt;key-usage"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:112
+#: sss-certmap.5.xml:114
 msgid ""
 "This option can be used to specify which key usage values the certificate "
 "should have. The following values can be used in a comma separated list:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:116
+#: sss-certmap.5.xml:118
 msgid "digitalSignature"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:117
+#: sss-certmap.5.xml:119
 msgid "nonRepudiation"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:118
+#: sss-certmap.5.xml:120
 msgid "keyEncipherment"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:119
+#: sss-certmap.5.xml:121
 msgid "dataEncipherment"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:120
+#: sss-certmap.5.xml:122
 msgid "keyAgreement"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:121
+#: sss-certmap.5.xml:123
 msgid "keyCertSign"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:122
+#: sss-certmap.5.xml:124
 msgid "cRLSign"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:123
+#: sss-certmap.5.xml:125
 msgid "encipherOnly"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:124
+#: sss-certmap.5.xml:126
 msgid "decipherOnly"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:128
+#: sss-certmap.5.xml:130
 msgid ""
 "A numerical value in the range of a 32bit unsigned integer can be used as "
 "well to cover special use cases."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:132
+#: sss-certmap.5.xml:134
 msgid "Example: &lt;KU&gt;digitalSignature,keyEncipherment"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:137
+#: sss-certmap.5.xml:139
 msgid "&lt;EKU&gt;extended-key-usage"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:140
+#: sss-certmap.5.xml:142
 msgid ""
 "This option can be used to specify which extended key usage the certificate "
 "should have. The following value can be used in a comma separated list:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:144
+#: sss-certmap.5.xml:146
 msgid "serverAuth"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:145
+#: sss-certmap.5.xml:147
 msgid "clientAuth"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:146
+#: sss-certmap.5.xml:148
 msgid "codeSigning"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:147
+#: sss-certmap.5.xml:149
 msgid "emailProtection"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:148
+#: sss-certmap.5.xml:150
 msgid "timeStamping"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:149
+#: sss-certmap.5.xml:151
 msgid "OCSPSigning"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:150
+#: sss-certmap.5.xml:152
 msgid "KPClientAuth"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:151
+#: sss-certmap.5.xml:153
 msgid "pkinit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:152
+#: sss-certmap.5.xml:154
 msgid "msScLogin"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:156
+#: sss-certmap.5.xml:158
 msgid ""
 "Extended key usages which are not listed above can be specified with their "
 "OID in dotted-decimal notation."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:160
+#: sss-certmap.5.xml:162
 msgid "Example: &lt;EKU&gt;clientAuth,1.3.6.1.5.2.3.4"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:165
+#: sss-certmap.5.xml:167
 msgid "&lt;SAN&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:168
+#: sss-certmap.5.xml:170
 msgid ""
 "To be compatible with the usage of MIT Kerberos this option will match the "
 "Kerberos principals in the PKINIT or AD NT Principal SAN as &lt;SAN:"
@@ -7628,62 +7678,62 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:173
+#: sss-certmap.5.xml:175
 msgid "Example: &lt;SAN&gt;.*@MY\\.REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:178
+#: sss-certmap.5.xml:180
 msgid "&lt;SAN:Principal&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:181
+#: sss-certmap.5.xml:183
 msgid "Match the Kerberos principals in the PKINIT or AD NT Principal SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:185
+#: sss-certmap.5.xml:187
 msgid "Example: &lt;SAN:Principal&gt;.*@MY\\.REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:190
+#: sss-certmap.5.xml:192
 msgid "&lt;SAN:ntPrincipalName&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:193
+#: sss-certmap.5.xml:195
 msgid "Match the Kerberos principals from the AD NT Principal SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:197
+#: sss-certmap.5.xml:199
 msgid "Example: &lt;SAN:ntPrincipalName&gt;.*@MY.AD.REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:202
+#: sss-certmap.5.xml:204
 msgid "&lt;SAN:pkinit&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:205
+#: sss-certmap.5.xml:207
 msgid "Match the Kerberos principals from the PKINIT SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:208
+#: sss-certmap.5.xml:210
 msgid "Example: &lt;SAN:ntPrincipalName&gt;.*@MY\\.PKINIT\\.REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:213
+#: sss-certmap.5.xml:215
 msgid "&lt;SAN:dotted-decimal-oid&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:216
+#: sss-certmap.5.xml:218
 msgid ""
 "Take the value of the otherName SAN component given by the OID in dotted-"
 "decimal notation, interpret it as string and try to match it against the "
@@ -7691,17 +7741,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:222
+#: sss-certmap.5.xml:224
 msgid "Example: &lt;SAN:1.2.3.4&gt;test"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:227
+#: sss-certmap.5.xml:229
 msgid "&lt;SAN:otherName&gt;base64-string"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:230
+#: sss-certmap.5.xml:232
 msgid ""
 "Do a binary match with the base64 encoded blob against all otherName SAN "
 "components. With this option it is possible to match against custom "
@@ -7710,145 +7760,145 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:237
+#: sss-certmap.5.xml:239
 msgid "Example: &lt;SAN:otherName&gt;MTIz"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:242
+#: sss-certmap.5.xml:244
 msgid "&lt;SAN:rfc822Name&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:245
+#: sss-certmap.5.xml:247
 msgid "Match the value of the rfc822Name SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:248
+#: sss-certmap.5.xml:250
 msgid "Example: &lt;SAN:rfc822Name&gt;.*@email\\.domain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:253
+#: sss-certmap.5.xml:255
 msgid "&lt;SAN:dNSName&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:256
+#: sss-certmap.5.xml:258
 msgid "Match the value of the dNSName SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:259
+#: sss-certmap.5.xml:261
 msgid "Example: &lt;SAN:dNSName&gt;.*\\.my\\.dns\\.domain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:264
+#: sss-certmap.5.xml:266
 msgid "&lt;SAN:x400Address&gt;base64-string"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:267
+#: sss-certmap.5.xml:269
 msgid "Binary match the value of the x400Address SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:270
+#: sss-certmap.5.xml:272
 msgid "Example: &lt;SAN:x400Address&gt;MTIz"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:275
+#: sss-certmap.5.xml:277
 msgid "&lt;SAN:directoryName&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:278
+#: sss-certmap.5.xml:280
 msgid ""
 "Match the value of the directoryName SAN. The same comments as given for &lt;"
 "ISSUER&gt; and &lt;SUBJECT&gt; apply here as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:283
+#: sss-certmap.5.xml:285
 msgid "Example: &lt;SAN:directoryName&gt;.*,DC=com"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:288
+#: sss-certmap.5.xml:290
 msgid "&lt;SAN:ediPartyName&gt;base64-string"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:291
+#: sss-certmap.5.xml:293
 msgid "Binary match the value of the ediPartyName SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:294
+#: sss-certmap.5.xml:296
 msgid "Example: &lt;SAN:ediPartyName&gt;MTIz"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:299
+#: sss-certmap.5.xml:301
 msgid "&lt;SAN:uniformResourceIdentifier&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:302
+#: sss-certmap.5.xml:304
 msgid "Match the value of the uniformResourceIdentifier SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:305
+#: sss-certmap.5.xml:307
 msgid "Example: &lt;SAN:uniformResourceIdentifier&gt;URN:.*"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:310
+#: sss-certmap.5.xml:312
 msgid "&lt;SAN:iPAddress&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:313
+#: sss-certmap.5.xml:315
 msgid "Match the value of the iPAddress SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:316
+#: sss-certmap.5.xml:318
 msgid "Example: &lt;SAN:iPAddress&gt;192\\.168\\..*"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:321
+#: sss-certmap.5.xml:323
 msgid "&lt;SAN:registeredID&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:324
+#: sss-certmap.5.xml:326
 msgid "Match the value of the registeredID SAN as dotted-decimal string."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:328
+#: sss-certmap.5.xml:330
 msgid "Example: &lt;SAN:registeredID&gt;1\\.2\\.3\\..*"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:66
+#: sss-certmap.5.xml:68
 msgid ""
 "The available options are: <placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sss-certmap.5.xml:336
+#: sss-certmap.5.xml:338
 msgid "MAPPING RULE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:338
+#: sss-certmap.5.xml:340
 msgid ""
 "The mapping rule is used to associate a certificate with one or more "
 "accounts. A Smartcard with the certificate and the matching private key can "
@@ -7856,7 +7906,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:343
+#: sss-certmap.5.xml:345
 msgid ""
 "Currently SSSD basically only supports LDAP to lookup user information (the "
 "exception is the proxy provider which is not of relevance here). Because of "
@@ -7868,7 +7918,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:353
+#: sss-certmap.5.xml:355
 msgid ""
 "In general it is recommended to use attributes from the certificate and add "
 "them to special attributes to the LDAP user object. E.g. the "
@@ -7877,7 +7927,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:359
+#: sss-certmap.5.xml:361
 msgid ""
 "This should be preferred to read user specific data from the certificate "
 "like e.g. an email address and search for it in the LDAP server. The reason "
@@ -7887,12 +7937,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:374
+#: sss-certmap.5.xml:376
 msgid "{issuer_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:377
+#: sss-certmap.5.xml:379
 msgid ""
 "This template will add the full issuer DN converted to a string according to "
 "RFC 4514. If X.500 ordering (most specific RDN comes last) an option with "
@@ -7900,40 +7950,40 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:383 sss-certmap.5.xml:409
+#: sss-certmap.5.xml:385 sss-certmap.5.xml:411
 msgid ""
 "The conversion options starting with 'ad_' will use attribute names as used "
 "by AD, e.g. 'S' instead of 'ST'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:387 sss-certmap.5.xml:413
+#: sss-certmap.5.xml:389 sss-certmap.5.xml:415
 msgid ""
 "The conversion options starting with 'nss_' will use attribute names as used "
 "by NSS."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:391 sss-certmap.5.xml:417
+#: sss-certmap.5.xml:393 sss-certmap.5.xml:419
 msgid ""
 "The default conversion option is 'nss', i.e. attribute names according to "
 "NSS and LDAP/RFC 4514 ordering."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:395
+#: sss-certmap.5.xml:397
 msgid ""
 "Example: (ipacertmapdata=X509:&lt;I&gt;{issuer_dn!ad}&lt;S&gt;{subject_dn!"
 "ad})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:400
+#: sss-certmap.5.xml:402
 msgid "{subject_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:403
+#: sss-certmap.5.xml:405
 msgid ""
 "This template will add the full subject DN converted to string according to "
 "RFC 4514. If X.500 ordering (most specific RDN comes last) an option with "
@@ -7941,19 +7991,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:421
+#: sss-certmap.5.xml:423
 msgid ""
 "Example: (ipacertmapdata=X509:&lt;I&gt;{issuer_dn!nss_x500}&lt;S&gt;"
 "{subject_dn!nss_x500})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:426
+#: sss-certmap.5.xml:428
 msgid "{cert[!(bin|base64)]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:429
+#: sss-certmap.5.xml:431
 msgid ""
 "This template will add the whole DER encoded certificate as a string to the "
 "search filter. Depending on the conversion option the binary certificate is "
@@ -7963,17 +8013,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:437
+#: sss-certmap.5.xml:439
 msgid "Example: (userCertificate;binary={cert!bin})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:442
+#: sss-certmap.5.xml:444
 msgid "{subject_principal[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:445
+#: sss-certmap.5.xml:447
 msgid ""
 "This template will add the Kerberos principal which is taken either from the "
 "SAN used by pkinit or the one used by AD. The 'short_name' component "
@@ -7981,19 +8031,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:451 sss-certmap.5.xml:479
+#: sss-certmap.5.xml:453 sss-certmap.5.xml:481
 msgid ""
 "Example: (|(userPrincipal={subject_principal})"
 "(samAccountName={subject_principal.short_name}))"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:456
+#: sss-certmap.5.xml:458
 msgid "{subject_pkinit_principal[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:459
+#: sss-certmap.5.xml:461
 msgid ""
 "This template will add the Kerberos principal which is given by the SAN used "
 "by pkinit. The 'short_name' component represents the first part of the "
@@ -8001,19 +8051,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:465
+#: sss-certmap.5.xml:467
 msgid ""
 "Example: (|(userPrincipal={subject_pkinit_principal})"
 "(uid={subject_pkinit_principal.short_name}))"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:470
+#: sss-certmap.5.xml:472
 msgid "{subject_nt_principal[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:473
+#: sss-certmap.5.xml:475
 msgid ""
 "This template will add the Kerberos principal which is given by the SAN used "
 "by AD. The 'short_name' component represent the first part of the principal "
@@ -8021,12 +8071,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:484
+#: sss-certmap.5.xml:486
 msgid "{subject_rfc822_name[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:487
+#: sss-certmap.5.xml:489
 msgid ""
 "This template will add the string which is stored in the rfc822Name "
 "component of the SAN, typically an email address. The 'short_name' component "
@@ -8034,19 +8084,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:493
+#: sss-certmap.5.xml:495
 msgid ""
 "Example: (|(mail={subject_rfc822_name})(uid={subject_rfc822_name."
 "short_name}))"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:498
+#: sss-certmap.5.xml:500
 msgid "{subject_dns_name[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:501
+#: sss-certmap.5.xml:503
 msgid ""
 "This template will add the string which is stored in the dNSName component "
 "of the SAN, typically a fully-qualified host name.  The 'short_name' "
@@ -8054,116 +8104,116 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:507
+#: sss-certmap.5.xml:509
 msgid ""
 "Example: (|(fqdn={subject_dns_name})(host={subject_dns_name.short_name}))"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:512
+#: sss-certmap.5.xml:514
 msgid "{subject_uri}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:515
+#: sss-certmap.5.xml:517
 msgid ""
 "This template will add the string which is stored in the "
 "uniformResourceIdentifier component of the SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:519
+#: sss-certmap.5.xml:521
 msgid "Example: (uri={subject_uri})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:524
+#: sss-certmap.5.xml:526
 msgid "{subject_ip_address}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:527
+#: sss-certmap.5.xml:529
 msgid ""
 "This template will add the string which is stored in the iPAddress component "
 "of the SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:531
+#: sss-certmap.5.xml:533
 msgid "Example: (ip={subject_ip_address})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:536
+#: sss-certmap.5.xml:538
 msgid "{subject_x400_address}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:539
+#: sss-certmap.5.xml:541
 msgid ""
 "This template will add the value which is stored in the x400Address "
 "component of the SAN as escaped hex sequence."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:544
+#: sss-certmap.5.xml:546
 msgid "Example: (attr:binary={subject_x400_address})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:549
+#: sss-certmap.5.xml:551
 msgid ""
 "{subject_directory_name[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:552
+#: sss-certmap.5.xml:554
 msgid ""
 "This template will add the DN string of the value which is stored in the "
 "directoryName component of the SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:556
+#: sss-certmap.5.xml:558
 msgid "Example: (orig_dn={subject_directory_name})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:561
+#: sss-certmap.5.xml:563
 msgid "{subject_ediparty_name}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:564
+#: sss-certmap.5.xml:566
 msgid ""
 "This template will add the value which is stored in the ediPartyName "
 "component of the SAN as escaped hex sequence."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:569
+#: sss-certmap.5.xml:571
 msgid "Example: (attr:binary={subject_ediparty_name})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:574
+#: sss-certmap.5.xml:576
 msgid "{subject_registered_id}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:577
+#: sss-certmap.5.xml:579
 msgid ""
 "This template will add the OID which is stored in the registeredID component "
 "of the SAN as a dotted-decimal string."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:582
+#: sss-certmap.5.xml:584
 msgid "Example: (oid={subject_registered_id})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:367
+#: sss-certmap.5.xml:369
 msgid ""
 "The templates to add certificate data to the search filter are based on "
 "Python-style formatting strings. They consist of a keyword in curly braces "
@@ -8173,12 +8223,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sss-certmap.5.xml:590
+#: sss-certmap.5.xml:592
 msgid "DOMAIN LIST"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:592
+#: sss-certmap.5.xml:594
 msgid ""
 "If the domain list is not empty users mapped to a given certificate are not "
 "only searched in the local domain but in the listed domains as well as long "
@@ -8299,7 +8349,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:863
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:866
 msgid "dyndns_update (boolean)"
 msgstr ""
 
@@ -8314,7 +8364,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:140 sssd-ad.5.xml:877
+#: sssd-ipa.5.xml:140 sssd-ad.5.xml:880
 msgid ""
 "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
 "the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -8329,12 +8379,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:157 sssd-ad.5.xml:888
+#: sssd-ipa.5.xml:157 sssd-ad.5.xml:891
 msgid "dyndns_ttl (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:160 sssd-ad.5.xml:891
+#: sssd-ipa.5.xml:160 sssd-ad.5.xml:894
 msgid ""
 "The TTL to apply to the client DNS record when updating it.  If "
 "dyndns_update is false this has no effect. This will override the TTL "
@@ -8355,12 +8405,12 @@ msgid "Default: 1200 (seconds)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:177 sssd-ad.5.xml:902
+#: sssd-ipa.5.xml:177 sssd-ad.5.xml:905
 msgid "dyndns_iface (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:180 sssd-ad.5.xml:905
+#: sssd-ipa.5.xml:180 sssd-ad.5.xml:908
 msgid ""
 "Optional. Applicable only when dyndns_update is true. Choose the interface "
 "or a list of interfaces whose IP addresses should be used for dynamic DNS "
@@ -8384,17 +8434,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:197 sssd-ad.5.xml:916
+#: sssd-ipa.5.xml:197 sssd-ad.5.xml:919
 msgid "Example: dyndns_iface = em1, vnet1, vnet2"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:203 sssd-ad.5.xml:967
+#: sssd-ipa.5.xml:203 sssd-ad.5.xml:970
 msgid "dyndns_auth (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:206 sssd-ad.5.xml:970
+#: sssd-ipa.5.xml:206 sssd-ad.5.xml:973
 msgid ""
 "Whether the nsupdate utility should use GSS-TSIG authentication for secure "
 "updates with the DNS server, insecure updates can be sent by setting this "
@@ -8402,7 +8452,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:212 sssd-ad.5.xml:976
+#: sssd-ipa.5.xml:212 sssd-ad.5.xml:979
 msgid "Default: GSS-TSIG"
 msgstr ""
 
@@ -8412,7 +8462,7 @@ msgid "ipa_enable_dns_sites (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:221 sssd-ad.5.xml:210
+#: sssd-ipa.5.xml:221 sssd-ad.5.xml:213
 msgid "Enables DNS sites - location based service discovery."
 msgstr ""
 
@@ -8429,7 +8479,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:244 sssd-ad.5.xml:922
+#: sssd-ipa.5.xml:244 sssd-ad.5.xml:925
 msgid "dyndns_refresh_interval (integer)"
 msgstr ""
 
@@ -8442,12 +8492,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:940
+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:943
 msgid "dyndns_update_ptr (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:263 sssd-ad.5.xml:943
+#: sssd-ipa.5.xml:263 sssd-ad.5.xml:946
 msgid ""
 "Whether the PTR record should also be explicitly updated when updating the "
 "client's DNS records.  Applicable only when dyndns_update is true."
@@ -8466,50 +8516,50 @@ msgid "Default: False (disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:280 sssd-ad.5.xml:954
+#: sssd-ipa.5.xml:280 sssd-ad.5.xml:957
 msgid "dyndns_force_tcp (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:283 sssd-ad.5.xml:957
+#: sssd-ipa.5.xml:283 sssd-ad.5.xml:960
 msgid ""
 "Whether the nsupdate utility should default to using TCP for communicating "
 "with the DNS server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:287 sssd-ad.5.xml:961
+#: sssd-ipa.5.xml:287 sssd-ad.5.xml:964
 msgid "Default: False (let nsupdate choose the protocol)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:293 sssd-ad.5.xml:982
+#: sssd-ipa.5.xml:293 sssd-ad.5.xml:985
 msgid "dyndns_server (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:296 sssd-ad.5.xml:985
+#: sssd-ipa.5.xml:296 sssd-ad.5.xml:988
 msgid ""
 "The DNS server to use when performing a DNS update. In most setups, it's "
 "recommended to leave this option unset."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:301 sssd-ad.5.xml:990
+#: sssd-ipa.5.xml:301 sssd-ad.5.xml:993
 msgid ""
 "Setting this option makes sense for environments where the DNS server is "
 "different from the identity server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:306 sssd-ad.5.xml:995
+#: sssd-ipa.5.xml:306 sssd-ad.5.xml:998
 msgid ""
 "Please note that this option will be only used in fallback attempt when "
 "previous attempt using autodetected settings failed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1000
+#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1003
 msgid "Default: None (let nsupdate choose the server)"
 msgstr ""
 
@@ -8620,26 +8670,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:443 sssd-ad.5.xml:1009
+#: sssd-ipa.5.xml:443 sssd-ad.5.xml:1012
 msgid "krb5_confd_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:446 sssd-ad.5.xml:1012
+#: sssd-ipa.5.xml:446 sssd-ad.5.xml:1015
 msgid ""
 "Absolute path of a directory where SSSD should place Kerberos configuration "
 "snippets."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:450 sssd-ad.5.xml:1016
+#: sssd-ipa.5.xml:450 sssd-ad.5.xml:1019
 msgid ""
 "To disable the creation of the configuration snippets set the parameter to "
 "'none'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454 sssd-ad.5.xml:1020
+#: sssd-ipa.5.xml:454 sssd-ad.5.xml:1023
 msgid ""
 "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
 msgstr ""
@@ -8658,7 +8708,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471 sssd-ipa.5.xml:501 sssd-ipa.5.xml:517 sssd-ad.5.xml:428
+#: sssd-ipa.5.xml:471 sssd-ipa.5.xml:501 sssd-ipa.5.xml:517 sssd-ad.5.xml:431
 msgid "Default: 5 (seconds)"
 msgstr ""
 
@@ -8676,10 +8726,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:485
-#, fuzzy
-#| msgid "Default: 0 (unlimited)"
 msgid "Default: 60 (minutes)"
-msgstr "Пешфарз: 0 (номаҳдуд)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:491
@@ -9080,11 +9128,13 @@ msgid ""
 "POSIX attributes are not replicated to the Global Catalog, SSSD must search "
 "all the domains in the forest sequentially. Please note that the "
 "<quote>cache_first</quote> option might be also helpful in speeding up "
-"domainless searches."
+"domainless searches.  Note that if only a subset of POSIX attributes is "
+"present in the Global Catalog, the non-replicated attributes are currently "
+"not read from the LDAP port."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:105
+#: sssd-ad.5.xml:108
 msgid ""
 "Users, groups and other entities served by SSSD are always treated as case-"
 "insensitive in the AD provider for compatibility with Active Directory's "
@@ -9092,38 +9142,38 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:120
+#: sssd-ad.5.xml:123
 msgid "ad_domain (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:123
+#: sssd-ad.5.xml:126
 msgid ""
 "Specifies the name of the Active Directory domain.  This is optional. If not "
 "provided, the configuration domain name is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:128
+#: sssd-ad.5.xml:131
 msgid ""
 "For proper operation, this option should be specified as the lower-case "
 "version of the long version of the Active Directory domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:133
+#: sssd-ad.5.xml:136
 msgid ""
 "The short domain name (also known as the NetBIOS or the flat name) is "
 "autodetected by the SSSD."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:140
+#: sssd-ad.5.xml:143
 msgid "ad_enabled_domains (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:143
+#: sssd-ad.5.xml:146
 msgid ""
 "A comma-separated list of enabled Active Directory domains.  If provided, "
 "SSSD will ignore any domains not listed in this option. If left unset, all "
@@ -9131,7 +9181,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:153
+#: sssd-ad.5.xml:156
 #, no-wrap
 msgid ""
 "ad_enabled_domains = sales.example.com, eng.example.com\n"
@@ -9139,7 +9189,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:149
+#: sssd-ad.5.xml:152
 msgid ""
 "For proper operation, this option must be specified in all lower-case and as "
 "the fully qualified domain name of the Active Directory domain. For example: "
@@ -9147,19 +9197,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:157
+#: sssd-ad.5.xml:160
 msgid ""
 "The short domain name (also known as the NetBIOS or the flat name) will be "
 "autodetected by SSSD."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:167
+#: sssd-ad.5.xml:170
 msgid "ad_server, ad_backup_server (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:170
+#: sssd-ad.5.xml:173
 msgid ""
 "The comma-separated list of hostnames of the AD servers to which SSSD should "
 "connect in order of preference. For more information on failover and server "
@@ -9167,26 +9217,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:177
+#: sssd-ad.5.xml:180
 msgid ""
 "This is optional if autodiscovery is enabled.  For more information on "
 "service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:182
+#: sssd-ad.5.xml:185
 msgid ""
 "Note: Trusted domains will always auto-discover servers even if the primary "
 "server is explicitly defined in the ad_server option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:190
+#: sssd-ad.5.xml:193
 msgid "ad_hostname (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:193
+#: sssd-ad.5.xml:196
 msgid ""
 "Optional. May be set on machines where the hostname(5) does not reflect the "
 "fully qualified name used in the Active Directory domain to identify this "
@@ -9194,19 +9244,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:199
+#: sssd-ad.5.xml:202
 msgid ""
 "This field is used to determine the host principal in use in the keytab. It "
 "must match the hostname for which the keytab was issued."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:207
+#: sssd-ad.5.xml:210
 msgid "ad_enable_dns_sites (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:214
+#: sssd-ad.5.xml:217
 msgid ""
 "If true and service discovery (see Service Discovery paragraph at the bottom "
 "of the man page)  is enabled, the SSSD will first attempt to discover the "
@@ -9217,12 +9267,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:230
+#: sssd-ad.5.xml:233
 msgid "ad_access_filter (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:233
+#: sssd-ad.5.xml:236
 msgid ""
 "This option specifies LDAP access control filter that the user must match in "
 "order to be allowed access. Please note that the <quote>access_provider</"
@@ -9231,7 +9281,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:241
+#: sssd-ad.5.xml:244
 msgid ""
 "The option also supports specifying different filters per domain or forest. "
 "This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>.  "
@@ -9240,7 +9290,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:249
+#: sssd-ad.5.xml:252
 msgid ""
 "If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</"
 "quote> specifies the domain or subdomain the filter applies to.  If the "
@@ -9249,14 +9299,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:257
+#: sssd-ad.5.xml:260
 msgid ""
 "Multiple filters can be separated with the <quote>?</quote> character, "
 "similarly to how search bases work."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:262
+#: sssd-ad.5.xml:265
 msgid ""
 "Nested group membership must be searched for using a special OID "
 "<quote>:1.2.840.113556.1.4.1941:</quote> in addition to the full DOM:domain."
@@ -9269,7 +9319,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:275
+#: sssd-ad.5.xml:278
 msgid ""
 "The most specific match is always used. For example, if the option specified "
 "filter for a domain the user is a member of and a global filter, the per-"
@@ -9278,7 +9328,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ad.5.xml:286
+#: sssd-ad.5.xml:289
 #, no-wrap
 msgid ""
 "# apply filter on domain called dom1 only:\n"
@@ -9296,24 +9346,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:305
+#: sssd-ad.5.xml:308
 msgid "ad_site (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:308
+#: sssd-ad.5.xml:311
 msgid ""
 "Specify AD site to which client should try to connect.  If this option is "
 "not provided, the AD site will be auto-discovered."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:319
+#: sssd-ad.5.xml:322
 msgid "ad_enable_gc (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:322
+#: sssd-ad.5.xml:325
 msgid ""
 "By default, the SSSD connects to the Global Catalog first to retrieve users "
 "from trusted domains and uses the LDAP port to retrieve group memberships or "
@@ -9322,7 +9372,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:330
+#: sssd-ad.5.xml:333
 msgid ""
 "Please note that disabling Global Catalog support does not disable "
 "retrieving users from trusted domains. The SSSD would connect to the LDAP "
@@ -9331,12 +9381,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:344
+#: sssd-ad.5.xml:347
 msgid "ad_gpo_access_control (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:347
+#: sssd-ad.5.xml:350
 msgid ""
 "This option specifies the operation mode for GPO-based access control "
 "functionality: whether it operates in disabled mode, enforcing mode, or "
@@ -9346,14 +9396,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:356
+#: sssd-ad.5.xml:359
 msgid ""
 "GPO-based access control functionality uses GPO policy settings to determine "
 "whether or not a particular user is allowed to logon to a particular host."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:362
+#: sssd-ad.5.xml:365
 msgid ""
 "NOTE: The current version of SSSD does not support host (computer) entries "
 "in the GPO 'Security Filtering' list. Only user and group entries are "
@@ -9361,7 +9411,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:369
+#: sssd-ad.5.xml:372
 msgid ""
 "NOTE: If the operation mode is set to enforcing, it is possible that users "
 "that were previously allowed logon access will now be denied logon access "
@@ -9374,23 +9424,23 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:382
+#: sssd-ad.5.xml:385
 msgid "There are three supported values for this option:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:386
+#: sssd-ad.5.xml:389
 msgid ""
 "disabled: GPO-based access control rules are neither evaluated nor enforced."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:392
+#: sssd-ad.5.xml:395
 msgid "enforcing: GPO-based access control rules are evaluated and enforced."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:398
+#: sssd-ad.5.xml:401
 msgid ""
 "permissive: GPO-based access control rules are evaluated, but not enforced.  "
 "Instead, a syslog message will be emitted indicating that the user would "
@@ -9398,22 +9448,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:409
+#: sssd-ad.5.xml:412
 msgid "Default: permissive"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:412
+#: sssd-ad.5.xml:415
 msgid "Default: enforcing"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:418
+#: sssd-ad.5.xml:421
 msgid "ad_gpo_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:421
+#: sssd-ad.5.xml:424
 msgid ""
 "The amount of time between lookups of GPO policy files against the AD "
 "server. This will reduce the latency and load on the AD server if there are "
@@ -9421,12 +9471,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:434
+#: sssd-ad.5.xml:437
 msgid "ad_gpo_map_interactive (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:437
+#: sssd-ad.5.xml:440
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the InteractiveLogonRight and "
@@ -9434,14 +9484,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:443
+#: sssd-ad.5.xml:446
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Allow "
 "log on locally\" and \"Deny log on locally\"."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:457
+#: sssd-ad.5.xml:460
 #, no-wrap
 msgid ""
 "ad_gpo_map_interactive = +my_pam_service, -login\n"
@@ -9449,7 +9499,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:448
+#: sssd-ad.5.xml:451
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -9461,78 +9511,78 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:461 sssd-ad.5.xml:557 sssd-ad.5.xml:603 sssd-ad.5.xml:648
-#: sssd-ad.5.xml:714
+#: sssd-ad.5.xml:464 sssd-ad.5.xml:560 sssd-ad.5.xml:606 sssd-ad.5.xml:651
+#: sssd-ad.5.xml:717
 msgid "Default: the default set of PAM service names includes:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:465
+#: sssd-ad.5.xml:468
 msgid "login"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:470
+#: sssd-ad.5.xml:473
 msgid "su"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:475
+#: sssd-ad.5.xml:478
 msgid "su-l"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:480
+#: sssd-ad.5.xml:483
 msgid "gdm-fingerprint"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:485
+#: sssd-ad.5.xml:488
 msgid "gdm-password"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:490
+#: sssd-ad.5.xml:493
 msgid "gdm-smartcard"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:495
+#: sssd-ad.5.xml:498
 msgid "kdm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:500
+#: sssd-ad.5.xml:503
 msgid "lightdm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:505
+#: sssd-ad.5.xml:508
 msgid "lxdm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:510
+#: sssd-ad.5.xml:513
 msgid "sddm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:515
+#: sssd-ad.5.xml:518
 msgid "unity"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:520
+#: sssd-ad.5.xml:523
 msgid "xdm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:529
+#: sssd-ad.5.xml:532
 msgid "ad_gpo_map_remote_interactive (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:532
+#: sssd-ad.5.xml:535
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the RemoteInteractiveLogonRight and "
@@ -9540,7 +9590,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:538
+#: sssd-ad.5.xml:541
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Allow "
 "log on through Remote Desktop Services\" and \"Deny log on through Remote "
@@ -9548,7 +9598,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:553
+#: sssd-ad.5.xml:556
 #, no-wrap
 msgid ""
 "ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n"
@@ -9556,7 +9606,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:544
+#: sssd-ad.5.xml:547
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -9568,22 +9618,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:561
+#: sssd-ad.5.xml:564
 msgid "sshd"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:566
+#: sssd-ad.5.xml:569
 msgid "cockpit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:575
+#: sssd-ad.5.xml:578
 msgid "ad_gpo_map_network (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:578
+#: sssd-ad.5.xml:581
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the NetworkLogonRight and "
@@ -9591,7 +9641,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:584
+#: sssd-ad.5.xml:587
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Access "
 "this computer from the network\" and \"Deny access to this computer from the "
@@ -9599,7 +9649,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:599
+#: sssd-ad.5.xml:602
 #, no-wrap
 msgid ""
 "ad_gpo_map_network = +my_pam_service, -ftp\n"
@@ -9607,7 +9657,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:590
+#: sssd-ad.5.xml:593
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -9619,22 +9669,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:607
+#: sssd-ad.5.xml:610
 msgid "ftp"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:612
+#: sssd-ad.5.xml:615
 msgid "samba"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:621
+#: sssd-ad.5.xml:624
 msgid "ad_gpo_map_batch (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:624
+#: sssd-ad.5.xml:627
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the BatchLogonRight and DenyBatchLogonRight "
@@ -9642,14 +9692,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:630
+#: sssd-ad.5.xml:633
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Allow "
 "log on as a batch job\" and \"Deny log on as a batch job\"."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:644
+#: sssd-ad.5.xml:647
 #, no-wrap
 msgid ""
 "ad_gpo_map_batch = +my_pam_service, -crond\n"
@@ -9657,7 +9707,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:635
+#: sssd-ad.5.xml:638
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -9669,17 +9719,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:652
+#: sssd-ad.5.xml:655
 msgid "crond"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:661
+#: sssd-ad.5.xml:664
 msgid "ad_gpo_map_service (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:664
+#: sssd-ad.5.xml:667
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the ServiceLogonRight and "
@@ -9687,14 +9737,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:670
+#: sssd-ad.5.xml:673
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Allow "
 "log on as a service\" and \"Deny log on as a service\"."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:683
+#: sssd-ad.5.xml:686
 #, no-wrap
 msgid ""
 "ad_gpo_map_service = +my_pam_service\n"
@@ -9702,7 +9752,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:675 sssd-ad.5.xml:750
+#: sssd-ad.5.xml:678 sssd-ad.5.xml:753
 msgid ""
 "It is possible to add a PAM service name to the default set by using <quote>"
 "+service_name</quote>.  Since the default set is empty, it is not possible "
@@ -9713,19 +9763,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:693
+#: sssd-ad.5.xml:696
 msgid "ad_gpo_map_permit (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:696
+#: sssd-ad.5.xml:699
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access is "
 "always granted, regardless of any GPO Logon Rights."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:710
+#: sssd-ad.5.xml:713
 #, no-wrap
 msgid ""
 "ad_gpo_map_permit = +my_pam_service, -sudo\n"
@@ -9733,7 +9783,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:701
+#: sssd-ad.5.xml:704
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -9745,39 +9795,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:718
+#: sssd-ad.5.xml:721
 msgid "polkit-1"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:723
+#: sssd-ad.5.xml:726
 msgid "sudo"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:728
+#: sssd-ad.5.xml:731
 msgid "sudo-i"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:733
+#: sssd-ad.5.xml:736
 msgid "systemd-user"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:742
+#: sssd-ad.5.xml:745
 msgid "ad_gpo_map_deny (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:745
+#: sssd-ad.5.xml:748
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access is "
 "always denied, regardless of any GPO Logon Rights."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:758
+#: sssd-ad.5.xml:761
 #, no-wrap
 msgid ""
 "ad_gpo_map_deny = +my_pam_service\n"
@@ -9785,12 +9835,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:768
+#: sssd-ad.5.xml:771
 msgid "ad_gpo_default_right (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:771
+#: sssd-ad.5.xml:774
 msgid ""
 "This option defines how access control is evaluated for PAM service names "
 "that are not explicitly listed in one of the ad_gpo_map_* options. This "
@@ -9803,57 +9853,57 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:784
+#: sssd-ad.5.xml:787
 msgid "Supported values for this option include:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:788
+#: sssd-ad.5.xml:791
 msgid "interactive"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:793
+#: sssd-ad.5.xml:796
 msgid "remote_interactive"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:798
+#: sssd-ad.5.xml:801
 msgid "network"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:803
+#: sssd-ad.5.xml:806
 msgid "batch"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:808
+#: sssd-ad.5.xml:811
 msgid "service"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:813
+#: sssd-ad.5.xml:816
 msgid "permit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:818
+#: sssd-ad.5.xml:821
 msgid "deny"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:824
+#: sssd-ad.5.xml:827
 msgid "Default: deny"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:830
+#: sssd-ad.5.xml:833
 msgid "ad_maximum_machine_account_password_age (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:833
+#: sssd-ad.5.xml:836
 msgid ""
 "SSSD will check once a day if the machine account password is older than the "
 "given age in days and try to renew it. A value of 0 will disable the renewal "
@@ -9861,17 +9911,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:839
+#: sssd-ad.5.xml:842
 msgid "Default: 30 days"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:845
+#: sssd-ad.5.xml:848
 msgid "ad_machine_account_password_renewal_opts (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:848
+#: sssd-ad.5.xml:851
 msgid ""
 "This option should only be used to test the machine account renewal task. "
 "The option expects 2 integers separated by a colon (':'). The first integer "
@@ -9881,12 +9931,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:857
+#: sssd-ad.5.xml:860
 msgid "Default: 86400:750 (24h and 15m)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:866
+#: sssd-ad.5.xml:869
 msgid ""
 "Optional. This option tells SSSD to automatically update the Active "
 "Directory DNS server with the IP address of this client. The update is "
@@ -9897,19 +9947,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:896
+#: sssd-ad.5.xml:899
 msgid "Default: 3600 (seconds)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:912
+#: sssd-ad.5.xml:915
 msgid ""
 "Default: Use the IP addresses of the interface which is used for AD LDAP "
 "connection"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:925
+#: sssd-ad.5.xml:928
 msgid ""
 "How often should the back end perform periodic DNS update in addition to the "
 "automatic update performed when the back end goes online.  This option is "
@@ -9919,12 +9969,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:948 sss_rpcidmapd.5.xml:76
+#: sssd-ad.5.xml:951 sss_rpcidmapd.5.xml:76
 msgid "Default: True"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:1040
+#: sssd-ad.5.xml:1043
 msgid ""
 "The following example assumes that SSSD is correctly configured and example."
 "com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -9932,7 +9982,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:1047
+#: sssd-ad.5.xml:1050
 #, no-wrap
 msgid ""
 "[domain/EXAMPLE]\n"
@@ -9947,7 +9997,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:1067
+#: sssd-ad.5.xml:1070
 #, no-wrap
 msgid ""
 "access_provider = ldap\n"
@@ -9956,7 +10006,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:1063
+#: sssd-ad.5.xml:1066
 msgid ""
 "The AD access control provider checks if the account is expired.  It has the "
 "same effect as the following configuration of the LDAP provider: "
@@ -9964,7 +10014,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:1073
+#: sssd-ad.5.xml:1076
 msgid ""
 "However, unless the <quote>ad</quote> access control provider is explicitly "
 "configured, the default access provider is <quote>permit</quote>. Please "
@@ -9974,15 +10024,15 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:1081
+#: sssd-ad.5.xml:1084
 msgid ""
 "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
 "attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
 "are included in the default Active Directory schema."
 msgstr ""
 
-#. type: Content of: <reference><refentry><refmeta><refentrytitle>
-#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 sssd-session-recording.5.xml:10
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16
 msgid "sssd-sudo"
 msgstr ""
 
@@ -10491,7 +10541,7 @@ msgid "The password to obfuscate will be read from standard input."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:70
+#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:127
 #: sss_ssh_knownhostsproxy.1.xml:78
 msgid ""
 "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
@@ -12508,19 +12558,99 @@ msgid ""
 "\" id=\"0\"/>"
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sss_ssh_authorizedkeys.1.xml:65
+msgid "KEYS FROM CERTIFICATES"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:67
+msgid ""
+"In addition to the public SSH keys for user <replaceable>USER</replaceable> "
+"<command>sss_ssh_authorizedkeys</command> can return public SSH keys derived "
+"from the public key of a X.509 certificate as well."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:73
+msgid ""
+"To enable this the <quote>ssh_use_certificate_keys</quote> option must be "
+"set to true (default) in the [ssh] section of <filename>sssd.conf</"
+"filename>. If the user entry contains certificates (see "
+"<quote>ldap_user_certificate</quote> in <citerefentry><refentrytitle>sssd-"
+"ldap</refentrytitle> <manvolnum>5</manvolnum></citerefentry> for details) or "
+"there is a certificate in an override entry for the user (see "
+"<citerefentry><refentrytitle>sss_override</refentrytitle> <manvolnum>8</"
+"manvolnum></citerefentry> or <citerefentry><refentrytitle>sssd-ipa</"
+"refentrytitle> <manvolnum>5</manvolnum></citerefentry> for details) and the "
+"certificate is valid SSSD will extract the public key from the certificate "
+"and convert it into the format expected by sshd."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:90
+msgid "Besides <quote>ssh_use_certificate_keys</quote> the options"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+#: sss_ssh_authorizedkeys.1.xml:92
+msgid "ca_db"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+#: sss_ssh_authorizedkeys.1.xml:93
+msgid "p11_child_timeout"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+#: sss_ssh_authorizedkeys.1.xml:94
+msgid "certificate_verification"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:96
+msgid ""
+"can be used to control how the certificates are validated (see "
+"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry> for details)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:101
+msgid ""
+"The validation is the benefit of using X.509 certificates instead of SSH "
+"keys directly because e.g. it gives a better control of the lifetime of the "
+"keys. When the ssh client is configured to use the private keys from a "
+"Smartcard with the help of a PKCS#11 shared library (see "
+"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></"
+"citerefentry> for details) it might be irritating that authentication is "
+"still working even if the related X.509 certificate on the Smartcard is "
+"already expired because neither <command>ssh</command> nor <command>sshd</"
+"command> will look at the certificate at all."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:114
+msgid ""
+"It has to be noted that the derived public SSH key can still be added to the "
+"<filename>authorized_keys</filename> file of the user to bypass the "
+"certificate validation if the <command>sshd</command> configuration permits "
+"this."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_authorizedkeys.1.xml:75
+#: sss_ssh_authorizedkeys.1.xml:132
 msgid ""
 "Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_authorizedkeys.1.xml:84 sss_ssh_knownhostsproxy.1.xml:92
+#: sss_ssh_authorizedkeys.1.xml:141 sss_ssh_knownhostsproxy.1.xml:92
 msgid "EXIT STATUS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:86 sss_ssh_knownhostsproxy.1.xml:94
+#: sss_ssh_authorizedkeys.1.xml:143 sss_ssh_knownhostsproxy.1.xml:94
 msgid ""
 "In case of success, an exit value of 0 is returned. Otherwise, 1 is returned."
 msgstr ""
@@ -12721,25 +12851,65 @@ msgid ""
 "manvolnum> </citerefentry>."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-files.5.xml:69
+msgid "passwd_files (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:72
+msgid ""
+"Comma-separated list of one or multiple password filenames to be read and "
+"enumerated by the files provider, inotify monitor watches will be set on "
+"each file to detect changes dynamically."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:78
+#, fuzzy
+#| msgid "Default: password"
+msgid "Default: /etc/passwd"
+msgstr "Пешфарз: парол"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-files.5.xml:84
+msgid "group_files (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:87
+msgid ""
+"Comma-separated list of one or multiple group filenames to be read and "
+"enumerated by the files provider, inotify monitor watches will be set on "
+"each file to detect changes dynamically."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:93
+#, fuzzy
+#| msgid "Default: true"
+msgid "Default: /etc/group"
+msgstr "Пешфарз: true"
+
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-files.5.xml:59
 msgid ""
-"The files provider has no specific options of its own, however, generic SSSD "
-"domain options can be set where applicable.  Refer to the section "
-"<quote>DOMAIN SECTIONS</quote> of the <citerefentry> <refentrytitle>sssd."
-"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page "
-"for details on the configuration of an SSSD domain."
+"In addition to the options listed below, generic SSSD domain options can be "
+"set where applicable.  Refer to the section <quote>DOMAIN SECTIONS</quote> "
+"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> manual page for details on the configuration of "
+"an SSSD domain.  <placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-files.5.xml:73
+#: sssd-files.5.xml:105
 msgid ""
 "The following example assumes that SSSD is correctly configured and files is "
 "one of the domains in the <replaceable>[sssd]</replaceable> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-files.5.xml:79
+#: sssd-files.5.xml:111
 #, no-wrap
 msgid ""
 "[domain/files]\n"
@@ -13508,7 +13678,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-session-recording.5.xml:16
+#: sssd-session-recording.5.xml:10 sssd-session-recording.5.xml:16
 msgid "sssd-session-recording"
 msgstr ""
 
@@ -14359,7 +14529,7 @@ msgstr ""
 #: include/failover.xml:100
 msgid ""
 "For LDAP-based providers, the resolve operation is performed as part of an "
-"LDAP connection operation. Thefore, also the <quote>ldap_opt_timeout></"
+"LDAP connection operation. Therefore, also the <quote>ldap_opt_timeout></"
 "quote> timeout should be set to a larger value than "
 "<quote>dns_resolver_timeout</quote> which in turn should be set to a larger "
 "value than <quote>dns_resolver_op_timeout</quote>."
@@ -15197,6 +15367,23 @@ msgstr ""
 msgid "ldap_use_tokengroups = true"
 msgstr ""
 
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ad_modified_defaults.xml:63
+msgid "ldap_sasl_authid = sAMAccountName@REALM (typically SHORTNAME$@REALM)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ad_modified_defaults.xml:66
+msgid ""
+"The AD provider looks for a different principal than the LDAP provider by "
+"default, because in an Active Directory environment the principals are "
+"divided into two groups - User Principals and Service Principals. Only User "
+"Principal can be used to obtain a TGT and by default, computer object's "
+"principal is constructed from its sAMAccountName and the AD realm. The well-"
+"known host/hostname@REALM principal is a Service Principal and thus cannot "
+"be used to get a TGT with."
+msgstr ""
+
 #. type: Content of: <refsect1><para>
 #: include/ipa_modified_defaults.xml:4
 msgid ""
diff --git a/src/man/po/uk.po b/src/man/po/uk.po
index 5daf2d5..cef8b51 100644
--- a/src/man/po/uk.po
+++ b/src/man/po/uk.po
@@ -8,12 +8,13 @@
 # Yuri Chornoivan <yurchor@ukr.net>, 2013
 # Yuri Chornoivan <yurchor@ukr.net>, 2015. #zanata
 # Yuri Chornoivan <yurchor@ukr.net>, 2017. #zanata
+# Yuri Chornoivan <yurchor@ukr.net>, 2018. #zanata
 msgid ""
 msgstr ""
-"Project-Id-Version: sssd-docs 1.15.3\n"
+"Project-Id-Version: sssd-docs 1.16.1\n"
 "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2018-03-09 12:30+0100\n"
-"PO-Revision-Date: 2017-07-31 03:21-0400\n"
+"POT-Creation-Date: 2018-06-08 21:00+0200\n"
+"PO-Revision-Date: 2018-03-09 11:48+0000\n"
 "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
 "Language-Team: Ukrainian (http://www.transifex.com/projects/p/sssd/language/"
 "uk/)\n"
@@ -23,7 +24,7 @@ msgstr ""
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n"
 "%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n"
-"X-Generator: Zanata 3.9.6\n"
+"X-Generator: Zanata 4.4.5\n"
 
 #. type: Content of: <reference><title>
 #: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
@@ -99,7 +100,7 @@ msgstr ""
 #: sss_groupmod.8.xml:39 pam_sss.8.xml:64 sssd.8.xml:42 sss_obfuscate.8.xml:58
 #: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
 #: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
-#: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:66
+#: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:123
 #: sss_ssh_knownhostsproxy.1.xml:62
 msgid "OPTIONS"
 msgstr "ПАРАМЕТРИ"
@@ -214,8 +215,12 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd.conf.5.xml:41
+#, fuzzy
+#| msgid ""
+#| "A line comment starts with a hash sign (<quote>#</quote>) or a semicolon "
+#| "(<quote>;</quote>).  Inline comments are not supported."
 msgid ""
-"A line comment starts with a hash sign (<quote>#</quote>) or a semicolon "
+"A comment line starts with a hash sign (<quote>#</quote>) or a semicolon "
 "(<quote>;</quote>).  Inline comments are not supported."
 msgstr ""
 "Рядок коментаря починається з символу решітки (<quote>#</quote>) або крапки "
@@ -358,11 +363,12 @@ msgstr ""
 "проігноровано."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:133 sssd.conf.5.xml:543 sssd.conf.5.xml:837
-#: sssd.conf.5.xml:1474 sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1937
-#: sssd-ldap.5.xml:1999 sssd-ldap.5.xml:2565 sssd-ldap.5.xml:2630
-#: sssd-ldap.5.xml:2648 sssd-ad.5.xml:224 sssd-ad.5.xml:338 sssd-ad.5.xml:882
-#: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
+#: sssd.conf.5.xml:133 sssd.conf.5.xml:543 sssd.conf.5.xml:839
+#: sssd.conf.5.xml:1491 sssd.conf.5.xml:1521 sssd-ldap.5.xml:1840
+#: sssd-ldap.5.xml:1937 sssd-ldap.5.xml:1999 sssd-ldap.5.xml:2565
+#: sssd-ldap.5.xml:2630 sssd-ldap.5.xml:2648 sssd-ad.5.xml:227
+#: sssd-ad.5.xml:341 sssd-ad.5.xml:885 sssd-krb5.5.xml:499
+#: sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
 msgid "Default: true"
 msgstr "Типове значення: true"
 
@@ -382,8 +388,8 @@ msgstr ""
 "journald, цей параметр буде проігноровано."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:146 sssd.conf.5.xml:540 sssd.conf.5.xml:721
-#: sssd.conf.5.xml:1407 sssd.conf.5.xml:2925 sssd-ldap.5.xml:708
+#: sssd.conf.5.xml:146 sssd.conf.5.xml:540 sssd.conf.5.xml:722
+#: sssd.conf.5.xml:1424 sssd.conf.5.xml:2983 sssd-ldap.5.xml:708
 #: sssd-ldap.5.xml:1714 sssd-ldap.5.xml:1733 sssd-ldap.5.xml:1909
 #: sssd-ldap.5.xml:2335 sssd-ipa.5.xml:151 sssd-ipa.5.xml:238
 #: sssd-ipa.5.xml:559 sssd-krb5.5.xml:266 sssd-krb5.5.xml:300
@@ -421,7 +427,7 @@ msgstr ""
 "самостійно."
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:169 sssd.conf.5.xml:1359 sssd.conf.5.xml:2941
+#: sssd.conf.5.xml:169 sssd.conf.5.xml:1376 sssd.conf.5.xml:2999
 #: sssd-ldap.5.xml:1585 include/ldap_id_mapping.xml:264
 msgid "Default: 10"
 msgstr "Типове значення: 10"
@@ -437,7 +443,7 @@ msgid "The [sssd] section"
 msgstr "Розділ [sssd]"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:191 sssd.conf.5.xml:3030
+#: sssd.conf.5.xml:191 sssd.conf.5.xml:3088
 msgid "Section parameters"
 msgstr "Параметри розділу"
 
@@ -462,12 +468,6 @@ msgstr "services"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:205
-#, fuzzy
-#| msgid ""
-#| "Comma separated list of services that are started when sssd itself "
-#| "starts.  <phrase condition=\"have_systemd\"> The services' list is "
-#| "optional on platforms where systemd is supported, as they will either be "
-#| "socket or dbus activated when needed.  </phrase>"
 msgid ""
 "Comma separated list of services that are started when sssd itself starts.  "
 "<phrase condition=\"have_systemd\"> The services' list is optional on "
@@ -504,12 +504,12 @@ msgstr ""
 "\"systemctl enable sssd-@service@.socket\".  </phrase>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231 sssd.conf.5.xml:613
+#: sssd.conf.5.xml:231 sssd.conf.5.xml:614
 msgid "reconnection_retries (integer)"
 msgstr "reconnection_retries (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:234 sssd.conf.5.xml:616
+#: sssd.conf.5.xml:234 sssd.conf.5.xml:617
 msgid ""
 "Number of times services should attempt to reconnect in the event of a Data "
 "Provider crash or restart before they give up"
@@ -519,7 +519,7 @@ msgstr ""
 "визнання подальших спроб безнадійними."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:239 sssd.conf.5.xml:621
+#: sssd.conf.5.xml:239 sssd.conf.5.xml:622
 msgid "Default: 3"
 msgstr "Типове значення: 3"
 
@@ -545,7 +545,7 @@ msgstr ""
 "ASCII, дефісів, крапок та знаків підкреслювання."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:259 sssd.conf.5.xml:2539
+#: sssd.conf.5.xml:259 sssd.conf.5.xml:2597
 msgid "re_expression (string)"
 msgstr "re_expression (рядок)"
 
@@ -571,12 +571,12 @@ msgstr ""
 "ДОМЕНІВ."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:276 sssd.conf.5.xml:2590
+#: sssd.conf.5.xml:276 sssd.conf.5.xml:2648
 msgid "full_name_format (string)"
 msgstr "full_name_format (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:279 sssd.conf.5.xml:2593
+#: sssd.conf.5.xml:279 sssd.conf.5.xml:2651
 msgid ""
 "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
 "manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -588,32 +588,32 @@ msgstr ""
 "домену."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:290 sssd.conf.5.xml:2604
+#: sssd.conf.5.xml:290 sssd.conf.5.xml:2662
 msgid "%1$s"
 msgstr "%1$s"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:291 sssd.conf.5.xml:2605
+#: sssd.conf.5.xml:291 sssd.conf.5.xml:2663
 msgid "user name"
 msgstr "ім’я користувача"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:294 sssd.conf.5.xml:2608
+#: sssd.conf.5.xml:294 sssd.conf.5.xml:2666
 msgid "%2$s"
 msgstr "%2$s"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:297 sssd.conf.5.xml:2611
+#: sssd.conf.5.xml:297 sssd.conf.5.xml:2669
 msgid "domain name as specified in the SSSD config file."
 msgstr "назва домену у форматі, вказаному у файлі налаштувань SSSD."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:303 sssd.conf.5.xml:2617
+#: sssd.conf.5.xml:303 sssd.conf.5.xml:2675
 msgid "%3$s"
 msgstr "%3$s"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:306 sssd.conf.5.xml:2620
+#: sssd.conf.5.xml:306 sssd.conf.5.xml:2678
 msgid ""
 "domain flat name. Mostly usable for Active Directory domains, both directly "
 "configured or discovered via IPA trusts."
@@ -622,7 +622,7 @@ msgstr ""
 "Directory, налаштованих та автоматично виявлених за зв’язками довіри IPA."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:287 sssd.conf.5.xml:2601
+#: sssd.conf.5.xml:287 sssd.conf.5.xml:2659
 msgid ""
 "The following expansions are supported: <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
@@ -789,9 +789,9 @@ msgstr ""
 "use_fully_qualified_names рівним False."
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:418 sssd.conf.5.xml:1163 sssd-ldap.5.xml:679
+#: sssd.conf.5.xml:418 sssd.conf.5.xml:1165 sssd-ldap.5.xml:679
 #: sssd-ldap.5.xml:1319 sssd-ldap.5.xml:1673 sssd-ldap.5.xml:1685
-#: sssd-ldap.5.xml:1767 sssd-ad.5.xml:687 sssd-ad.5.xml:762 sssd.8.xml:126
+#: sssd-ldap.5.xml:1767 sssd-ad.5.xml:690 sssd-ad.5.xml:765 sssd.8.xml:126
 #: sssd-krb5.5.xml:410 sssd-krb5.5.xml:556 sssd-secrets.5.xml:339
 #: sssd-secrets.5.xml:377 sssd-secrets.5.xml:390 sssd-secrets.5.xml:404
 #: sssd-secrets.5.xml:415 include/ldap_id_mapping.xml:205
@@ -1009,23 +1009,51 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:563
+#, fuzzy
+#| msgid ""
+#| "Please, note that when this option is set the output format of all "
+#| "commands is always fully-qualified even when using short names for "
+#| "input.  In case the administrator wants the output not fully-qualified, "
+#| "the full_name_format option can be used as shown below: "
+#| "<quote>full_name_format=%1$s</quote> However, keep in mind that during "
+#| "login, login applications often canonicalize the username by calling "
+#| "<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</"
+#| "manvolnum> </citerefentry> which, if a shortname is returned for a "
+#| "qualified input (while trying to reach a user which exists in multiple "
+#| "domains) might re-route the login attempt into the domain which users "
+#| "shortnames, making this workaround totally not recommended in cases where "
+#| "usernames may overlap between domains."
 msgid ""
 "Please, note that when this option is set the output format of all commands "
-"is always fully-qualified even when using short names for input.  In case "
-"the administrator wants the output not fully-qualified, the full_name_format "
-"option can be used as shown below: <quote>full_name_format=%1$s</quote> "
-"However, keep in mind that during login, login applications often "
-"canonicalize the username by calling <citerefentry> <refentrytitle>getpwnam</"
-"refentrytitle> <manvolnum>3</manvolnum> </citerefentry> which, if a "
-"shortname is returned for a qualified input (while trying to reach a user "
-"which exists in multiple domains) might re-route the login attempt into the "
-"domain which users shortnames, making this workaround totally not "
-"recommended in cases where usernames may overlap between domains."
-msgstr ""
+"is always fully-qualified even when using short names for input, for all "
+"users but the ones managed by the files provider.  In case the administrator "
+"wants the output not fully-qualified, the full_name_format option can be "
+"used as shown below: <quote>full_name_format=%1$s</quote> However, keep in "
+"mind that during login, login applications often canonicalize the username "
+"by calling <citerefentry> <refentrytitle>getpwnam</refentrytitle> "
+"<manvolnum>3</manvolnum> </citerefentry> which, if a shortname is returned "
+"for a qualified input (while trying to reach a user which exists in multiple "
+"domains) might re-route the login attempt into the domain which uses "
+"shortnames, making this workaround totally not recommended in cases where "
+"usernames may overlap between domains."
+msgstr ""
+"Будь ласка, зауважте, що якщо встановлено цей параметр, для виведення даних "
+"усіма командами використовуватиметься повний формат, навіть якщо у вхідних "
+"даних були скорочені назви. Якщо адміністратору потрібні скорочені дані у "
+"виведенні, параметр full_name_format можна використати так: "
+"<quote>full_name_format=%1$s</quote> Втім, слід пам'ятати, що під час входу "
+"до облікового запису програми часто перетворюють ім'я користувача до "
+"канонічної форми, викликаючи програму <citerefentry> "
+"<refentrytitle>getpwnam</refentrytitle> <manvolnum>3</manvolnum> </"
+"citerefentry>, яка, якщо повернуто скорочену назву для повних вхідних даних "
+"(під час спроби обробки даних користувача, запис якого існує у декількох "
+"доменах) може переспрямувати спробу входу до домену, де використовуються "
+"скорочені назви, і знівелює цей обхідний маневр, якщо імена користувачів у "
+"різних доменах можуть бути однаковими."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587 sssd.conf.5.xml:1371 sssd.conf.5.xml:2991
-#: sssd-ad.5.xml:161 sssd-ad.5.xml:299 sssd-ad.5.xml:313
+#: sssd.conf.5.xml:588 sssd.conf.5.xml:1388 sssd.conf.5.xml:3049
+#: sssd-ad.5.xml:164 sssd-ad.5.xml:302 sssd-ad.5.xml:316
 msgid "Default: Not set"
 msgstr "Типове значення: не встановлено"
 
@@ -1046,12 +1074,12 @@ msgstr ""
 "профілів.  <placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:598
+#: sssd.conf.5.xml:599
 msgid "SERVICES SECTIONS"
 msgstr "РОЗДІЛИ СЛУЖБ"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:600
+#: sssd.conf.5.xml:601
 msgid ""
 "Settings that can be used to configure different services are described in "
 "this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -1064,22 +1092,22 @@ msgstr ""
 "у розділі <quote>[nss]</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:607
+#: sssd.conf.5.xml:608
 msgid "General service configuration options"
 msgstr "Загальні параметри налаштування служб"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:609
+#: sssd.conf.5.xml:610
 msgid "These options can be used to configure any service."
 msgstr "Цими параметрами можна скористатися для налаштування будь-яких служб."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:626
+#: sssd.conf.5.xml:627
 msgid "fd_limit"
 msgstr "fd_limit"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:629
+#: sssd.conf.5.xml:630
 msgid ""
 "This option specifies the maximum number of file descriptors that may be "
 "opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -1095,17 +1123,17 @@ msgstr ""
 "цього параметра і обмеженням \"hard\" у  limits.conf."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:638
+#: sssd.conf.5.xml:639
 msgid "Default: 8192 (or limits.conf \"hard\" limit)"
 msgstr "Типове значення: 8192 (або обмеження у limits.conf \"hard\")"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:643
+#: sssd.conf.5.xml:644
 msgid "client_idle_timeout"
 msgstr "client_idle_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:646
+#: sssd.conf.5.xml:647
 msgid ""
 "This option specifies the number of seconds that a client of an SSSD process "
 "can hold onto a file descriptor without communicating on it. This value is "
@@ -1121,18 +1149,18 @@ msgstr ""
 "до 10 секунд."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:655 sssd.conf.5.xml:687 sssd.conf.5.xml:968
-#: sssd.conf.5.xml:1229 sssd-ldap.5.xml:1412
+#: sssd.conf.5.xml:656 sssd.conf.5.xml:688 sssd.conf.5.xml:970
+#: sssd.conf.5.xml:1231 sssd-ldap.5.xml:1412
 msgid "Default: 60"
 msgstr "Типове значення: 60"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:660
+#: sssd.conf.5.xml:661
 msgid "offline_timeout (integer)"
 msgstr "offline_timeout (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:663
+#: sssd.conf.5.xml:664
 msgid ""
 "When SSSD switches to offline mode the amount of time before it tries to go "
 "back online will increase based upon the time spent disconnected.  This "
@@ -1144,12 +1172,12 @@ msgstr ""
 "значення вказується у секундах і обчислюється за такою формулою:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:670
+#: sssd.conf.5.xml:671
 msgid "offline_timeout + random_offset"
 msgstr "час_очікування_для_переходу_у_автономний_режим + випадковий_зсув"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:673
+#: sssd.conf.5.xml:674
 msgid ""
 "The random offset can increment up to 30 seconds.  After each unsuccessful "
 "attempt to go online, the new interval is recalculated by the following:"
@@ -1159,12 +1187,12 @@ msgstr ""
 "таким чином:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:678
+#: sssd.conf.5.xml:679
 msgid "new_interval = old_interval*2 + random_offset"
 msgstr "новий_інтервал = старий_інтервал*2 + випадковий_зсув"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:681
+#: sssd.conf.5.xml:682
 msgid ""
 "Note that the maximum length of each interval is currently limited to one "
 "hour. If the calculated length of new_interval is greater than an hour, it "
@@ -1175,21 +1203,12 @@ msgstr ""
 "перевищує годину, буде встановлено інтервал у одну годину."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:692
+#: sssd.conf.5.xml:693
 msgid "responder_idle_timeout"
 msgstr "responder_idle_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:695
-#, fuzzy
-#| msgid ""
-#| "This option specifies the number of seconds that an SSSD responder "
-#| "process can be up without being used. This value is limited in order to "
-#| "avoid resource exhaustion on the system.  The minimum acceptable value "
-#| "for this option is 60 seconds.  Setting this option to 0 (zero) means "
-#| "that no timeout will be set up to the responder.  This option only has "
-#| "effect when SSSD is built with systemd support and when services are "
-#| "either socket or dbus activated."
+#: sssd.conf.5.xml:696
 msgid ""
 "This option specifies the number of seconds that an SSSD responder process "
 "can be up without being used. This value is limited in order to avoid "
@@ -1208,18 +1227,18 @@ msgstr ""
 "і якщо служби активуються за допомогою або сокетів або D-Bus."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:709 sssd.conf.5.xml:981 sssd.conf.5.xml:1566
+#: sssd.conf.5.xml:710 sssd.conf.5.xml:983 sssd.conf.5.xml:1616
 #: sssd-ldap.5.xml:722
 msgid "Default: 300"
 msgstr "Типове значення: 300"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:714
+#: sssd.conf.5.xml:715
 msgid "cache_first"
 msgstr "cache_first"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:717
+#: sssd.conf.5.xml:718
 msgid ""
 "This option specifies whether the responder should query all caches before "
 "querying the Data Providers."
@@ -1228,12 +1247,12 @@ msgstr ""
 "запису до модулів засобів надання даних."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:729
+#: sssd.conf.5.xml:730
 msgid "NSS configuration options"
 msgstr "Параметри налаштування NSS"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:731
+#: sssd.conf.5.xml:732
 msgid ""
 "These options can be used to configure the Name Service Switch (NSS) service."
 msgstr ""
@@ -1241,12 +1260,12 @@ msgstr ""
 "Switch (NSS або перемикання служби визначення назв)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:736
+#: sssd.conf.5.xml:737
 msgid "enum_cache_timeout (integer)"
 msgstr "enum_cache_timeout (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:739
+#: sssd.conf.5.xml:740
 msgid ""
 "How many seconds should nss_sss cache enumerations (requests for info about "
 "all users)"
@@ -1255,17 +1274,17 @@ msgstr ""
 "кеші nss_sss у секундах"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:743
+#: sssd.conf.5.xml:744
 msgid "Default: 120"
 msgstr "Типове значення: 120"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:748
+#: sssd.conf.5.xml:749
 msgid "entry_cache_nowait_percentage (integer)"
 msgstr "entry_cache_nowait_percentage (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:751
+#: sssd.conf.5.xml:752
 msgid ""
 "The entry cache can be set to automatically update entries in the background "
 "if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -1276,7 +1295,7 @@ msgstr ""
 "entry_cache_timeout для домену період часу."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:757
+#: sssd.conf.5.xml:758
 msgid ""
 "For example, if the domain's entry_cache_timeout is set to 30s and "
 "entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -1291,7 +1310,7 @@ msgstr ""
 "розблокування після оновлення кешу."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:767
+#: sssd.conf.5.xml:768
 msgid ""
 "Valid values for this option are 0-99 and represent a percentage of the "
 "entry_cache_timeout for each domain. For performance reasons, this "
@@ -1305,17 +1324,17 @@ msgstr ""
 "можливість."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:775 sssd.conf.5.xml:1428
+#: sssd.conf.5.xml:776 sssd.conf.5.xml:1445
 msgid "Default: 50"
 msgstr "Типове значення: 50"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:780
+#: sssd.conf.5.xml:781
 msgid "entry_negative_timeout (integer)"
 msgstr "entry_negative_timeout (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:784
 msgid ""
 "Specifies for how many seconds nss_sss should cache negative cache hits "
 "(that is, queries for invalid database entries, like nonexistent ones)  "
@@ -1326,37 +1345,44 @@ msgstr ""
 "даних, зокрема неіснуючих) перед повторним запитом до сервера обробки."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:789 sssd.conf.5.xml:1452
+#: sssd.conf.5.xml:790 sssd.conf.5.xml:1469
 msgid "Default: 15"
 msgstr "Типове значення: 15"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:794
+#: sssd.conf.5.xml:795
 msgid "local_negative_timeout (integer)"
 msgstr "local_negative_timeout (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:797
+#: sssd.conf.5.xml:798
+#, fuzzy
+#| msgid ""
+#| "Specifies for how many seconds nss_sss should keep local users and groups "
+#| "in negative cache before trying to look it up in the back end again."
 msgid ""
 "Specifies for how many seconds nss_sss should keep local users and groups in "
-"negative cache before trying to look it up in the back end again."
+"negative cache before trying to look it up in the back end again. Setting "
+"the option to 0 disables this feature."
 msgstr ""
 "Визначає кількість секунд, протягом яких nss_sss має зберігати негативні "
 "результати пошуку у кеші користувачів і груп, перші ніж намагатися знову "
 "шукати їх за допомогою модуля надання даних."
 
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:802 sssd.conf.5.xml:1217 sssd.conf.5.xml:2846 sssd.8.xml:79
-msgid "Default: 0"
-msgstr "Типове значення: 0"
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:804
+#, fuzzy
+#| msgid "Default: 86400 (24 hours)"
+msgid "Default: 14400 (4 hours)"
+msgstr "Типове значення: 86400 (24 години)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:807
+#: sssd.conf.5.xml:809
 msgid "filter_users, filter_groups (string)"
 msgstr "filter_users, filter_groups (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:810
+#: sssd.conf.5.xml:812
 msgid ""
 "Exclude certain users or groups from being fetched from the sss NSS "
 "database. This is particularly useful for system accounts. This option can "
@@ -1370,7 +1396,7 @@ msgstr ""
 "обмеження списку користувачами лише з певного домену."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:817
+#: sssd.conf.5.xml:819
 msgid ""
 "NOTE: The filter_groups option doesn't affect inheritance of nested group "
 "members, since filtering happens after they are propagated for returning via "
@@ -1384,17 +1410,17 @@ msgstr ""
 "відфільтрованої групи."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:825
+#: sssd.conf.5.xml:827
 msgid "Default: root"
 msgstr "Типове значення: root"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:830
+#: sssd.conf.5.xml:832
 msgid "filter_users_in_groups (bool)"
 msgstr "filter_users_in_groups (булеве значення)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:833
+#: sssd.conf.5.xml:835
 msgid ""
 "If you want filtered user still be group members set this option to false."
 msgstr ""
@@ -1402,12 +1428,12 @@ msgstr ""
 "встановіть для цього параметра значення «false»."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:844
+#: sssd.conf.5.xml:846
 msgid "fallback_homedir (string)"
 msgstr "fallback_homedir (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:849
 msgid ""
 "Set a default template for a user's home directory if one is not specified "
 "explicitly by the domain's data provider."
@@ -1416,7 +1442,7 @@ msgstr ""
 "каталог не вказано явним чином засобом надання даних домену."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:852
+#: sssd.conf.5.xml:854
 msgid ""
 "The available values for this option are the same as for override_homedir."
 msgstr ""
@@ -1424,7 +1450,7 @@ msgstr ""
 "для параметра override_homedir."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:858
+#: sssd.conf.5.xml:860
 #, no-wrap
 msgid ""
 "fallback_homedir = /home/%u\n"
@@ -1434,25 +1460,25 @@ msgstr ""
 "                            "
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:856 sssd.conf.5.xml:1296 sssd.conf.5.xml:1315
+#: sssd.conf.5.xml:858 sssd.conf.5.xml:1298 sssd.conf.5.xml:1317
 #: sssd-krb5.5.xml:539 include/override_homedir.xml:59
 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr "приклад: <placeholder type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:862
+#: sssd.conf.5.xml:864
 msgid "Default: not set (no substitution for unset home directories)"
 msgstr ""
 "Типове значення: не встановлено (без замін для невстановлених домашніх "
 "каталогів)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:870
 msgid "override_shell (string)"
 msgstr "override_shell (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:873
 msgid ""
 "Override the login shell for all users. This option supersedes any other "
 "shell options if it takes effect and can be set either in the [nss] section "
@@ -1464,19 +1490,19 @@ msgstr ""
 "або для кожного з доменів окремо."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:877
+#: sssd.conf.5.xml:879
 msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
 msgstr ""
 "Типове значення: не встановлено (SSSD використовуватиме значення, отримане "
 "від LDAP)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:883
+#: sssd.conf.5.xml:885
 msgid "allowed_shells (string)"
 msgstr "allowed_shells (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:886
+#: sssd.conf.5.xml:888
 msgid ""
 "Restrict user shell to one of the listed values. The order of evaluation is:"
 msgstr ""
@@ -1484,13 +1510,13 @@ msgstr ""
 "визначення оболонки є таким:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:889
+#: sssd.conf.5.xml:891
 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
 msgstr ""
 "1. Якщо оболонку вказано у <quote>/etc/shells</quote>, її буде використано."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:895
 msgid ""
 "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
 "quote>, use the value of the shell_fallback parameter."
@@ -1500,7 +1526,7 @@ msgstr ""
 "shell_fallback."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:898
+#: sssd.conf.5.xml:900
 msgid ""
 "3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
 "shells</quote>, a nologin shell is used."
@@ -1509,14 +1535,14 @@ msgstr ""
 "<quote>/etc/shells</quote>, буде використано оболонку nologin."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:903
+#: sssd.conf.5.xml:905
 msgid "The wildcard (*) can be used to allow any shell."
 msgstr ""
 "Для визначення будь-якої командної оболонки можна скористатися шаблоном "
 "заміни (*)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:906
+#: sssd.conf.5.xml:908
 msgid ""
 "The (*) is useful if you want to use shell_fallback in case that user's "
 "shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -1528,12 +1554,12 @@ msgstr ""
 "справою."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:913
+#: sssd.conf.5.xml:915
 msgid "An empty string for shell is passed as-is to libc."
 msgstr "Порожній рядок оболонки буде передано без обробки до libc."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:918
 msgid ""
 "The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
 "that a restart of the SSSD is required in case a new shell is installed."
@@ -1542,29 +1568,29 @@ msgstr ""
 "тобто у разі встановлення нової оболонки слід перезапустити SSSD."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:920
+#: sssd.conf.5.xml:922
 msgid "Default: Not set. The user shell is automatically used."
 msgstr ""
 "Типове значення: не встановлено. Автоматично використовується оболонка "
 "користувача."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:925
+#: sssd.conf.5.xml:927
 msgid "vetoed_shells (string)"
 msgstr "vetoed_shells (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:928
+#: sssd.conf.5.xml:930
 msgid "Replace any instance of these shells with the shell_fallback"
 msgstr "Замінити всі записи цих оболонок на shell_fallback"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:933
+#: sssd.conf.5.xml:935
 msgid "shell_fallback (string)"
 msgstr "shell_fallback (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:936
+#: sssd.conf.5.xml:938
 msgid ""
 "The default shell to use if an allowed shell is not installed on the machine."
 msgstr ""
@@ -1572,17 +1598,17 @@ msgstr ""
 "системі не встановлено."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
+#: sssd.conf.5.xml:942
 msgid "Default: /bin/sh"
 msgstr "Типове значення: /bin/sh"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:945
+#: sssd.conf.5.xml:947
 msgid "default_shell"
 msgstr "default_shell"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:950
 msgid ""
 "The default shell to use if the provider does not return one during lookup. "
 "This option can be specified globally in the [nss] section or per-domain."
@@ -1592,7 +1618,7 @@ msgstr ""
 "або на загальному рівні у розділі [nss], або окремо для кожного з доменів."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:956
 msgid ""
 "Default: not set (Return NULL if no shell is specified and rely on libc to "
 "substitute something sensible when necessary, usually /bin/sh)"
@@ -1602,12 +1628,12 @@ msgstr ""
 "зазвичай /bin/sh)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:961 sssd.conf.5.xml:1222
+#: sssd.conf.5.xml:963 sssd.conf.5.xml:1224
 msgid "get_domains_timeout (int)"
 msgstr "get_domains_timeout (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:964 sssd.conf.5.xml:1225
+#: sssd.conf.5.xml:966 sssd.conf.5.xml:1227
 msgid ""
 "Specifies time in seconds for which the list of subdomains will be "
 "considered valid."
@@ -1616,32 +1642,31 @@ msgstr ""
 "чинним."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:973
+#: sssd.conf.5.xml:975
 msgid "memcache_timeout (int)"
 msgstr "memcache_timeout (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:976
-#, fuzzy
-#| msgid ""
-#| "Specifies time in seconds for which records in the in-memory cache will "
-#| "be valid."
+#: sssd.conf.5.xml:978
 msgid ""
 "Specifies time in seconds for which records in the in-memory cache will be "
 "valid. Setting this option to zero will disable the in-memory cache."
 msgstr ""
 "Визначає час у секундах, протягом якого список піддоменів вважатиметься "
-"чинним."
+"чинним. Встановлення для цього параметра нульового значення вимикає кеш у "
+"пам'яті."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:984
+#: sssd.conf.5.xml:986
 msgid ""
 "WARNING: Disabling the in-memory cache will have significant negative impact "
 "on SSSD's performance and should only be used for testing."
 msgstr ""
+"Попередження: вимикання кешу у пам'яті значно погіршить швидкодію SSSD, ним "
+"варто користуватися лише для тестування."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:990
+#: sssd.conf.5.xml:992
 msgid ""
 "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
 "client applications will not use the fast in-memory cache."
@@ -1651,12 +1676,12 @@ msgstr ""
 "пам’яті."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:998 sssd-ifp.5.xml:74
+#: sssd.conf.5.xml:1000 sssd-ifp.5.xml:74
 msgid "user_attributes (string)"
 msgstr "user_attributes (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1001
+#: sssd.conf.5.xml:1003
 msgid ""
 "Some of the additional NSS responder requests can return more attributes "
 "than just the POSIX ones defined by the NSS interface. The list of "
@@ -1673,7 +1698,7 @@ msgstr ""
 "manvolnum> </citerefentry>, щоб дізнатися більше), але без типових значень."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1014
+#: sssd.conf.5.xml:1016
 msgid ""
 "To make configuration more easy the NSS responder will check the InfoPipe "
 "option if it is not set for the NSS responder."
@@ -1682,19 +1707,19 @@ msgstr ""
 "на те, чи не встановлено його для відповідача NSS."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1019
+#: sssd.conf.5.xml:1021
 msgid "Default: not set, fallback to InfoPipe option"
 msgstr ""
 "Типове значення: не встановлено, резервне значення визначається за "
 "параметром InfoPipe"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1026
 msgid "pwfield (string)"
 msgstr "pwfield (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1029
 msgid ""
 "The value that NSS operations that return users or groups will return for "
 "the <quote>password</quote> field."
@@ -1703,13 +1728,13 @@ msgstr ""
 "груп, для поля <quote>password</quote>."
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:1032 include/override_homedir.xml:56
+#: sssd.conf.5.xml:1034 include/override_homedir.xml:56
 msgid "This option can also be set per-domain."
 msgstr ""
 "Значення цього параметра можна встановлювати для кожного з доменів окремо."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1035
+#: sssd.conf.5.xml:1037
 msgid ""
 "Default: <quote>*</quote> (remote domains)  or <quote>x</quote> (the files "
 "domain)"
@@ -1718,12 +1743,12 @@ msgstr ""
 "(файловий домен)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1043
+#: sssd.conf.5.xml:1045
 msgid "PAM configuration options"
 msgstr "Параметри налаштування PAM"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1047
 msgid ""
 "These options can be used to configure the Pluggable Authentication Module "
 "(PAM) service."
@@ -1732,12 +1757,12 @@ msgstr ""
 "Authentication Module (PAM або блокового модуля розпізнавання)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1050
+#: sssd.conf.5.xml:1052
 msgid "offline_credentials_expiration (integer)"
 msgstr "offline_credentials_expiration (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1053
+#: sssd.conf.5.xml:1055
 msgid ""
 "If the authentication provider is offline, how long should we allow cached "
 "logins (in days since the last successful online login)."
@@ -1747,17 +1772,17 @@ msgstr ""
 "входу до системи)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1058 sssd.conf.5.xml:1071
+#: sssd.conf.5.xml:1060 sssd.conf.5.xml:1073
 msgid "Default: 0 (No limit)"
 msgstr "Типове значення: 0 (без обмежень)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1064
+#: sssd.conf.5.xml:1066
 msgid "offline_failed_login_attempts (integer)"
 msgstr "offline_failed_login_attempts (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1067
+#: sssd.conf.5.xml:1069
 msgid ""
 "If the authentication provider is offline, how many failed login attempts "
 "are allowed."
@@ -1766,12 +1791,12 @@ msgstr ""
 "дозволену кількість спроб входу з визначенням помилкового пароля."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1077
+#: sssd.conf.5.xml:1079
 msgid "offline_failed_login_delay (integer)"
 msgstr "offline_failed_login_delay (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1080
+#: sssd.conf.5.xml:1082
 msgid ""
 "The time in minutes which has to pass after offline_failed_login_attempts "
 "has been reached before a new login attempt is possible."
@@ -1781,7 +1806,7 @@ msgstr ""
 "системи."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1085
+#: sssd.conf.5.xml:1087
 msgid ""
 "If set to 0 the user cannot authenticate offline if "
 "offline_failed_login_attempts has been reached. Only a successful online "
@@ -1793,17 +1818,17 @@ msgstr ""
 "увімкнути можливість автономного розпізнавання."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1091 sssd.conf.5.xml:1189
+#: sssd.conf.5.xml:1093 sssd.conf.5.xml:1191
 msgid "Default: 5"
 msgstr "Типове значення: 5"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1097
+#: sssd.conf.5.xml:1099
 msgid "pam_verbosity (integer)"
 msgstr "pam_verbosity (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1100
+#: sssd.conf.5.xml:1102
 msgid ""
 "Controls what kind of messages are shown to the user during authentication. "
 "The higher the number to more messages are displayed."
@@ -1812,49 +1837,43 @@ msgstr ""
 "розпізнавання. Чим більшим є значення, тим більше повідомлень буде показано."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1105
+#: sssd.conf.5.xml:1107
 msgid "Currently sssd supports the following values:"
 msgstr "У поточній версії sssd передбачено підтримку таких значень:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1108
+#: sssd.conf.5.xml:1110
 msgid "<emphasis>0</emphasis>: do not show any message"
 msgstr "<emphasis>0</emphasis>: не показувати жодних повідомлень"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1111
+#: sssd.conf.5.xml:1113
 msgid "<emphasis>1</emphasis>: show only important messages"
 msgstr "<emphasis>1</emphasis>: показувати лише важливі повідомлення"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1115
+#: sssd.conf.5.xml:1117
 msgid "<emphasis>2</emphasis>: show informational messages"
 msgstr "<emphasis>2</emphasis>: показувати всі інформаційні повідомлення"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1118
+#: sssd.conf.5.xml:1120
 msgid "<emphasis>3</emphasis>: show all messages and debug information"
 msgstr ""
 "<emphasis>3</emphasis>: показувати всі повідомлення та діагностичні дані"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1122 sssd.8.xml:63
+#: sssd.conf.5.xml:1124 sssd.8.xml:63
 msgid "Default: 1"
 msgstr "Типове значення: 1"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1128
+#: sssd.conf.5.xml:1130
 msgid "pam_response_filter (integer)"
 msgstr "pam_response_filter (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1131
-#, fuzzy
-#| msgid ""
-#| "A comma separated list of strings which allows to remove (filter) data "
-#| "send by the PAM responder to pam_sss PAM module. There are different kind "
-#| "of responses send to pam_sss e.g. messages displayed to the user or "
-#| "environment variables which should be set by pam_sss."
+#: sssd.conf.5.xml:1133
 msgid ""
 "A comma separated list of strings which allows to remove (filter) data sent "
 "by the PAM responder to pam_sss PAM module. There are different kind of "
@@ -1868,7 +1887,7 @@ msgstr ""
 "встановлювати за допомогою pam_sss."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1139
+#: sssd.conf.5.xml:1141
 msgid ""
 "While messages already can be controlled with the help of the pam_verbosity "
 "option this option allows to filter out other kind of responses as well."
@@ -1878,43 +1897,37 @@ msgstr ""
 "повідомлень."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1148
 msgid "ENV"
 msgstr "ENV"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1147
-#, fuzzy
-#| msgid "Do not sent any environment variables to any service."
+#: sssd.conf.5.xml:1149
 msgid "Do not send any environment variables to any service."
 msgstr "Не надсилати жодних змінних середовища до жодної служби."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1150
+#: sssd.conf.5.xml:1152
 msgid "ENV:var_name"
 msgstr "ENV:назва_змінної"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1151
-#, fuzzy
-#| msgid "Do not sent environment variable var_name to any service."
+#: sssd.conf.5.xml:1153
 msgid "Do not send environment variable var_name to any service."
 msgstr "Не надсилати змінної середовища назва_змінної до жодної служби."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1155
+#: sssd.conf.5.xml:1157
 msgid "ENV:var_name:service"
 msgstr "ENV:назва_змінної:служба"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1156
-#, fuzzy
-#| msgid "Do not sent environment variable var_name to service."
+#: sssd.conf.5.xml:1158
 msgid "Do not send environment variable var_name to service."
 msgstr "Не надсилати змінної середовища назва_змінної до вказаної служби."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1144
+#: sssd.conf.5.xml:1146
 msgid ""
 "Currently the following filters are supported: <placeholder type="
 "\"variablelist\" id=\"0\"/>"
@@ -1923,17 +1936,17 @@ msgstr ""
 "\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1166
+#: sssd.conf.5.xml:1168
 msgid "Example: ENV:KRB5CCNAME:sudo-i"
 msgstr "Приклад: ENV:KRB5CCNAME:sudo-i"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1174
 msgid "pam_id_timeout (integer)"
 msgstr "pam_id_timeout (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1175
+#: sssd.conf.5.xml:1177
 msgid ""
 "For any PAM request while SSSD is online, the SSSD will attempt to "
 "immediately update the cached identity information for the user in order to "
@@ -1944,7 +1957,7 @@ msgstr ""
 "що розпізнавання виконується на основі найсвіжіших даних."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1181
+#: sssd.conf.5.xml:1183
 msgid ""
 "A complete PAM conversation may perform multiple PAM requests, such as "
 "account management and session opening. This option controls (on a per-"
@@ -1958,18 +1971,18 @@ msgstr ""
 "надання даних профілів."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1195
+#: sssd.conf.5.xml:1197
 msgid "pam_pwd_expiration_warning (integer)"
 msgstr "pam_pwd_expiration_warning (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1198 sssd.conf.5.xml:2028
+#: sssd.conf.5.xml:1200 sssd.conf.5.xml:2078
 msgid "Display a warning N days before the password expires."
 msgstr ""
 "Показати попередження за вказану кількість днів перед завершенням дії пароля."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1201
+#: sssd.conf.5.xml:1203
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -1980,7 +1993,7 @@ msgstr ""
 "попередження."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1207 sssd.conf.5.xml:2031
+#: sssd.conf.5.xml:1209 sssd.conf.5.xml:2081
 msgid ""
 "If zero is set, then this filter is not applied, i.e. if the expiration "
 "warning was received from backend server, it will automatically be displayed."
@@ -1990,7 +2003,7 @@ msgstr ""
 "буде автоматично показано."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1212
+#: sssd.conf.5.xml:1214
 msgid ""
 "This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
 "emphasis> for a particular domain."
@@ -1998,13 +2011,18 @@ msgstr ""
 "Цей параметр може бути перевизначено встановленням параметра "
 "<emphasis>pwd_expiration_warning</emphasis> для окремого домену."
 
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1219 sssd.conf.5.xml:2904 sssd.8.xml:79
+msgid "Default: 0"
+msgstr "Типове значення: 0"
+
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1234
+#: sssd.conf.5.xml:1236
 msgid "pam_trusted_users (string)"
 msgstr "pam_trusted_users (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1237
+#: sssd.conf.5.xml:1239
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to run PAM conversations against trusted domains.  Users not "
@@ -2020,13 +2038,13 @@ msgstr ""
 "під час запуску системи."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1247
+#: sssd.conf.5.xml:1249
 msgid "Default: All users are considered trusted by default"
 msgstr ""
 "Типове значення: типово усі користувачі вважаються надійними (довіреними)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1251
+#: sssd.conf.5.xml:1253
 msgid ""
 "Please note that UID 0 is always allowed to access the PAM responder even in "
 "case it is not in the pam_trusted_users list."
@@ -2035,12 +2053,12 @@ msgstr ""
 "відповідача PAM, навіть якщо користувача немає у списку pam_trusted_users."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1258
+#: sssd.conf.5.xml:1260
 msgid "pam_public_domains (string)"
 msgstr "pam_public_domains (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1261
+#: sssd.conf.5.xml:1263
 msgid ""
 "Specifies the comma-separated list of domain names that are accessible even "
 "to untrusted users."
@@ -2049,12 +2067,12 @@ msgstr ""
 "отримувати навіть ненадійні користувачі."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1265
+#: sssd.conf.5.xml:1267
 msgid "Two special values for pam_public_domains option are defined:"
 msgstr "Визначено два спеціальних значення параметра pam_public_domains:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1269
+#: sssd.conf.5.xml:1271
 msgid ""
 "all (Untrusted users are allowed to access all domains in PAM responder.)"
 msgstr ""
@@ -2062,7 +2080,7 @@ msgstr ""
 "PAM.)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1273
+#: sssd.conf.5.xml:1275
 msgid ""
 "none (Untrusted users are not allowed to access any domains PAM in "
 "responder.)"
@@ -2071,18 +2089,18 @@ msgstr ""
 "відповідачі.)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1277 sssd.conf.5.xml:1302 sssd.conf.5.xml:1321
-#: sssd.conf.5.xml:1825 sssd.conf.5.xml:2782 sssd-ldap.5.xml:1968
+#: sssd.conf.5.xml:1279 sssd.conf.5.xml:1304 sssd.conf.5.xml:1323
+#: sssd.conf.5.xml:1875 sssd.conf.5.xml:2840 sssd-ldap.5.xml:1968
 msgid "Default: none"
 msgstr "Типове значення: none"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1282
+#: sssd.conf.5.xml:1284
 msgid "pam_account_expired_message (string)"
 msgstr "pam_account_expired_message (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1285
+#: sssd.conf.5.xml:1287
 msgid ""
 "Allows a custom expiration message to be set, replacing the default "
 "'Permission denied' message."
@@ -2091,7 +2109,7 @@ msgstr ""
 "замінити типове повідомлення «Доступ заборонено» («Permission denied»)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1290
+#: sssd.conf.5.xml:1292
 msgid ""
 "Note: Please be aware that message is only printed for the SSH service "
 "unless pam_verbosity is set to 3 (show all messages and debug information)."
@@ -2101,7 +2119,7 @@ msgstr ""
 "(показувати усі повідомлення і діагностичні дані)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1298
+#: sssd.conf.5.xml:1300
 #, no-wrap
 msgid ""
 "pam_account_expired_message = Account expired, please contact help desk.\n"
@@ -2111,12 +2129,12 @@ msgstr ""
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1307
+#: sssd.conf.5.xml:1309
 msgid "pam_account_locked_message (string)"
 msgstr "pam_account_locked_message (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1310
+#: sssd.conf.5.xml:1312
 msgid ""
 "Allows a custom lockout message to be set, replacing the default 'Permission "
 "denied' message."
@@ -2125,7 +2143,7 @@ msgstr ""
 "типове повідомлення «Доступ заборонено» («Permission denied»)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1317
+#: sssd.conf.5.xml:1319
 #, no-wrap
 msgid ""
 "pam_account_locked_message = Account locked, please contact help desk.\n"
@@ -2135,12 +2153,12 @@ msgstr ""
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1326
+#: sssd.conf.5.xml:1328
 msgid "pam_cert_auth (bool)"
 msgstr "pam_cert_auth (булеве значення)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1329
+#: sssd.conf.5.xml:1331
 msgid ""
 "Enable certificate based Smartcard authentication.  Since this requires "
 "additional communication with the Smartcard which will delay the "
@@ -2151,19 +2169,19 @@ msgstr ""
 "розпізнавання, типово таку сертифікацію вимкнено."
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1335 sssd.conf.5.xml:2875 sssd-ldap.5.xml:1087
+#: sssd.conf.5.xml:1337 sssd.conf.5.xml:2933 sssd-ldap.5.xml:1087
 #: sssd-ldap.5.xml:1114 sssd-ldap.5.xml:1514 sssd-ldap.5.xml:1535
 #: sssd-ldap.5.xml:2041 include/ldap_id_mapping.xml:244
 msgid "Default: False"
 msgstr "Типове значення: False"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1340
+#: sssd.conf.5.xml:1342
 msgid "pam_cert_db_path (string)"
 msgstr "pam_cert_db_path (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1343
+#: sssd.conf.5.xml:1345
 msgid ""
 "The path to the certificate database which contain the PKCS#11 modules to "
 "access the Smartcard."
@@ -2172,29 +2190,55 @@ msgstr ""
 "смарткартки."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1347
-msgid "Default: /etc/pki/nssdb (NSS version)"
+#: sssd.conf.5.xml:1349 sssd.conf.5.xml:1534
+#, fuzzy
+#| msgid "Default: 3"
+msgid "Default:"
+msgstr "Типове значення: 3"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:1351 sssd.conf.5.xml:1536
+#, fuzzy
+#| msgid "Default: /etc/pki/nssdb (NSS version)"
+msgid "/etc/pki/nssdb (NSS version, path to a NSS database)"
 msgstr "Типове значення: /etc/pki/nssdb (версія NSS)"
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:1354 sssd.conf.5.xml:1539
+msgid ""
+"/etc/sssd/pki/sssd_auth_ca_db.pem (OpenSSL version, path to a file with "
+"trusted CA certificates in PEM format)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1361 sssd.conf.5.xml:1546
+msgid "This man page was generated for the NSS version."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1364 sssd.conf.5.xml:1549
+msgid "This man page was generated for the OpenSSL version."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1352
+#: sssd.conf.5.xml:1369
 msgid "p11_child_timeout (integer)"
 msgstr "p11_child_timeout (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1355
+#: sssd.conf.5.xml:1372
 msgid "How many seconds will pam_sss wait for p11_child to finish."
 msgstr ""
 "Час у секундах, протягом якого pam_sss очікуватиме на завершення роботи "
 "p11_child."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1364
+#: sssd.conf.5.xml:1381
 msgid "pam_app_services (string)"
 msgstr "pam_app_services (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1367
+#: sssd.conf.5.xml:1384
 msgid ""
 "Which PAM services are permitted to contact domains of type "
 "<quote>application</quote>"
@@ -2203,12 +2247,12 @@ msgstr ""
 "типу <quote>application</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1380
+#: sssd.conf.5.xml:1397
 msgid "SUDO configuration options"
 msgstr "Параметри налаштування SUDO"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1382
+#: sssd.conf.5.xml:1399
 msgid ""
 "These options can be used to configure the sudo service.  The detailed "
 "instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -2226,12 +2270,12 @@ msgstr ""
 "citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1399
+#: sssd.conf.5.xml:1416
 msgid "sudo_timed (bool)"
 msgstr "sudo_timed (булеве значення)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1402
+#: sssd.conf.5.xml:1419
 msgid ""
 "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
 "that implement time-dependent sudoers entries."
@@ -2240,14 +2284,12 @@ msgstr ""
 "призначені для визначення часових обмежень для записів sudoers."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1414
-#, fuzzy
-#| msgid "ldap_deref_threshold (integer)"
+#: sssd.conf.5.xml:1431
 msgid "sudo_threshold (integer)"
-msgstr "ldap_deref_threshold (ціле число)"
+msgstr "sudo_threshold (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1417
+#: sssd.conf.5.xml:1434
 msgid ""
 "Maximum number of expired rules that can be refreshed at once. If number of "
 "expired rules is below threshold, those rules are refreshed with "
@@ -2255,24 +2297,30 @@ msgid ""
 "<quote>full refresh</quote> of sudo rules is triggered instead. This "
 "threshold number also applies to IPA sudo command and command group searches."
 msgstr ""
+"Максимальна кількість застарілих правил, які можна оновлювати за один крок. "
+"Якщо кількість застарілих правил є нижчою за це порогове значення, правила "
+"буде оновлено за допомогою механізму <quote>rules refresh</quote>. Якщо "
+"порогове значення перевищено, замість нього буде використано <quote>full "
+"refresh</quote> з правил sudo. Це порогове значення також стосується команди "
+"sudo IPA та групових пошуків команд."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1436
+#: sssd.conf.5.xml:1453
 msgid "AUTOFS configuration options"
 msgstr "Параметри налаштування AUTOFS"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1438
+#: sssd.conf.5.xml:1455
 msgid "These options can be used to configure the autofs service."
 msgstr "Цими параметрами можна скористатися для налаштування служби autofs."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1442
+#: sssd.conf.5.xml:1459
 msgid "autofs_negative_timeout (integer)"
 msgstr "autofs_negative_timeout (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1445
+#: sssd.conf.5.xml:1462
 msgid ""
 "Specifies for how many seconds should the autofs responder negative cache "
 "hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -2283,22 +2331,22 @@ msgstr ""
 "базі даних, зокрема неіснуючих) перед повторним запитом до сервера обробки."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1461
+#: sssd.conf.5.xml:1478
 msgid "SSH configuration options"
 msgstr "Параметри налаштувань SSH"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1463
+#: sssd.conf.5.xml:1480
 msgid "These options can be used to configure the SSH service."
 msgstr "Цими параметрами можна скористатися для налаштування служби SSH."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1467
+#: sssd.conf.5.xml:1484
 msgid "ssh_hash_known_hosts (bool)"
 msgstr "ssh_hash_known_hosts (булеве значення)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1470
+#: sssd.conf.5.xml:1487
 msgid ""
 "Whether or not to hash host names and addresses in the managed known_hosts "
 "file."
@@ -2306,12 +2354,12 @@ msgstr ""
 "Чи слід хешувати назви та адреси вузлів у керованому файлі known_hosts."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1479
+#: sssd.conf.5.xml:1496
 msgid "ssh_known_hosts_timeout (integer)"
 msgstr "ssh_known_hosts_timeout (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1482
+#: sssd.conf.5.xml:1499
 msgid ""
 "How many seconds to keep a host in the managed known_hosts file after its "
 "host keys were requested."
@@ -2320,17 +2368,43 @@ msgstr ""
 "файлі known_hosts після надсилання запиту щодо ключів вузла."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1486
+#: sssd.conf.5.xml:1503
 msgid "Default: 180"
 msgstr "Типове значення: 180"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1491
+#: sssd.conf.5.xml:1508
+#, fuzzy
+#| msgid "ldap_user_certificate (string)"
+msgid "ssh_use_certificate_keys (bool)"
+msgstr "ldap_user_certificate (рядок)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1511
+#, fuzzy
+#| msgid ""
+#| "The skeleton directory, which contains files and directories to be copied "
+#| "in the user's home directory, when the home directory is created by "
+#| "<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</"
+#| "manvolnum> </citerefentry>"
+msgid ""
+"If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh "
+"keys derived from the public key of X.509 certificates stored in the user "
+"entry as well. See <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</"
+"refentrytitle> <manvolnum>1</manvolnum> </citerefentry> for details."
+msgstr ""
+"Каркасний каталог, який містить файли і каталоги, які буде скопійовано до "
+"домашнього каталогу користувача, коли такий домашній каталог створюється "
+"командою <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry>"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1526
 msgid "ca_db (string)"
 msgstr "ca_db (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1494
+#: sssd.conf.5.xml:1529
 msgid ""
 "Path to a storage of trusted CA certificates. The option is used to validate "
 "user certificates before deriving public ssh keys from them."
@@ -2338,18 +2412,13 @@ msgstr ""
 "Шлях до сховища довірених сертифікатів CA. Параметр використовується для "
 "перевірки сертифікатів користувачів до отримання з них відкритих ключів ssh."
 
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1499
-msgid "Default: /etc/pki/nssdb"
-msgstr "Типове значення: /etc/pki/nssdb"
-
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1507
+#: sssd.conf.5.xml:1557
 msgid "PAC responder configuration options"
 msgstr "Параметри налаштування відповідача PAC"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1509
+#: sssd.conf.5.xml:1559
 msgid ""
 "The PAC responder works together with the authorization data plugin for MIT "
 "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -2367,7 +2436,7 @@ msgstr ""
 "декодовано і визначено, виконуються деякі з таких дій:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1518
+#: sssd.conf.5.xml:1568
 msgid ""
 "If the remote user does not exist in the cache, it is created. The UID is "
 "determined with the help of the SID, trusted domains will have UPGs and the "
@@ -2385,7 +2454,7 @@ msgstr ""
 "параметра default_shell."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1526
+#: sssd.conf.5.xml:1576
 msgid ""
 "If there are SIDs of groups from domains sssd knows about, the user will be "
 "added to those groups."
@@ -2394,18 +2463,18 @@ msgstr ""
 "додано до цих груп."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1532
+#: sssd.conf.5.xml:1582
 msgid "These options can be used to configure the PAC responder."
 msgstr ""
 "Цими параметрами можна скористатися для налаштовування відповідача PAC."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1536 sssd-ifp.5.xml:50
+#: sssd.conf.5.xml:1586 sssd-ifp.5.xml:50
 msgid "allowed_uids (string)"
 msgstr "allowed_uids (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1539
+#: sssd.conf.5.xml:1589
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -2416,14 +2485,14 @@ msgstr ""
 "іменами користувачів визначатимуться під час запуску."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1545
+#: sssd.conf.5.xml:1595
 msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
 msgstr ""
 "Типове значення: 0 (доступ до відповідача PAC має лише адміністративний "
 "користувач (root))"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1549
+#: sssd.conf.5.xml:1599
 msgid ""
 "Please note that although the UID 0 is used as the default it will be "
 "overwritten with this option. If you still want to allow the root user to "
@@ -2437,12 +2506,12 @@ msgstr ""
 "запис 0."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1558
+#: sssd.conf.5.xml:1608
 msgid "pac_lifetime (integer)"
 msgstr "pac_lifetime (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1561
+#: sssd.conf.5.xml:1611
 msgid ""
 "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
 "data can be used to determine the group memberships of a user."
@@ -2451,22 +2520,12 @@ msgstr ""
 "використовувати для визначення членства користувача у групі."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1574
-#, fuzzy
-#| msgid "PAC responder configuration options"
+#: sssd.conf.5.xml:1624
 msgid "Session recording configuration options"
-msgstr "Параметри налаштування відповідача PAC"
+msgstr "Параметри налаштовування запису сеансів"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1576
-#, fuzzy
-#| msgid ""
-#| "This manual page describes the configuration of the AD provider for "
-#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</"
-#| "manvolnum> </citerefentry>.  For a detailed syntax reference, refer to "
-#| "the <quote>FILE FORMAT</quote> section of the <citerefentry> "
-#| "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-#| "citerefentry> manual page."
+#: sssd.conf.5.xml:1626
 msgid ""
 "Session recording works in conjunction with <citerefentry> "
 "<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </"
@@ -2474,153 +2533,138 @@ msgid ""
 "they log in on a text terminal.  See also <citerefentry> <refentrytitle>sssd-"
 "session-recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
 msgstr ""
-"На цій сторінці довідника описано налаштування засобу керування доступом AD "
-"для <citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</"
-"manvolnum> </citerefentry>. Щоб дізнатися більше про синтаксис налаштування, "
-"зверніться до розділу «ФОРМАТ ФАЙЛІВ» сторінки довідника <citerefentry> "
-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>."
+"Запис сеансів працює у зв'язці з <citerefentry> <refentrytitle>tlog-rec-"
+"session</refentrytitle> <manvolnum>8</manvolnum> </citerefentry>, частиною "
+"пакунка tlog, для запису даних, які бачать і вводять користувачі після входу "
+"до текстового термінала. Див. також <citerefentry> <refentrytitle>sssd-"
+"session-recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1589
-#, fuzzy
-#| msgid "These options can be used to configure any service."
+#: sssd.conf.5.xml:1639
 msgid "These options can be used to configure session recording."
-msgstr "Цими параметрами можна скористатися для налаштування будь-яких служб."
+msgstr "Цими параметрами можна скористатися для налаштовування запису сеансів."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1593 sssd-session-recording.5.xml:64
-#, fuzzy
-#| msgid "user (string)"
+#: sssd.conf.5.xml:1643 sssd-session-recording.5.xml:64
 msgid "scope (string)"
-msgstr "user (рядок)"
+msgstr "scope (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1600 sssd-session-recording.5.xml:71
-#, fuzzy
-#| msgid "none"
+#: sssd.conf.5.xml:1650 sssd-session-recording.5.xml:71
 msgid "\"none\""
-msgstr "none"
+msgstr "\"none\""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1603 sssd-session-recording.5.xml:74
-#, fuzzy
-#| msgid "Show user overrides."
+#: sssd.conf.5.xml:1653 sssd-session-recording.5.xml:74
 msgid "No users are recorded."
-msgstr "Показати перевизначення користувача."
+msgstr "Користувачі не записуються."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1608 sssd-session-recording.5.xml:79
+#: sssd.conf.5.xml:1658 sssd-session-recording.5.xml:79
 msgid "\"some\""
-msgstr ""
+msgstr "\"some\""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1611 sssd-session-recording.5.xml:82
-#, fuzzy
-#| msgid ""
-#| "Append this user to groups specified by the <replaceable>GROUPS</"
-#| "replaceable> parameter.  The <replaceable>GROUPS</replaceable> parameter "
-#| "is a comma separated list of group names."
+#: sssd.conf.5.xml:1661 sssd-session-recording.5.xml:82
 msgid ""
 "Users/groups specified by <replaceable>users</replaceable> and "
 "<replaceable>groups</replaceable> options are recorded."
 msgstr ""
-"Додати запис користувача до груп, вказаних за допомогою параметра "
-"<replaceable>ГРУПИ</replaceable>. Параметр <replaceable>ГРУПИ</replaceable> "
-"є списком груп, відокремлених комами."
+"Запис вестиметься для користувачів і груп, вказаних параметрами "
+"<replaceable>користувачі</replaceable> і <replaceable>групи</replaceable>."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1620 sssd-session-recording.5.xml:91
+#: sssd.conf.5.xml:1670 sssd-session-recording.5.xml:91
 msgid "\"all\""
-msgstr ""
+msgstr "\"all\""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1623 sssd-session-recording.5.xml:94
+#: sssd.conf.5.xml:1673 sssd-session-recording.5.xml:94
 msgid "All users are recorded."
-msgstr ""
+msgstr "Усі користувачі записуються."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1596 sssd-session-recording.5.xml:67
-#, fuzzy
-#| msgid ""
-#| "The following expansions are supported: <placeholder type=\"variablelist"
-#| "\" id=\"0\"/>"
+#: sssd.conf.5.xml:1646 sssd-session-recording.5.xml:67
 msgid ""
 "One of the following strings specifying the scope of session recording: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
-"Передбачено використання таких замінників: <placeholder type=\"variablelist"
-"\" id=\"0\"/>"
+"Один із вказаних нижче рядків, що визначають область запису сеансів: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1630 sssd-session-recording.5.xml:101
-#, fuzzy
-#| msgid "Default: none"
+#: sssd.conf.5.xml:1680 sssd-session-recording.5.xml:101
 msgid "Default: \"none\""
 msgstr "Типове значення: none"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1635 sssd-session-recording.5.xml:106
-#, fuzzy
-#| msgid "user (string)"
+#: sssd.conf.5.xml:1685 sssd-session-recording.5.xml:106
 msgid "users (string)"
-msgstr "user (рядок)"
+msgstr "users (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1638 sssd-session-recording.5.xml:109
+#: sssd.conf.5.xml:1688 sssd-session-recording.5.xml:109
 msgid ""
 "A comma-separated list of users which should have session recording enabled. "
 "Matches user names as returned by NSS. I.e. after the possible space "
 "replacement, case changes, etc."
 msgstr ""
+"Список відокремлених комами записів користувачів, для яких увімкнено "
+"записування сеансів. Належність до списку визначатиметься за іменами, "
+"повернутими NSS, тобто після можливих замін пробілів, змін регістру символів "
+"тощо."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1644 sssd-session-recording.5.xml:115
-#, fuzzy
-#| msgid "Default: empty, i.e. ldap_uri is used."
+#: sssd.conf.5.xml:1694 sssd-session-recording.5.xml:115
 msgid "Default: Empty. Matches no users."
-msgstr "Типове значення: порожнє, тобто використовується ldap_uri."
+msgstr "Типове значення: порожнє. Не відповідає жодному користувачу."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1649 sssd-session-recording.5.xml:120
-#, fuzzy
-#| msgid "user (string)"
+#: sssd.conf.5.xml:1699 sssd-session-recording.5.xml:120
 msgid "groups (string)"
-msgstr "user (рядок)"
+msgstr "groups (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1652 sssd-session-recording.5.xml:123
+#: sssd.conf.5.xml:1702 sssd-session-recording.5.xml:123
 msgid ""
 "A comma-separated list of groups, members of which should have session "
 "recording enabled. Matches group names as returned by NSS. I.e. after the "
 "possible space replacement, case changes, etc."
 msgstr ""
+"Список відокремлених комами записів груп, для користувачів яких буде "
+"увімкнено записування сеансів. Належність до списку визначатиметься за "
+"назвами, повернутими NSS, тобто після можливих замін пробілів, змін регістру "
+"символів тощо."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1658 sssd-session-recording.5.xml:129
+#: sssd.conf.5.xml:1708 sssd-session-recording.5.xml:129
 msgid ""
 "NOTE: using this option (having it set to anything) has a considerable "
 "performance cost, because each uncached request for a user requires "
 "retrieving and matching the groups the user is member of."
 msgstr ""
+"Зауваження: використання цього параметра (встановлення для нього будь-якого "
+"значення) значно впливає на швидкодію, оскільки некешований запит щодо "
+"користувача потребує отримання і встановлення відповідності груп, до яких "
+"належить користувач."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1665 sssd-session-recording.5.xml:136
+#: sssd.conf.5.xml:1715 sssd-session-recording.5.xml:136
 msgid "Default: Empty. Matches no groups."
-msgstr ""
+msgstr "Типове значення: порожнє. Не відповідає жодній групі."
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1675
+#: sssd.conf.5.xml:1725
 msgid "DOMAIN SECTIONS"
 msgstr "РОЗДІЛИ ДОМЕНІВ"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1682
+#: sssd.conf.5.xml:1732
 msgid "domain_type (string)"
 msgstr "domain_type (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1685
+#: sssd.conf.5.xml:1735
 msgid ""
 "Specifies whether the domain is meant to be used by POSIX-aware clients such "
 "as the Name Service Switch or by applications that do not need POSIX data to "
@@ -2633,7 +2677,7 @@ msgstr ""
 "з доменів POSIX."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1693
+#: sssd.conf.5.xml:1743
 msgid ""
 "Allowed values for this option are <quote>posix</quote> and "
 "<quote>application</quote>."
@@ -2642,7 +2686,7 @@ msgstr ""
 "<quote>application</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1697
+#: sssd.conf.5.xml:1747
 msgid ""
 "POSIX domains are reachable by all services. Application domains are only "
 "reachable from the InfoPipe responder (see <citerefentry> "
@@ -2654,7 +2698,7 @@ msgstr ""
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) і відповідача PAM."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1705
+#: sssd.conf.5.xml:1755
 msgid ""
 "NOTE: The application domains are currently well tested with "
 "<quote>id_provider=ldap</quote> only."
@@ -2663,7 +2707,7 @@ msgstr ""
 "application з <quote>id_provider=ldap</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1709
+#: sssd.conf.5.xml:1759
 msgid ""
 "For an easy way to configure a non-POSIX domains, please see the "
 "<quote>Application domains</quote> section."
@@ -2672,17 +2716,17 @@ msgstr ""
 "ласка, ознайомтеся із розділом <quote>Домени програм</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1713
+#: sssd.conf.5.xml:1763
 msgid "Default: posix"
 msgstr "Типове значення: posix"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1719
+#: sssd.conf.5.xml:1769
 msgid "min_id,max_id (integer)"
 msgstr "min_id,max_id (ціле значення)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1722
+#: sssd.conf.5.xml:1772
 msgid ""
 "UID and GID limits for the domain. If a domain contains an entry that is "
 "outside these limits, it is ignored."
@@ -2691,7 +2735,7 @@ msgstr ""
 "відповідає цим обмеженням, його буде проігноровано."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1727
+#: sssd.conf.5.xml:1777
 msgid ""
 "For users, this affects the primary GID limit. The user will not be returned "
 "to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -2704,7 +2748,7 @@ msgstr ""
 "основної групи і належать діапазону, буде виведено у звичайному режимі."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1734
+#: sssd.conf.5.xml:1784
 msgid ""
 "These ID limits affect even saving entries to cache, not only returning them "
 "by name or ID."
@@ -2713,57 +2757,54 @@ msgstr ""
 "лише повернення записів за назвою або ідентифікатором."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1738
+#: sssd.conf.5.xml:1788
 msgid "Default: 1 for min_id, 0 (no limit) for max_id"
 msgstr "Типові значення: 1 для min_id, 0 (без обмежень) для max_id"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1744
+#: sssd.conf.5.xml:1794
 msgid "enumerate (bool)"
 msgstr "enumerate (булеве значення)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1747
+#: sssd.conf.5.xml:1797
 msgid ""
 "Determines if a domain can be enumerated, that is, whether the domain can "
 "list all the users and group it contains. Note that it is not required to "
 "enable enumeration in order for secondary groups to be displayed. This "
 "parameter can have one of the following values:"
 msgstr ""
+"Визначає, чи можна нумерувати домен, тобто, чи може домен створити список "
+"усіх користувачів і груп, які у ньому містяться. Зауважте, що вмикання "
+"нумерування не є обов'язковим для показу вторинних груп. Цей параметр може "
+"мати такі значення:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1755
+#: sssd.conf.5.xml:1805
 msgid "TRUE = Users and groups are enumerated"
 msgstr "TRUE = користувачі і групи нумеруються"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1758
+#: sssd.conf.5.xml:1808
 msgid "FALSE = No enumerations for this domain"
 msgstr "FALSE = не використовувати нумерацію для цього домену"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1761 sssd.conf.5.xml:1983 sssd.conf.5.xml:2150
+#: sssd.conf.5.xml:1811 sssd.conf.5.xml:2033 sssd.conf.5.xml:2208
 msgid "Default: FALSE"
 msgstr "Типове значення: FALSE"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1764
+#: sssd.conf.5.xml:1814
 msgid ""
 "Enumerating a domain requires SSSD to download and store ALL user and group "
 "entries from the remote server."
 msgstr ""
+"Нумерування домену потребує від SSSD отримання і зберігання усіх записів "
+"користувачів і груп із віддаленого сервера."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1769
-#, fuzzy
-#| msgid ""
-#| "Note: Enabling enumeration has a moderate performance impact on SSSD "
-#| "while enumeration is running. It may take up to several minutes after "
-#| "SSSD startup to fully complete enumerations.  During this time, "
-#| "individual requests for information will go directly to LDAP, though it "
-#| "may be slow, due to the heavy enumeration processing. Saving a large "
-#| "number of entries to cache after the enumeration completes might also be "
-#| "CPU intensive as the memberships have to be recomputed."
+#: sssd.conf.5.xml:1819
 msgid ""
 "Note: Enabling enumeration has a moderate performance impact on SSSD while "
 "enumeration is running. It may take up to several minutes after SSSD startup "
@@ -2781,10 +2822,12 @@ msgstr ""
 "надіслано безпосередньо до LDAP, хоча і з уповільненням через навантаження "
 "системи виконанням нумерації. Збереження великої кількості записів до кешу "
 "після завершення нумерації може також значно навантажити процесор, оскільки "
-"повторне визначення параметрів участі також іноді є складним завданням."
+"повторне визначення параметрів участі також іноді є складним завданням. Це "
+"може призвести до проблем із отриманням відповіді від процесу "
+"<quote>sssd_be</quote> або навіть перезапуску усього засобу стеження."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1784
+#: sssd.conf.5.xml:1834
 msgid ""
 "While the first enumeration is running, requests for the complete user or "
 "group lists may return no results until it completes."
@@ -2794,7 +2837,7 @@ msgstr ""
 "завершено."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1789
+#: sssd.conf.5.xml:1839
 msgid ""
 "Further, enabling enumeration may increase the time necessary to detect "
 "network disconnection, as longer timeouts are required to ensure that "
@@ -2808,7 +2851,7 @@ msgstr ""
 "відповідного використаного засобу обробки ідентифікаторів (id_provider)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1797
+#: sssd.conf.5.xml:1847
 msgid ""
 "For the reasons cited above, enabling enumeration is not recommended, "
 "especially in large environments."
@@ -2817,32 +2860,32 @@ msgstr ""
 "об’ємних середовищах."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1805
+#: sssd.conf.5.xml:1855
 msgid "subdomain_enumerate (string)"
 msgstr "subdomain_enumerate (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1812
+#: sssd.conf.5.xml:1862
 msgid "all"
 msgstr "all"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1813
+#: sssd.conf.5.xml:1863
 msgid "All discovered trusted domains will be enumerated"
 msgstr "Усі виявлені надійні домени буде пронумеровано"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1816
+#: sssd.conf.5.xml:1866
 msgid "none"
 msgstr "none"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1817
+#: sssd.conf.5.xml:1867
 msgid "No discovered trusted domains will be enumerated"
 msgstr "Нумерація виявлених надійних доменів не виконуватиметься"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1808
+#: sssd.conf.5.xml:1858
 msgid ""
 "Whether any of autodetected trusted domains should be enumerated. The "
 "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -2855,12 +2898,12 @@ msgstr ""
 "доменів, для яких буде увімкнено нумерацію."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1831
+#: sssd.conf.5.xml:1881
 msgid "entry_cache_timeout (integer)"
 msgstr "entry_cache_timeout (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1834
+#: sssd.conf.5.xml:1884
 msgid ""
 "How many seconds should nss_sss consider entries valid before asking the "
 "backend again"
@@ -2869,7 +2912,7 @@ msgstr ""
 "надсилати повторний запит до сервера"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1838
+#: sssd.conf.5.xml:1888
 msgid ""
 "The cache expiration timestamps are stored as attributes of individual "
 "objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -2886,17 +2929,17 @@ msgstr ""
 "<manvolnum>8</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1851
+#: sssd.conf.5.xml:1901
 msgid "Default: 5400"
 msgstr "Типове значення: 5400"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1857
+#: sssd.conf.5.xml:1907
 msgid "entry_cache_user_timeout (integer)"
 msgstr "entry_cache_user_timeout (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1860
+#: sssd.conf.5.xml:1910
 msgid ""
 "How many seconds should nss_sss consider user entries valid before asking "
 "the backend again"
@@ -2905,19 +2948,19 @@ msgstr ""
 "чинними, перш ніж надсилати повторний запит до сервера"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1864 sssd.conf.5.xml:1877 sssd.conf.5.xml:1890
-#: sssd.conf.5.xml:1903 sssd.conf.5.xml:1916 sssd.conf.5.xml:1930
-#: sssd.conf.5.xml:1944
+#: sssd.conf.5.xml:1914 sssd.conf.5.xml:1927 sssd.conf.5.xml:1940
+#: sssd.conf.5.xml:1953 sssd.conf.5.xml:1966 sssd.conf.5.xml:1980
+#: sssd.conf.5.xml:1994
 msgid "Default: entry_cache_timeout"
 msgstr "Типове значення: entry_cache_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1870
+#: sssd.conf.5.xml:1920
 msgid "entry_cache_group_timeout (integer)"
 msgstr "entry_cache_group_timeout (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1873
+#: sssd.conf.5.xml:1923
 msgid ""
 "How many seconds should nss_sss consider group entries valid before asking "
 "the backend again"
@@ -2926,12 +2969,12 @@ msgstr ""
 "ніж надсилати повторний запит до сервера"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1883
+#: sssd.conf.5.xml:1933
 msgid "entry_cache_netgroup_timeout (integer)"
 msgstr "entry_cache_netgroup_timeout (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1886
+#: sssd.conf.5.xml:1936
 msgid ""
 "How many seconds should nss_sss consider netgroup entries valid before "
 "asking the backend again"
@@ -2940,12 +2983,12 @@ msgstr ""
 "чинними, перш ніж надсилати повторний запит до сервера"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1896
+#: sssd.conf.5.xml:1946
 msgid "entry_cache_service_timeout (integer)"
 msgstr "entry_cache_service_timeout (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1899
+#: sssd.conf.5.xml:1949
 msgid ""
 "How many seconds should nss_sss consider service entries valid before asking "
 "the backend again"
@@ -2954,12 +2997,12 @@ msgstr ""
 "ніж надсилати повторний запит до сервера"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1909
+#: sssd.conf.5.xml:1959
 msgid "entry_cache_sudo_timeout (integer)"
 msgstr "entry_cache_sudo_timeout (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:1962
 msgid ""
 "How many seconds should sudo consider rules valid before asking the backend "
 "again"
@@ -2968,12 +3011,12 @@ msgstr ""
 "надсилати повторний запит до сервера"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1922
+#: sssd.conf.5.xml:1972
 msgid "entry_cache_autofs_timeout (integer)"
 msgstr "entry_cache_autofs_timeout (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1925
+#: sssd.conf.5.xml:1975
 msgid ""
 "How many seconds should the autofs service consider automounter maps valid "
 "before asking the backend again"
@@ -2982,12 +3025,12 @@ msgstr ""
 "чинними, перш ніж надсилати повторний запит до сервера"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1936
+#: sssd.conf.5.xml:1986
 msgid "entry_cache_ssh_host_timeout (integer)"
 msgstr "entry_cache_ssh_host_timeout (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1939
+#: sssd.conf.5.xml:1989
 msgid ""
 "How many seconds to keep a host ssh key after refresh. IE how long to cache "
 "the host key for."
@@ -2997,12 +3040,12 @@ msgstr ""
 "вузла у кеші."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1950
+#: sssd.conf.5.xml:2000
 msgid "refresh_expired_interval (integer)"
 msgstr "refresh_expired_interval (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1953
+#: sssd.conf.5.xml:2003
 msgid ""
 "Specifies how many seconds SSSD has to wait before triggering a background "
 "refresh task which will refresh all expired or nearly expired records."
@@ -3012,7 +3055,7 @@ msgstr ""
 "вичерпано або майже вичерпано."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1958
+#: sssd.conf.5.xml:2008
 msgid ""
 "The background refresh will process users, groups and netgroups in the cache."
 msgstr ""
@@ -3020,42 +3063,42 @@ msgstr ""
 "груп та мережевих груп у кеші."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1962
+#: sssd.conf.5.xml:2012
 msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
 msgstr ""
 "Варто визначити для цього параметра значення 3/4 * entry_cache_timeout."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1966 sssd-ldap.5.xml:746 sssd-ipa.5.xml:254
+#: sssd.conf.5.xml:2016 sssd-ldap.5.xml:746 sssd-ipa.5.xml:254
 msgid "Default: 0 (disabled)"
 msgstr "Типове значення: 0 (вимкнено)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1972
+#: sssd.conf.5.xml:2022
 msgid "cache_credentials (bool)"
 msgstr "cache_credentials (булеве значення)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1975
+#: sssd.conf.5.xml:2025
 msgid "Determines if user credentials are also cached in the local LDB cache"
 msgstr ""
 "Визначає, чи слід також кешувати реєстраційні дані користувача у локальному "
 "кеші LDB"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1979
+#: sssd.conf.5.xml:2029
 msgid "User credentials are stored in a SHA512 hash, not in plaintext"
 msgstr ""
 "Реєстраційні дані користувача зберігаються у форматі хешу SHA512, а не у "
 "форматі звичайного тексту"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1989
+#: sssd.conf.5.xml:2039
 msgid "cache_credentials_minimal_first_factor_length (int)"
 msgstr "cache_credentials_minimal_first_factor_length (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1992
+#: sssd.conf.5.xml:2042
 msgid ""
 "If 2-Factor-Authentication (2FA) is used and credentials should be saved "
 "this value determines the minimal length the first authentication factor "
@@ -3067,7 +3110,7 @@ msgstr ""
 "контрольної суми SHA512 у кеші."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1999
+#: sssd.conf.5.xml:2049
 msgid ""
 "This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
 "the cache which would make them easy targets for brute-force attacks."
@@ -3077,17 +3120,17 @@ msgstr ""
 "мішенню атак із перебиранням паролів."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2004
+#: sssd.conf.5.xml:2054
 msgid "Default: 8"
 msgstr "Типове значення: 8"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2010
+#: sssd.conf.5.xml:2060
 msgid "account_cache_expiration (integer)"
 msgstr "account_cache_expiration (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2013
+#: sssd.conf.5.xml:2063
 msgid ""
 "Number of days entries are left in cache after last successful login before "
 "being removed during a cleanup of the cache. 0 means keep forever.  The "
@@ -3100,17 +3143,17 @@ msgstr ""
 "offline_credentials_expiration."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2020
+#: sssd.conf.5.xml:2070
 msgid "Default: 0 (unlimited)"
 msgstr "Типове значення: 0 (без обмежень)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2025
+#: sssd.conf.5.xml:2075
 msgid "pwd_expiration_warning (integer)"
 msgstr "pwd_expiration_warning (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2036
+#: sssd.conf.5.xml:2086
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -3123,17 +3166,17 @@ msgstr ""
 "даних розпізнавання."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2043
+#: sssd.conf.5.xml:2093
 msgid "Default: 7 (Kerberos), 0 (LDAP)"
 msgstr "Типове значення: 7 (Kerberos), 0 (LDAP)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2049
+#: sssd.conf.5.xml:2099
 msgid "id_provider (string)"
 msgstr "id_provider (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2052
+#: sssd.conf.5.xml:2102
 msgid ""
 "The identification provider used for the domain.  Supported ID providers are:"
 msgstr ""
@@ -3141,17 +3184,38 @@ msgstr ""
 "Серед підтримуваних засобів такі:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2056
-msgid "<quote>proxy</quote>: Support a legacy NSS provider"
+#: sssd.conf.5.xml:2106
+#, fuzzy
+#| msgid "<quote>proxy</quote>: Support a legacy NSS provider"
+msgid "<quote>proxy</quote>: Support a legacy NSS provider."
 msgstr "«proxy»: підтримка застарілого модуля надання даних NSS"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2059 sssd.conf.5.xml:2196
-msgid "<quote>local</quote>: SSSD internal provider for local users"
+#: sssd.conf.5.xml:2109
+#, fuzzy
+#| msgid "<quote>local</quote>: SSSD internal provider for local users"
+msgid ""
+"<quote>local</quote>: SSSD internal provider for local users (DEPRECATED)."
 msgstr "<quote>local</quote>: вбудований засіб SSSD для локальних користувачів"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2063
+#: sssd.conf.5.xml:2113
+#, fuzzy
+#| msgid ""
+#| "<quote>ldap</quote>: LDAP provider. See <citerefentry> "
+#| "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
+#| "citerefentry> for more information on configuring LDAP."
+msgid ""
+"<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-"
+"files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
+"information on how to mirror local users and groups into SSSD."
+msgstr ""
+"<quote>ldap</quote>: засіб LDAP. Докладніше про налаштовування LDAP можна "
+"дізнатися з довідки до <citerefentry> <refentrytitle>sssd-ldap</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2121
 msgid ""
 "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
 "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -3162,8 +3226,8 @@ msgstr ""
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2071 sssd.conf.5.xml:2176 sssd.conf.5.xml:2231
-#: sssd.conf.5.xml:2294
+#: sssd.conf.5.xml:2129 sssd.conf.5.xml:2234 sssd.conf.5.xml:2289
+#: sssd.conf.5.xml:2352
 msgid ""
 "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
 "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -3176,8 +3240,8 @@ msgstr ""
 "manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2080 sssd.conf.5.xml:2185 sssd.conf.5.xml:2240
-#: sssd.conf.5.xml:2303
+#: sssd.conf.5.xml:2138 sssd.conf.5.xml:2243 sssd.conf.5.xml:2298
+#: sssd.conf.5.xml:2361
 msgid ""
 "<quote>ad</quote>: Active Directory provider. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3189,12 +3253,12 @@ msgstr ""
 "citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2091
+#: sssd.conf.5.xml:2149
 msgid "use_fully_qualified_names (bool)"
 msgstr "use_fully_qualified_names (булеве значення)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2094
+#: sssd.conf.5.xml:2152
 msgid ""
 "Use the full name and domain (as formatted by the domain's full_name_format) "
 "as the user's login name reported to NSS."
@@ -3204,7 +3268,7 @@ msgstr ""
 "NSS."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2099
+#: sssd.conf.5.xml:2157
 msgid ""
 "If set to TRUE, all requests to this domain must use fully qualified names. "
 "For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -3217,7 +3281,7 @@ msgstr ""
 "не покаже користувача, а <command>getent passwd test@LOCAL</command> покаже."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2107
+#: sssd.conf.5.xml:2165
 msgid ""
 "NOTE: This option has no effect on netgroup lookups due to their tendency to "
 "include nested netgroups without qualified names. For netgroups, all domains "
@@ -3228,22 +3292,22 @@ msgstr ""
 "груп, якщо задано неповну назву, буде виконано пошук у всіх доменах."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2114
+#: sssd.conf.5.xml:2172
 msgid "Default: FALSE (TRUE if default_domain_suffix is used)"
 msgstr "Типове значення: FALSE (TRUE, якщо використано default_domain_suffix)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2120
+#: sssd.conf.5.xml:2178
 msgid "ignore_group_members (bool)"
 msgstr "ignore_group_members (булеве значення)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2123
+#: sssd.conf.5.xml:2181
 msgid "Do not return group members for group lookups."
 msgstr "Не повертати записи учасників груп для пошуків груп."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2126
+#: sssd.conf.5.xml:2184
 msgid ""
 "If set to TRUE, the group membership attribute is not requested from the "
 "ldap server, and group members are not returned when processing group lookup "
@@ -3262,7 +3326,7 @@ msgstr ""
 "$groupname</quote> поверне запитану групу так, наче вона була порожня."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2144
+#: sssd.conf.5.xml:2202
 msgid ""
 "Enabling this option can also make access provider checks for group "
 "membership significantly faster, especially for groups containing many "
@@ -3273,12 +3337,12 @@ msgstr ""
 "учасників."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2155
+#: sssd.conf.5.xml:2213
 msgid "auth_provider (string)"
 msgstr "auth_provider (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2158
+#: sssd.conf.5.xml:2216
 msgid ""
 "The authentication provider used for the domain.  Supported auth providers "
 "are:"
@@ -3287,7 +3351,7 @@ msgstr ""
 "служб розпізнавання:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2162 sssd.conf.5.xml:2224
+#: sssd.conf.5.xml:2220 sssd.conf.5.xml:2282
 msgid ""
 "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3299,7 +3363,7 @@ msgstr ""
 "citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2169
+#: sssd.conf.5.xml:2227
 msgid ""
 "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3311,18 +3375,23 @@ msgstr ""
 "citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2193
+#: sssd.conf.5.xml:2251
 msgid ""
 "<quote>proxy</quote> for relaying authentication to some other PAM target."
 msgstr "<quote>proxy</quote> — трансльоване розпізнавання у іншій системі PAM."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2200
+#: sssd.conf.5.xml:2254
+msgid "<quote>local</quote>: SSSD internal provider for local users"
+msgstr "<quote>local</quote>: вбудований засіб SSSD для локальних користувачів"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2258
 msgid "<quote>none</quote> disables authentication explicitly."
 msgstr "<quote>none</quote> — вимкнути розпізнавання повністю."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2203
+#: sssd.conf.5.xml:2261
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "authentication requests."
@@ -3331,12 +3400,12 @@ msgstr ""
 "спосіб встановлено і можлива обробка запитів щодо розпізнавання."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2209
+#: sssd.conf.5.xml:2267
 msgid "access_provider (string)"
 msgstr "access_provider (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2212
+#: sssd.conf.5.xml:2270
 msgid ""
 "The access control provider used for the domain.  There are two built-in "
 "access providers (in addition to any included in installed backends)  "
@@ -3347,7 +3416,7 @@ msgstr ""
 "Вбудованими програмами є:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2218
+#: sssd.conf.5.xml:2276
 msgid ""
 "<quote>permit</quote> always allow access. It's the only permitted access "
 "provider for a local domain."
@@ -3356,12 +3425,12 @@ msgstr ""
 "доступу для локального домену."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2221
+#: sssd.conf.5.xml:2279
 msgid "<quote>deny</quote> always deny access."
 msgstr "<quote>deny</quote> — завжди забороняти доступ."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2248
+#: sssd.conf.5.xml:2306
 msgid ""
 "<quote>simple</quote> access control based on access or deny lists. See "
 "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -3374,7 +3443,7 @@ msgstr ""
 "refentrytitle> <manvolnum>5</manvolnum></citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2255
+#: sssd.conf.5.xml:2313
 msgid ""
 "<quote>krb5</quote>: .k5login based access control.  See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
@@ -3386,24 +3455,24 @@ msgstr ""
 "manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2262
+#: sssd.conf.5.xml:2320
 msgid "<quote>proxy</quote> for relaying access control to another PAM module."
 msgstr ""
 "<quote>proxy</quote> — для трансляції керування доступом до іншого модуля "
 "PAM."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2265
+#: sssd.conf.5.xml:2323
 msgid "Default: <quote>permit</quote>"
 msgstr "Типове значення: <quote>permit</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2270
+#: sssd.conf.5.xml:2328
 msgid "chpass_provider (string)"
 msgstr "chpass_provider (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2273
+#: sssd.conf.5.xml:2331
 msgid ""
 "The provider which should handle change password operations for the domain.  "
 "Supported change password providers are:"
@@ -3412,7 +3481,7 @@ msgstr ""
 "підтримку таких систем зміни паролів:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2278
+#: sssd.conf.5.xml:2336
 msgid ""
 "<quote>ldap</quote> to change a password stored in a LDAP server. See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -3424,7 +3493,7 @@ msgstr ""
 "manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2286
+#: sssd.conf.5.xml:2344
 msgid ""
 "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3436,18 +3505,18 @@ msgstr ""
 "citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2311
+#: sssd.conf.5.xml:2369
 msgid ""
 "<quote>proxy</quote> for relaying password changes to some other PAM target."
 msgstr "<quote>proxy</quote> — трансльована зміна пароля у іншій системі PAM."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2315
+#: sssd.conf.5.xml:2373
 msgid "<quote>none</quote> disallows password changes explicitly."
 msgstr "<quote>none</quote> — явно вимкнути можливість зміни пароля."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2318
+#: sssd.conf.5.xml:2376
 msgid ""
 "Default: <quote>auth_provider</quote> is used if it is set and can handle "
 "change password requests."
@@ -3456,19 +3525,19 @@ msgstr ""
 "цього параметра і якщо система здатна обробляти запити щодо паролів."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2325
+#: sssd.conf.5.xml:2383
 msgid "sudo_provider (string)"
 msgstr "sudo_provider (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2328
+#: sssd.conf.5.xml:2386
 msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
 msgstr ""
 "Служба SUDO, яку використано для цього домену. Серед підтримуваних служб "
 "SUDO:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2332
+#: sssd.conf.5.xml:2390
 msgid ""
 "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3480,7 +3549,7 @@ msgstr ""
 "citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2340
+#: sssd.conf.5.xml:2398
 msgid ""
 "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
 "settings."
@@ -3489,7 +3558,7 @@ msgstr ""
 "параметрами IPA."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2344
+#: sssd.conf.5.xml:2402
 msgid ""
 "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
 "settings."
@@ -3498,20 +3567,20 @@ msgstr ""
 "параметрами AD."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2348
+#: sssd.conf.5.xml:2406
 msgid "<quote>none</quote> disables SUDO explicitly."
 msgstr "<quote>none</quote> явним чином вимикає SUDO."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2351 sssd.conf.5.xml:2437 sssd.conf.5.xml:2507
-#: sssd.conf.5.xml:2532
+#: sssd.conf.5.xml:2409 sssd.conf.5.xml:2495 sssd.conf.5.xml:2565
+#: sssd.conf.5.xml:2590
 msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
 msgstr ""
 "Типове значення: використовується значення <quote>id_provider</quote>, якщо "
 "його встановлено."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2355
+#: sssd.conf.5.xml:2413
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -3530,21 +3599,26 @@ msgstr ""
 "citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2370
+#: sssd.conf.5.xml:2428
 msgid ""
 "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the "
 "background unless the sudo provider is explicitly disabled. Set "
 "<emphasis>sudo_provider = None</emphasis> to disable all sudo-related "
 "activity in SSSD if you do not want to use sudo with SSSD at all."
 msgstr ""
+"<emphasis>Зауваження:</emphasis> правила sudo періодично отримуються у "
+"фоновому режимі, якщо постачальник даних sudo не вимкнено явним чином. "
+"Встановіть значення <emphasis>sudo_provider = None</emphasis>, щоб вимкнути "
+"усі дії, пов'язані із sudo у SSSD, якщо ви взагалі не хочете використовувати "
+"sudo у SSSD."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2380
+#: sssd.conf.5.xml:2438
 msgid "selinux_provider (string)"
 msgstr "selinux_provider (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2383
+#: sssd.conf.5.xml:2441
 msgid ""
 "The provider which should handle loading of selinux settings. Note that this "
 "provider will be called right after access provider ends.  Supported selinux "
@@ -3555,7 +3629,7 @@ msgstr ""
 "доступу. Передбачено підтримку таких засобів надання даних SELinux:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2389
+#: sssd.conf.5.xml:2447
 msgid ""
 "<quote>ipa</quote> to load selinux settings from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -3567,14 +3641,14 @@ msgstr ""
 "manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2397
+#: sssd.conf.5.xml:2455
 msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
 msgstr ""
 "<quote>none</quote> явним чином забороняє отримання даних щодо параметрів "
 "SELinux."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2400
+#: sssd.conf.5.xml:2458
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "selinux loading requests."
@@ -3583,12 +3657,12 @@ msgstr ""
 "спосіб встановлено і можлива обробка запитів щодо завантаження SELinux."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2406
+#: sssd.conf.5.xml:2464
 msgid "subdomains_provider (string)"
 msgstr "subdomains_provider (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2409
+#: sssd.conf.5.xml:2467
 msgid ""
 "The provider which should handle fetching of subdomains. This value should "
 "be always the same as id_provider.  Supported subdomain providers are:"
@@ -3598,7 +3672,7 @@ msgstr ""
 "підтримку таких засобів надання даних піддоменів:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2415
+#: sssd.conf.5.xml:2473
 msgid ""
 "<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -3610,7 +3684,7 @@ msgstr ""
 "manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2424
+#: sssd.conf.5.xml:2482
 msgid ""
 "<quote>ad</quote> to load a list of subdomains from an Active Directory "
 "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -3623,63 +3697,68 @@ msgstr ""
 "налаштовування засобу надання даних AD."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2433
+#: sssd.conf.5.xml:2491
 msgid "<quote>none</quote> disallows fetching subdomains explicitly."
 msgstr "<quote>none</quote> забороняє ячним чином отримання даних піддоменів."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2443
-#, fuzzy
-#| msgid "selinux_provider (string)"
+#: sssd.conf.5.xml:2501
 msgid "session_provider (string)"
-msgstr "selinux_provider (рядок)"
+msgstr "session_provider (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2446
+#: sssd.conf.5.xml:2504
 msgid ""
 "The provider which configures and manages user session related tasks. The "
 "only user session task currently provided is the integration with Fleet "
 "Commander, which works only with IPA.  Supported session providers are:"
 msgstr ""
+"Постачальник даних, який налаштовує завдання, пов'язані із сеансами "
+"користувачів, і керує ними. Єдиним завданням сеансів користувача у поточній "
+"версії є інтеграція із Fleet Commander, який працює лише з IPA. Підтримувані "
+"постачальники даних сеансів:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2453
+#: sssd.conf.5.xml:2511
 msgid "<quote>ipa</quote> to allow performing user session related tasks."
 msgstr ""
+"<quote>ipa</quote>, щоб дозволити пов'язані із сеансами користувачів "
+"завдання."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2457
+#: sssd.conf.5.xml:2515
 msgid ""
 "<quote>none</quote> does not perform any kind of user session related tasks."
 msgstr ""
+"<quote>none</quote> — не виконувати жодних пов'язаних із сеансами "
+"користувачів завдань."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2461
-#, fuzzy
-#| msgid ""
-#| "Default: <quote>id_provider</quote> is used if it is set and can handle "
-#| "selinux loading requests."
+#: sssd.conf.5.xml:2519
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can perform "
 "session related tasks."
 msgstr ""
-"Типове значення: буде використано <quote>id_provider</quote>, якщо цей "
-"спосіб встановлено і можлива обробка запитів щодо завантаження SELinux."
+"Типове значення: використовується значення <quote>id_provider</quote>, якщо "
+"його встановлено і дозволено виконувати пов'язані із сеансами завдання."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2465
+#: sssd.conf.5.xml:2523
 msgid ""
 "<emphasis>NOTE:</emphasis> In order to have this feature working as expected "
 "SSSD must be running as \"root\" and not as the unprivileged user."
 msgstr ""
+"<emphasis>Зауваження:</emphasis> щоб ця можливість працювала як слід, SSSD "
+"має бути запущено від імені користувача root, а не якогось іншого "
+"непривілейованого користувача."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2473
+#: sssd.conf.5.xml:2531
 msgid "autofs_provider (string)"
 msgstr "autofs_provider (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2476
+#: sssd.conf.5.xml:2534
 msgid ""
 "The autofs provider used for the domain.  Supported autofs providers are:"
 msgstr ""
@@ -3687,7 +3766,7 @@ msgstr ""
 "autofs:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2480
+#: sssd.conf.5.xml:2538
 msgid ""
 "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3699,7 +3778,7 @@ msgstr ""
 "citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2487
+#: sssd.conf.5.xml:2545
 msgid ""
 "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
 "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3711,7 +3790,7 @@ msgstr ""
 "manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2495
+#: sssd.conf.5.xml:2553
 msgid ""
 "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3723,17 +3802,17 @@ msgstr ""
 "надання даних AD."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2504
+#: sssd.conf.5.xml:2562
 msgid "<quote>none</quote> disables autofs explicitly."
 msgstr "<quote>none</quote> вимикає autofs повністю."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2514
+#: sssd.conf.5.xml:2572
 msgid "hostid_provider (string)"
 msgstr "hostid_provider (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2517
+#: sssd.conf.5.xml:2575
 msgid ""
 "The provider used for retrieving host identity information.  Supported "
 "hostid providers are:"
@@ -3742,7 +3821,7 @@ msgstr ""
 "вузла. Серед підтримуваних засобів надання hostid:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2521
+#: sssd.conf.5.xml:2579
 msgid ""
 "<quote>ipa</quote> to load host identity stored in an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -3754,12 +3833,12 @@ msgstr ""
 "manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2529
+#: sssd.conf.5.xml:2587
 msgid "<quote>none</quote> disables hostid explicitly."
 msgstr "<quote>none</quote> вимикає hostid повністю."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2542
+#: sssd.conf.5.xml:2600
 msgid ""
 "Regular expression for this domain that describes how to parse the string "
 "containing user name and domain into these components.  The \"domain\" can "
@@ -3773,7 +3852,7 @@ msgstr ""
 "IPA та доменів Active Directory, простій назві (NetBIOS) домену."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2551
+#: sssd.conf.5.xml:2609
 msgid ""
 "Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
 "\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -3786,22 +3865,22 @@ msgstr ""
 "різні стилі запису імен користувачів:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2556
+#: sssd.conf.5.xml:2614
 msgid "username"
 msgstr "користувач"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2559
+#: sssd.conf.5.xml:2617
 msgid "username@domain.name"
 msgstr "користувач@назва.домену"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2562
+#: sssd.conf.5.xml:2620
 msgid "domain\\username"
 msgstr "домен\\користувач"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2565
+#: sssd.conf.5.xml:2623
 msgid ""
 "While the first two correspond to the general default the third one is "
 "introduced to allow easy integration of users from Windows domains."
@@ -3810,7 +3889,7 @@ msgstr ""
 "того, щоб полегшити інтеграцію користувачів з доменів Windows."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2570
+#: sssd.conf.5.xml:2628
 msgid ""
 "Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
 "which translates to \"the name is everything up to the <quote>@</quote> "
@@ -3821,7 +3900,7 @@ msgstr ""
 "домену — все після цього символу."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2576
+#: sssd.conf.5.xml:2634
 msgid ""
 "PLEASE NOTE: the support for non-unique named subpatterns is not available "
 "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -3833,7 +3912,7 @@ msgstr ""
 "платформах з версією libpcre 7."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2583
+#: sssd.conf.5.xml:2641
 msgid ""
 "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
 "P&lt;name&gt;) to label subpatterns."
@@ -3843,17 +3922,17 @@ msgstr ""
 "підшаблонів."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2630
+#: sssd.conf.5.xml:2688
 msgid "Default: <quote>%1$s@%2$s</quote>."
 msgstr "Типове значення: <quote>%1$s@%2$s</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2636
+#: sssd.conf.5.xml:2694
 msgid "lookup_family_order (string)"
 msgstr "lookup_family_order (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2639
+#: sssd.conf.5.xml:2697
 msgid ""
 "Provides the ability to select preferred address family to use when "
 "performing DNS lookups."
@@ -3862,83 +3941,81 @@ msgstr ""
 "під час виконання пошуків у DNS."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2643
+#: sssd.conf.5.xml:2701
 msgid "Supported values:"
 msgstr "Передбачено підтримку таких значень:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2646
+#: sssd.conf.5.xml:2704
 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
 msgstr ""
 "ipv4_first: спробувати визначити адресу у форматі IPv4, у разі невдачі "
 "спробувати формат IPv6"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2649
+#: sssd.conf.5.xml:2707
 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
 msgstr ""
 "ipv4_only: намагатися визначити назви вузлів лише у форматі адрес IPv4."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2652
+#: sssd.conf.5.xml:2710
 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
 msgstr ""
 "ipv6_first: спробувати визначити адресу у форматі IPv6, у разі невдачі "
 "спробувати формат IPv4"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2655
+#: sssd.conf.5.xml:2713
 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
 msgstr ""
 "ipv6_only: намагатися визначити назви вузлів лише у форматі адрес IPv6."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2658
+#: sssd.conf.5.xml:2716
 msgid "Default: ipv4_first"
 msgstr "Типове значення: ipv4_first"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2664
+#: sssd.conf.5.xml:2722
 msgid "dns_resolver_timeout (integer)"
 msgstr "dns_resolver_timeout (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2667
-#, fuzzy
-#| msgid ""
-#| "Defines the amount of time (in seconds) to wait for a reply from the DNS "
-#| "resolver before assuming that it is unreachable. If this timeout is "
-#| "reached, the domain will continue to operate in offline mode."
+#: sssd.conf.5.xml:2725
 msgid ""
 "Defines the amount of time (in seconds) to wait for a reply from the "
 "internal fail over service before assuming that the service is unreachable. "
 "If this timeout is reached, the domain will continue to operate in offline "
 "mode."
 msgstr ""
-"Визначає кількість часу (у секундах) очікування відповіді від засобу "
-"визначення адрес DNS, перш ніж засіб буде визначено недоступним. Якщо час "
-"очікування буде перевищено, домен продовжуватиме роботу у автономному режимі."
+"Визначає кількість часу (у секундах) очікування відповіді від внутрішньої "
+"служби перемикання на резервний ресурс, перш ніж службу буде визначено "
+"недоступним. Якщо час очікування буде перевищено, домен продовжуватиме "
+"роботу у автономному режимі."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2674
+#: sssd.conf.5.xml:2732
 msgid ""
 "Please see the section <quote>FAILOVER</quote> for more information about "
 "the service resolution."
 msgstr ""
+"Будь ласка, ознайомтеся із розділом <quote>РЕЗЕРВ</quote>, щоб дізнатися "
+"більше про розв'язування питань, пов'язаних із службами."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2679 sssd-ldap.5.xml:1396 sssd-ldap.5.xml:1438
+#: sssd.conf.5.xml:2737 sssd-ldap.5.xml:1396 sssd-ldap.5.xml:1438
 #: sssd-ldap.5.xml:1456 sssd-krb5.5.xml:248
 msgid "Default: 6"
 msgstr "Типове значення: 6"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2685
+#: sssd.conf.5.xml:2743
 msgid "dns_discovery_domain (string)"
 msgstr "dns_discovery_domain (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2688
+#: sssd.conf.5.xml:2746
 msgid ""
 "If service discovery is used in the back end, specifies the domain part of "
 "the service discovery DNS query."
@@ -3947,54 +4024,54 @@ msgstr ""
 "частину запиту визначення служб DNS."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2692
+#: sssd.conf.5.xml:2750
 msgid "Default: Use the domain part of machine's hostname"
 msgstr ""
 "Типова поведінка: використовувати назву домену з назви вузла комп’ютера."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2698
+#: sssd.conf.5.xml:2756
 msgid "override_gid (integer)"
 msgstr "override_gid (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2701
+#: sssd.conf.5.xml:2759
 msgid "Override the primary GID value with the one specified."
 msgstr "Замірити значення основного GID на вказане."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2707
+#: sssd.conf.5.xml:2765
 msgid "case_sensitive (string)"
 msgstr "case_sensitive (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2715
+#: sssd.conf.5.xml:2773
 msgid "True"
 msgstr "True"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2718
+#: sssd.conf.5.xml:2776
 msgid "Case sensitive. This value is invalid for AD provider."
 msgstr ""
 "Враховується регістр. Це значення є некоректним для засобу надання даних AD."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2724
+#: sssd.conf.5.xml:2782
 msgid "False"
 msgstr "False"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2726
+#: sssd.conf.5.xml:2784
 msgid "Case insensitive."
 msgstr "Без врахування регістру."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2730
+#: sssd.conf.5.xml:2788
 msgid "Preserving"
 msgstr "Preserving"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2733
+#: sssd.conf.5.xml:2791
 msgid ""
 "Same as False (case insensitive), but does not lowercase names in the result "
 "of NSS operations. Note that name aliases (and in case of services also "
@@ -4006,7 +4083,7 @@ msgstr ""
 "буде переведено у нижній регістр."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2710
+#: sssd.conf.5.xml:2768
 msgid ""
 "Treat user and group names as case sensitive. At the moment, this option is "
 "not supported in the local provider. Possible option values are: "
@@ -4017,17 +4094,17 @@ msgstr ""
 "значення параметра: <placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2745
+#: sssd.conf.5.xml:2803
 msgid "Default: True (False for AD provider)"
 msgstr "Типове значення: True (False для засобу надання даних AD)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2751
+#: sssd.conf.5.xml:2809
 msgid "subdomain_inherit (string)"
 msgstr "subdomain_inherit (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2754
+#: sssd.conf.5.xml:2812
 msgid ""
 "Specifies a list of configuration parameters that should be inherited by a "
 "subdomain. Please note that only selected parameters can be inherited.  "
@@ -4039,27 +4116,27 @@ msgstr ""
 "параметрів:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2760
+#: sssd.conf.5.xml:2818
 msgid "ignore_group_members"
 msgstr "ignore_group_members"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2763
+#: sssd.conf.5.xml:2821
 msgid "ldap_purge_cache_timeout"
 msgstr "ldap_purge_cache_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2766 sssd-ldap.5.xml:1120
+#: sssd.conf.5.xml:2824 sssd-ldap.5.xml:1120
 msgid "ldap_use_tokengroups"
 msgstr "ldap_use_tokengroups"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2769
+#: sssd.conf.5.xml:2827
 msgid "ldap_user_principal"
 msgstr "ldap_user_principal"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2772
+#: sssd.conf.5.xml:2830
 msgid ""
 "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
 "is not set explicitly)"
@@ -4068,7 +4145,7 @@ msgstr ""
 "ldap_krb5_keytab не встановлено явним чином)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:2778
+#: sssd.conf.5.xml:2836
 #, no-wrap
 msgid ""
 "subdomain_inherit = ldap_purge_cache_timeout\n"
@@ -4078,33 +4155,33 @@ msgstr ""
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2776 sssd-secrets.5.xml:448
+#: sssd.conf.5.xml:2834 sssd-secrets.5.xml:448
 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr "Приклад: <placeholder type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2785
+#: sssd.conf.5.xml:2843
 msgid "Note: This option only works with the IPA and AD provider."
 msgstr ""
 "Зауваження: цей параметр працює лише для засобів надання даних IPA і AD."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2792
+#: sssd.conf.5.xml:2850
 msgid "subdomain_homedir (string)"
 msgstr "subdomain_homedir (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2803
+#: sssd.conf.5.xml:2861
 msgid "%F"
 msgstr "%F"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2804
+#: sssd.conf.5.xml:2862
 msgid "flat (NetBIOS) name of a subdomain."
 msgstr "спрощена (NetBIOS) назва піддомену."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2795
+#: sssd.conf.5.xml:2853
 msgid ""
 "Use this homedir as default value for all subdomains within this domain in "
 "IPA AD trust.  See <emphasis>override_homedir</emphasis> for info about "
@@ -4119,7 +4196,7 @@ msgstr ""
 "emphasis>.  <placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2809
+#: sssd.conf.5.xml:2867
 msgid ""
 "The value can be overridden by <emphasis>override_homedir</emphasis> option."
 msgstr ""
@@ -4127,17 +4204,17 @@ msgstr ""
 "emphasis>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2813
+#: sssd.conf.5.xml:2871
 msgid "Default: <filename>/home/%d/%u</filename>"
 msgstr "Типове значення: <filename>/home/%d/%u</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2818
+#: sssd.conf.5.xml:2876
 msgid "realmd_tags (string)"
 msgstr "realmd_tags (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2821
+#: sssd.conf.5.xml:2879
 msgid ""
 "Various tags stored by the realmd configuration service for this domain."
 msgstr ""
@@ -4145,12 +4222,12 @@ msgstr ""
 "домену."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2827
+#: sssd.conf.5.xml:2885
 msgid "cached_auth_timeout (int)"
 msgstr "cached_auth_timeout (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2830
+#: sssd.conf.5.xml:2888
 msgid ""
 "Specifies time in seconds since last successful online authentication for "
 "which user will be authenticated using cached credentials while SSSD is in "
@@ -4161,12 +4238,12 @@ msgstr ""
 "реєстраційних даних, доки SSSD перебуває у режимі «у мережі»."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2836
+#: sssd.conf.5.xml:2894
 msgid "Special value 0 implies that this feature is disabled."
 msgstr "Спеціальне значення 0 означає, що цю можливість вимкнено."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2840
+#: sssd.conf.5.xml:2898
 msgid ""
 "Please note that if <quote>cached_auth_timeout</quote> is longer than "
 "<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -4177,45 +4254,55 @@ msgstr ""
 "обробки <quote>initgroups</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2851
-#, fuzzy
-#| msgid "ldap_user_primary_group (string)"
+#: sssd.conf.5.xml:2909
 msgid "auto_private_groups (string)"
-msgstr "ldap_user_primary_group (рядок)"
+msgstr "auto_private_groups (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2854
+#: sssd.conf.5.xml:2912
 msgid ""
 "If this option is enabled, SSSD will automatically create user private "
 "groups based on user's UID number. The GID number is ignored in this case."
 msgstr ""
+"Якщо увімкнено цей параметр, SSSD автоматично створюватиме приватні групи "
+"користувачів на основі номера UID користувача. Номер GID у цьому випадку "
+"ігноруватиметься."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2859
+#: sssd.conf.5.xml:2917
 msgid ""
 "For POSIX subdomains, setting the option in the main domain is inherited in "
 "the subdomain."
 msgstr ""
+"Для піддоменів POSIX встановлення для цього параметра значення головного "
+"домену успадковується у піддомені."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2863
+#: sssd.conf.5.xml:2921
 msgid ""
 "For ID-mapping subdomains, auto_private_groups is already enabled for the "
 "subdomains and setting it to false will not have any effect for the "
 "subdomain."
 msgstr ""
+"Для піддоменів із прив'язкою за ідентифікатором auto_private_groups вже "
+"увімкнено для піддоменів, встановлення для нього значення false ніяк не "
+"впливатиме на піддомен."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2868
+#: sssd.conf.5.xml:2926
 msgid ""
 "NOTE: Because the GID number and the user private group are inferred from "
 "the UID number, it is not supported to have multiple entries with the same "
 "UID or GID number with this option. In other words, enabling this option "
 "enforces uniqueness across the ID space."
 msgstr ""
+"Зауваження: оскільки номер GID і приватна група користувача успадковуються з "
+"номера UID, підтримки декількох записів із однаковим номером UID або GID у "
+"цьому параметрі не передбачено. Іншими словами, вмикання цього параметра "
+"примусово встановлює унікальність записів у просторі ідентифікаторів."
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1677
+#: sssd.conf.5.xml:1727
 msgid ""
 "These configuration options can be present in a domain configuration "
 "section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -4226,17 +4313,17 @@ msgstr ""
 "quote> <placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2887
+#: sssd.conf.5.xml:2945
 msgid "proxy_pam_target (string)"
 msgstr "proxy_pam_target (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2890
+#: sssd.conf.5.xml:2948
 msgid "The proxy target PAM proxies to."
 msgstr "Комп’ютер, для якого виконує проксі-сервер PAM."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2893
+#: sssd.conf.5.xml:2951
 msgid ""
 "Default: not set by default, you have to take an existing pam configuration "
 "or create a new one and add the service name here."
@@ -4245,12 +4332,12 @@ msgstr ""
 "налаштуваннями pam або створити нові і тут додати назву служби."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2901
+#: sssd.conf.5.xml:2959
 msgid "proxy_lib_name (string)"
 msgstr "proxy_lib_name (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2904
+#: sssd.conf.5.xml:2962
 msgid ""
 "The name of the NSS library to use in proxy domains. The NSS functions "
 "searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -4261,12 +4348,12 @@ msgstr ""
 "наприклад _nss_files_getpwent."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2914
+#: sssd.conf.5.xml:2972
 msgid "proxy_fast_alias (boolean)"
 msgstr "proxy_fast_alias (булеве значення)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2917
+#: sssd.conf.5.xml:2975
 msgid ""
 "When a user or group is looked up by name in the proxy provider, a second "
 "lookup by ID is performed to \"canonicalize\" the name in case the requested "
@@ -4281,12 +4368,12 @@ msgstr ""
 "у кеші, щоб пришвидшити надання результатів."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2931
+#: sssd.conf.5.xml:2989
 msgid "proxy_max_children (integer)"
 msgstr "proxy_max_children (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2934
+#: sssd.conf.5.xml:2992
 msgid ""
 "This option specifies the number of pre-forked proxy children. It is useful "
 "for high-load SSSD environments where sssd may run out of available child "
@@ -4298,7 +4385,7 @@ msgstr ""
 "використання черги запитів."
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2883
+#: sssd.conf.5.xml:2941
 msgid ""
 "Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
 "\"0\"/>"
@@ -4307,12 +4394,12 @@ msgstr ""
 "\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2950
+#: sssd.conf.5.xml:3008
 msgid "Application domains"
 msgstr "Домени програм (application)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2952
+#: sssd.conf.5.xml:3010
 msgid ""
 "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</"
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to "
@@ -4340,7 +4427,7 @@ msgstr ""
 "який може успадковувати параметр з традиційного домену SSSD."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2972
+#: sssd.conf.5.xml:3030
 msgid ""
 "Please note that the application domain must still be explicitly enabled in "
 "the <quote>domains</quote> parameter so that the lookup order between the "
@@ -4351,17 +4438,17 @@ msgstr ""
 "його доменом-близнюком у POSIX має бути встановлено належним чином."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:2978
+#: sssd.conf.5.xml:3036
 msgid "Application domain parameters"
 msgstr "Параметри доменів програм"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2980
+#: sssd.conf.5.xml:3038
 msgid "inherit_from (string)"
 msgstr "inherit_from (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2983
+#: sssd.conf.5.xml:3041
 msgid ""
 "The SSSD POSIX-type domain the application domain inherits all settings "
 "from. The application domain can moreover add its own settings to the "
@@ -4373,15 +4460,7 @@ msgstr ""
 "розширюють або перевизначають параметри домену-<quote>близнюка</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2997
-#, fuzzy
-#| msgid ""
-#| "The following example illustrates the use of an application domain. In "
-#| "this setup, the POSIX domain is connected to an LDAP server and is used "
-#| "by the OS through the NSS responder. In addition, the application domains "
-#| "also requests the telephoneNumber attribute, stores it as the phone "
-#| "attribute in the cache and makes the phone attribute reachable through "
-#| "the D-Bus interface."
+#: sssd.conf.5.xml:3055
 msgid ""
 "The following example illustrates the use of an application domain. In this "
 "setup, the POSIX domain is connected to an LDAP server and is used by the OS "
@@ -4396,7 +4475,7 @@ msgstr ""
 "у кеші і робить атрибут phone доступним через інтерфейс D-Bus."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting>
-#: sssd.conf.5.xml:3005
+#: sssd.conf.5.xml:3063
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -4430,12 +4509,12 @@ msgstr ""
 "ldap_user_extra_attrs = phone:telephoneNumber\n"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:3023
+#: sssd.conf.5.xml:3081
 msgid "The local domain section"
 msgstr "Розділ локального домену"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:3025
+#: sssd.conf.5.xml:3083
 msgid ""
 "This section contains settings for domain that stores users and groups in "
 "SSSD native database, that is, a domain that uses "
@@ -4446,29 +4525,29 @@ msgstr ""
 "використовує <replaceable>id_provider=local</replaceable>."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3032
+#: sssd.conf.5.xml:3090
 msgid "default_shell (string)"
 msgstr "default_shell (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3035
+#: sssd.conf.5.xml:3093
 msgid "The default shell for users created with SSSD userspace tools."
 msgstr ""
 "Типова оболонка для записів користувачів, створених за допомогою "
 "інструментів простору користувачів SSSD."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3039
+#: sssd.conf.5.xml:3097
 msgid "Default: <filename>/bin/bash</filename>"
 msgstr "Типове значення: <filename>/bin/bash</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3044
+#: sssd.conf.5.xml:3102
 msgid "base_directory (string)"
 msgstr "base_directory (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3047
+#: sssd.conf.5.xml:3105
 msgid ""
 "The tools append the login name to <replaceable>base_directory</replaceable> "
 "and use that as the home directory."
@@ -4477,17 +4556,17 @@ msgstr ""
 "replaceable> і використовують отриману адресу як адресу домашнього каталогу."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3052
+#: sssd.conf.5.xml:3110
 msgid "Default: <filename>/home</filename>"
 msgstr "Типове значення: <filename>/home</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3057
+#: sssd.conf.5.xml:3115
 msgid "create_homedir (bool)"
 msgstr "create_homedir (булеве значення)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3060
+#: sssd.conf.5.xml:3118
 msgid ""
 "Indicate if a home directory should be created by default for new users.  "
 "Can be overridden on command line."
@@ -4496,17 +4575,17 @@ msgstr ""
 "Може бути перевизначено з командного рядка."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3064 sssd.conf.5.xml:3076
+#: sssd.conf.5.xml:3122 sssd.conf.5.xml:3134
 msgid "Default: TRUE"
 msgstr "Типове значення: TRUE"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3069
+#: sssd.conf.5.xml:3127
 msgid "remove_homedir (bool)"
 msgstr "remove_homedir (булівське значення)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3072
+#: sssd.conf.5.xml:3130
 msgid ""
 "Indicate if a home directory should be removed by default for deleted "
 "users.  Can be overridden on command line."
@@ -4515,12 +4594,12 @@ msgstr ""
 "користувачів. Може бути перевизначено з командного рядка."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3081
+#: sssd.conf.5.xml:3139
 msgid "homedir_umask (integer)"
 msgstr "homedir_umask (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3084
+#: sssd.conf.5.xml:3142
 msgid ""
 "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
 "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -4531,17 +4610,17 @@ msgstr ""
 "до щойно створеного домашнього каталогу."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3092
+#: sssd.conf.5.xml:3150
 msgid "Default: 077"
 msgstr "Типове значення: 077"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3097
+#: sssd.conf.5.xml:3155
 msgid "skel_dir (string)"
 msgstr "skel_dir (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3100
+#: sssd.conf.5.xml:3158
 msgid ""
 "The skeleton directory, which contains files and directories to be copied in "
 "the user's home directory, when the home directory is created by "
@@ -4554,17 +4633,17 @@ msgstr ""
 "<manvolnum>8</manvolnum> </citerefentry>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3110
+#: sssd.conf.5.xml:3168
 msgid "Default: <filename>/etc/skel</filename>"
 msgstr "Типове значення: <filename>/etc/skel</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3115
+#: sssd.conf.5.xml:3173
 msgid "mail_dir (string)"
 msgstr "mail_dir (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3118
+#: sssd.conf.5.xml:3176
 msgid ""
 "The mail spool directory. This is needed to manipulate the mailbox when its "
 "corresponding user account is modified or deleted.  If not specified, a "
@@ -4575,17 +4654,17 @@ msgstr ""
 "каталог не вказано, буде використано типове значення."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3125
+#: sssd.conf.5.xml:3183
 msgid "Default: <filename>/var/mail</filename>"
 msgstr "Типове значення: <filename>/var/mail</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3130
+#: sssd.conf.5.xml:3188
 msgid "userdel_cmd (string)"
 msgstr "userdel_cmd (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3133
+#: sssd.conf.5.xml:3191
 msgid ""
 "The command that is run after a user is removed.  The command us passed the "
 "username of the user being removed as the first and only parameter. The "
@@ -4596,24 +4675,17 @@ msgstr ""
 "вилучається. Код виконання, повернутий програмою не обробляється."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3139
+#: sssd.conf.5.xml:3197
 msgid "Default: None, no command is run"
 msgstr "Типове значення: None, не виконувати жодних команд"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:3149
+#: sssd.conf.5.xml:3207
 msgid "TRUSTED DOMAIN SECTION"
 msgstr "РОЗДІЛ ДОВІРЕНИХ ДОМЕНІВ"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3151
-#, fuzzy
-#| msgid ""
-#| "Some options used in the domain section can also be used in the trusted "
-#| "domain section, that is, in a section called <quote>[domain/"
-#| "<replaceable>DOMAIN_NAME</replaceable>/<replaceable>TRUSTED_DOMAIN_NAME</"
-#| "replaceable>]</quote>.  Currently supported options in the trusted domain "
-#| "section are:"
+#: sssd.conf.5.xml:3209
 msgid ""
 "Some options used in the domain section can also be used in the trusted "
 "domain section, that is, in a section called <quote>[domain/"
@@ -4625,57 +4697,58 @@ msgstr ""
 "Деякі параметри, які використовуються у розділі домену, можна також "
 "використовувати у розділі довіреного домену, тобто у розділі, який "
 "називається <quote>[domain/<replaceable>НАЗВА_ДОМЕНУ</replaceable>/"
-"<replaceable>НАЗВА_ДОВІРЕНОГО_ДОМЕНУ</replaceable>]</quote>. У поточній "
-"версії підтримуваними параметрами у розділі довіреного домену є такі "
-"параметри:"
+"<replaceable>НАЗВА_ДОВІРЕНОГО_ДОМЕНУ</replaceable>]</quote>. Де НАЗВА_ДОМЕНУ "
+"є справжнім базовим доменом для долучення. Приклади наведено нижче. У "
+"поточній версії підтримуваними параметрами у розділі довіреного домену є "
+"такі параметри:"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3158
+#: sssd.conf.5.xml:3216
 msgid "ldap_search_base,"
 msgstr "ldap_search_base,"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3159
+#: sssd.conf.5.xml:3217
 msgid "ldap_user_search_base,"
 msgstr "ldap_user_search_base,"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3160
+#: sssd.conf.5.xml:3218
 msgid "ldap_group_search_base,"
 msgstr "ldap_group_search_base,"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3161
+#: sssd.conf.5.xml:3219
 msgid "ldap_netgroup_search_base,"
 msgstr "ldap_netgroup_search_base,"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3162
+#: sssd.conf.5.xml:3220
 msgid "ldap_service_search_base,"
 msgstr "ldap_service_search_base,"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3163
+#: sssd.conf.5.xml:3221
 msgid "ad_server,"
 msgstr "ad_server,"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3164
+#: sssd.conf.5.xml:3222
 msgid "ad_backup_server,"
 msgstr "ad_backup_server,"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3165
+#: sssd.conf.5.xml:3223
 msgid "ad_site,"
 msgstr "ad_site,"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3166
+#: sssd.conf.5.xml:3224
 msgid "use_fully_qualified_names"
 msgstr "use_fully_qualified_names"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3168
+#: sssd.conf.5.xml:3226
 msgid ""
 "For more details about these options see their individual description in the "
 "manual page."
@@ -4684,12 +4757,12 @@ msgstr ""
 "підручника."
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:3174 idmap_sss.8.xml:43
+#: sssd.conf.5.xml:3232 idmap_sss.8.xml:43
 msgid "EXAMPLES"
 msgstr "ПРИКЛАДИ"
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:3180
+#: sssd.conf.5.xml:3238
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -4743,33 +4816,30 @@ msgstr ""
 "enumerate = False\n"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3176
-#, fuzzy
-#| msgid ""
-#| "The following example shows a typical SSSD config. It does not describe "
-#| "configuration of the domains themselves - refer to documentation on "
-#| "configuring domains for more details.  <placeholder type=\"programlisting"
-#| "\" id=\"0\"/>"
+#: sssd.conf.5.xml:3234
 msgid ""
 "1. The following example shows a typical SSSD config. It does not describe "
 "configuration of the domains themselves - refer to documentation on "
 "configuring domains for more details.  <placeholder type=\"programlisting\" "
 "id=\"0\"/>"
 msgstr ""
-"Нижче наведено приклад типових налаштувань SSSD. Налаштування самого домену "
-"не наведено, — щоб дізнатися більше про неї, ознайомтеся з документацією "
-"щодо налаштовування доменів.  <placeholder type=\"programlisting\" id=\"0\"/>"
+"1. Нижче наведено приклад типових налаштувань SSSD. Налаштування самого "
+"домену не наведено, — щоб дізнатися більше про неї, ознайомтеся з "
+"документацією щодо налаштовування доменів.  <placeholder type="
+"\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:3213
+#: sssd.conf.5.xml:3271
 #, no-wrap
 msgid ""
 "[domain/ipa.com/child.ad.com]\n"
 "use_fully_qualified_names = false\n"
 msgstr ""
+"[domain/ipa.com/child.ad.com]\n"
+"use_fully_qualified_names = false\n"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3207
+#: sssd.conf.5.xml:3265
 msgid ""
 "2. The following example shows configuration of IPA AD trust where the AD "
 "forest consists of two domains in a parent-child structure.  Suppose IPA "
@@ -4778,6 +4848,12 @@ msgid ""
 "configuration should be used.  <placeholder type=\"programlisting\" id=\"0\"/"
 ">"
 msgstr ""
+"2. У наведеному нижче прикладі показано налаштування довіри AD у IPA, де ліс "
+"AD складається з двох доменів у структурі батьківський-дочірній. Нехай домен "
+"IPA (ipa.com) має стосунки довіри з доменом AD (ad.com). ad.com має дочірній "
+"домен (child.ad.com). Щоб увімкнути скорочені назви у дочірньому домені, "
+"слід скористатися наведеними нижче налаштуваннями. <placeholder type="
+"\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16
@@ -4832,7 +4908,7 @@ msgstr ""
 "більше про використання LDAP, як засобу керування доступом."
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:81 sssd-ad.5.xml:112
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:81 sssd-ad.5.xml:115
 #: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44 sssd-files.5.xml:57
 #: sssd-secrets.5.xml:120 sssd-session-recording.5.xml:58 sssd-kcm.8.xml:139
 msgid "CONFIGURATION OPTIONS"
@@ -4953,7 +5029,7 @@ msgstr ""
 "специфікації http://www.ietf.org/rfc/rfc2254.txt"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:662 sssd-ad.5.xml:283
+#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:662 sssd-ad.5.xml:286
 #: sss_override.8.xml:137 sss_override.8.xml:234
 msgid "Examples:"
 msgstr "Приклади:"
@@ -5880,62 +5956,44 @@ msgstr "Типове значення: host"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:833
-#, fuzzy
-#| msgid "ldap_user_authorized_host (string)"
 msgid "ldap_user_authorized_rhost (string)"
-msgstr "ldap_user_authorized_host (рядок)"
+msgstr "ldap_user_authorized_rhost (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:836
-#, fuzzy
-#| msgid ""
-#| "If access_provider=ldap and ldap_access_order=host, SSSD will use the "
-#| "presence of the host attribute in the user's LDAP entry to determine "
-#| "access privilege."
 msgid ""
 "If access_provider=ldap and ldap_access_order=rhost, SSSD will use the "
 "presence of the rhost attribute in the user's LDAP entry to determine access "
 "privilege. Similarly to host verification process."
 msgstr ""
-"Якщо access_provider=ldap і ldap_access_order=host, SSSD використовуватиме "
-"наявність атрибута host у записі користувача LDAP для визначення прав "
-"доступу."
+"Якщо access_provider=ldap і ldap_access_order=rhost, SSSD використовуватиме "
+"наявність атрибута rhost у записі користувача LDAP для визначення прав "
+"доступу. Те саме стосується і процесу перевірки вузла."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:843
-#, fuzzy
-#| msgid ""
-#| "An explicit deny (!host) is resolved first. Second, SSSD searches for "
-#| "explicit allow (host) and finally for allow_all (*)."
 msgid ""
 "An explicit deny (!rhost) is resolved first. Second, SSSD searches for "
 "explicit allow (rhost) and finally for allow_all (*)."
 msgstr ""
-"Спочатку визначаються явні заборони (!host). Далі SSSD шукає явні дозволи "
-"(host) і нарешті загальні дозволи або allow_all (*)."
+"Спочатку визначаються явні заборони (!rhost). Далі SSSD шукає явні дозволи "
+"(rhost) і нарешті загальні дозволи або allow_all (*)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:848
-#, fuzzy
-#| msgid ""
-#| "Please note that the ldap_access_order configuration option "
-#| "<emphasis>must</emphasis> include <quote>host</quote> in order for the "
-#| "ldap_user_authorized_host option to work."
 msgid ""
 "Please note that the ldap_access_order configuration option <emphasis>must</"
 "emphasis> include <quote>rhost</quote> in order for the "
 "ldap_user_authorized_rhost option to work."
 msgstr ""
 "Будь ласка, зауважте, що параметр налаштування ldap_access_order "
-"<emphasis>має</emphasis> включати <quote>host</quote>, щоб можна було "
-"скористатися параметром ldap_user_authorized_host."
+"<emphasis>має</emphasis> включати <quote>rhost</quote>, щоб можна було "
+"скористатися параметром ldap_user_authorized_rhost."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:855
-#, fuzzy
-#| msgid "Default: host"
 msgid "Default: rhost"
-msgstr "Типове значення: host"
+msgstr "Типове значення: rhost"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:861
@@ -5949,10 +6007,8 @@ msgstr "Назва атрибута LDAP, що містить сертифіка
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:868
-#, fuzzy
-#| msgid "ldap_user_certificate = userCertificate;binary"
 msgid "Default: userCertificate;binary"
-msgstr "ldap_user_certificate = userCertificate;binary"
+msgstr "Типове значення: userCertificate;binary"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:874
@@ -5974,6 +6030,12 @@ msgid ""
 "email address then set this option to a nonexistent attribute name in order "
 "to disable user lookup/login by email."
 msgstr ""
+"Зауваження: якщо адреса електронної пошти користувача конфліктує із адресою "
+"електронної пошти або повним ім'ям іншого користувача, SSSD не зможе "
+"обслуговувати належним чином записи таких користувачів. Якщо з якоїсь "
+"причини у декількох користувачів має бути одна адреса електронної пошти, "
+"встановіть для цього параметра довільну назву атрибута, щоб вимкнути пошук і "
+"вхід до системи за адресою електронної пошти."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:890
@@ -6340,17 +6402,13 @@ msgstr "ldap_netgroup_modify_timestamp (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1216
-#, fuzzy
-#| msgid "ldap_user_object_class (string)"
 msgid "ldap_host_object_class (string)"
-msgstr "ldap_user_object_class (рядок)"
+msgstr "ldap_host_object_class (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1219
-#, fuzzy
-#| msgid "The object class of a user entry in LDAP."
 msgid "The object class of a host entry in LDAP."
-msgstr "Клас об’єктів запису користувача у LDAP."
+msgstr "Клас об’єктів запису вузла у LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1222 sssd-ldap.5.xml:1331
@@ -6359,75 +6417,55 @@ msgstr "Типове значення: ipService"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1228
-#, fuzzy
-#| msgid "ad_hostname (string)"
 msgid "ldap_host_name (string)"
-msgstr "ad_hostname (рядок)"
+msgstr "ldap_host_name (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1257
-#, fuzzy
-#| msgid "The LDAP attribute that corresponds to the group name."
 msgid "The LDAP attribute that corresponds to the host's name."
-msgstr "Атрибут LDAP, що відповідає назві групи."
+msgstr "Атрибут LDAP, що відповідає назві вузла."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1241
-#, fuzzy
-#| msgid "ldap_pwdlockout_dn (string)"
 msgid "ldap_host_fqdn (string)"
-msgstr "ldap_pwdlockout_dn (рядок)"
+msgstr "ldap_host_fqdn (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1244
-#, fuzzy
-#| msgid "The LDAP attribute that corresponds to the user's full name."
 msgid ""
 "The LDAP attribute that corresponds to the host's fully-qualified domain "
 "name."
-msgstr "Атрибут LDAP, що відповідає повному імені користувача."
+msgstr "Атрибут LDAP, що відповідає повній назві вузла."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1248
-#, fuzzy
-#| msgid "Default: deny"
 msgid "Default: fqdn"
-msgstr "Типове значення: deny"
+msgstr "Типове значення: fqdn"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1254
-#, fuzzy
-#| msgid "ldap_dns_service_name (string)"
 msgid "ldap_host_serverhostname (string)"
-msgstr "ldap_dns_service_name (рядок)"
+msgstr "ldap_host_serverhostname (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1261
-#, fuzzy
-#| msgid "Default: sudoHost"
 msgid "Default: serverHostname"
-msgstr "Типове значення: sudoHost"
+msgstr "Типове значення: serverHostname"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1267
-#, fuzzy
-#| msgid "ldap_user_member_of (string)"
 msgid "ldap_host_member_of (string)"
-msgstr "ldap_user_member_of (рядок)"
+msgstr "ldap_host_member_of (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1270
-#, fuzzy
-#| msgid "The LDAP attribute that lists the user's group memberships."
 msgid "The LDAP attribute that lists the host's group memberships."
-msgstr "Атрибут LDAP зі списком груп, у яких бере участь користувач."
+msgstr "Атрибут LDAP зі списком груп, у яких бере участь вузол."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1280
-#, fuzzy
-#| msgid "ipa_host_search_base (string)"
 msgid "ldap_host_search_base (string)"
-msgstr "ipa_host_search_base (рядок)"
+msgstr "ldap_host_search_base (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1283
@@ -6452,32 +6490,23 @@ msgstr "Типове значення: значення <emphasis>ldap_search_ba
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1299
-#, fuzzy
-#| msgid "ldap_user_ssh_public_key (string)"
 msgid "ldap_host_ssh_public_key (string)"
-msgstr "ldap_user_ssh_public_key (рядок)"
+msgstr "ldap_host_ssh_public_key (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1302
-#, fuzzy
-#| msgid "The LDAP attribute that contains the user's SSH public keys."
 msgid "The LDAP attribute that contains the host's SSH public keys."
-msgstr "Атрибут LDAP, який містить відкриті ключі SSH користувача."
+msgstr "Атрибут LDAP, який містить відкриті ключі SSH вузла."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1312
-#, fuzzy
-#| msgid "ldap_user_uuid (string)"
 msgid "ldap_host_uuid (string)"
-msgstr "ldap_user_uuid (рядок)"
+msgstr "ldap_host_uuid (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1315
-#, fuzzy
-#| msgid ""
-#| "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP host object."
-msgstr "Атрибут LDAP, що містить UUID/GUID об’єкта користувача LDAP."
+msgstr "Атрибут LDAP, що містить UUID/GUID об’єкта вузла LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1325
@@ -7141,7 +7170,7 @@ msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
 msgstr "Визначає строк дії (у секундах) TGT, якщо використовується GSSAPI."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1853 sssd-ad.5.xml:934
+#: sssd-ldap.5.xml:1853 sssd-ad.5.xml:937
 msgid "Default: 86400 (24 hours)"
 msgstr "Типове значення: 86400 (24 години)"
 
@@ -7696,15 +7725,12 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:2237
-#, fuzzy
-#| msgid ""
-#| "<emphasis>host</emphasis>: use the host attribute to determine access"
 msgid ""
 "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
 "remote host can access"
 msgstr ""
-"<emphasis>host</emphasis>: за допомогою цього атрибута вузла можна визначити "
-"права доступу"
+"<emphasis>rhost</emphasis>: використовувати атрибут rhost для визначення "
+"того, чи матиме віддалений вузол доступ"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:2241
@@ -7712,6 +7738,9 @@ msgid ""
 "Please note, rhost field in pam is set by application, it is better to check "
 "what the application sends to pam, before enabling this access control option"
 msgstr ""
+"Будь ласка, зауважте, що значення поля rhost у pam встановлюється програмою. "
+"Варто перевірити, що програма надсилає pam, перш ніж вмикати цей варіант "
+"керування доступом."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:2246
@@ -7859,10 +7888,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:2341 sssd-ifp.5.xml:136
-#, fuzzy
-#| msgid "wildcart_limit (integer)"
 msgid "wildcard_limit (integer)"
-msgstr "wildcart_limit (ціле число)"
+msgstr "wildcard_limit (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:2344
@@ -8428,12 +8455,6 @@ msgstr "<note>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
 #: sssd-ldap.5.xml:2787
-#, fuzzy
-#| msgid ""
-#| "If the option <quote>ldap_use_tokengroups</quote> is enabled. The "
-#| "searches against Active Directory will not be restricted and return all "
-#| "groups memberships, even with no GID mapping. It is recommended to "
-#| "disable this feature, if group names are not being displayed correctly."
 msgid ""
 "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
 "against Active Directory will not be restricted and return all groups "
@@ -8475,8 +8496,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd-ldap.5.xml:2816 sssd-simple.5.xml:131 sssd-ipa.5.xml:736
-#: sssd-ad.5.xml:1038 sssd-krb5.5.xml:570 sss_rpcidmapd.5.xml:98
-#: sssd-files.5.xml:71 sssd-session-recording.5.xml:144
+#: sssd-ad.5.xml:1041 sssd-krb5.5.xml:570 sss_rpcidmapd.5.xml:98
+#: sssd-files.5.xml:103 sssd-session-recording.5.xml:144
 msgid "EXAMPLE"
 msgstr "ПРИКЛАД"
 
@@ -8513,8 +8534,8 @@ msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para>
 #: sssd-ldap.5.xml:2823 sssd-ldap.5.xml:2841 sssd-simple.5.xml:139
-#: sssd-ipa.5.xml:744 sssd-ad.5.xml:1046 sssd-sudo.5.xml:56 sssd-krb5.5.xml:579
-#: sssd-files.5.xml:78 sssd-session-recording.5.xml:150
+#: sssd-ipa.5.xml:744 sssd-ad.5.xml:1049 sssd-sudo.5.xml:56 sssd-krb5.5.xml:579
+#: sssd-files.5.xml:110 sssd-session-recording.5.xml:150
 #: include/ldap_id_mapping.xml:105
 msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
@@ -8561,7 +8582,7 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd-ldap.5.xml:2857 sssd_krb5_locator_plugin.8.xml:61 sssd-simple.5.xml:148
-#: sssd-ad.5.xml:1061 sssd.8.xml:230 sss_seed.8.xml:163
+#: sssd-ad.5.xml:1064 sssd.8.xml:230 sss_seed.8.xml:163
 msgid "NOTES"
 msgstr "ЗАУВАЖЕННЯ"
 
@@ -9103,7 +9124,7 @@ msgstr ""
 "обробляються."
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:82 sssd-ad.5.xml:113
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:82 sssd-ad.5.xml:116
 msgid ""
 "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
 "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -9234,13 +9255,14 @@ msgstr "ПРІОРИТЕТНІСТЬ"
 #: sss-certmap.5.xml:45
 #, fuzzy
 #| msgid ""
-#| "The rules are process by priority while the number '0' (zero)  indicates "
-#| "the highest priority. The higher the number the lower is the priority. A "
-#| "missing value indicates the lowest priority."
+#| "The rules are processed by priority while the number '0' (zero)  "
+#| "indicates the highest priority. The higher the number the lower is the "
+#| "priority. A missing value indicates the lowest priority."
 msgid ""
 "The rules are processed by priority while the number '0' (zero)  indicates "
 "the highest priority. The higher the number the lower is the priority. A "
-"missing value indicates the lowest priority."
+"missing value indicates the lowest priority. The rules processing is stopped "
+"when a matched rule is found and no further rules are checked."
 msgstr ""
 "Правила оброблятимуться за пріоритетністю, номер «0» (нуль) відповідає "
 "найвищому рівню пріоритетності. Чим більшим є значення, тим нижчою є "
@@ -9248,7 +9270,7 @@ msgstr ""
 "найнижчою."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:50
+#: sss-certmap.5.xml:52
 msgid ""
 "Internally the priority is treated as unsigned 32bit integer, using a "
 "priority value larger than 4294967295 will cause an error."
@@ -9258,12 +9280,12 @@ msgstr ""
 "призводитиме до виведення повідомлення про помилку."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sss-certmap.5.xml:55
+#: sss-certmap.5.xml:57
 msgid "MATCHING RULE"
 msgstr "ПРАВИЛО ВІДПОВІДНОСТІ"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:57
+#: sss-certmap.5.xml:59
 msgid ""
 "The matching rule is used to select a certificate to which the mapping rule "
 "should be applied. It uses a system similar to the one used by "
@@ -9283,12 +9305,12 @@ msgstr ""
 "&amp;» (та) або «&#124;&#124;» (або)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:69
+#: sss-certmap.5.xml:71
 msgid "&lt;SUBJECT&gt;regular-expression"
 msgstr "&lt;SUBJECT&gt;формальний-вираз"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:72
+#: sss-certmap.5.xml:74
 msgid ""
 "With this a part or the whole subject name of the certificate can be "
 "matched. For the matching POSIX Extended Regular Expression syntax is used, "
@@ -9300,7 +9322,7 @@ msgstr ""
 "можна знайти на сторінці підручника regex(7)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:78
+#: sss-certmap.5.xml:80
 msgid ""
 "For the matching the subject name stored in the certificate in DER encoded "
 "ASN.1 is converted into a string according to RFC 4514. This means the most "
@@ -9322,17 +9344,17 @@ msgstr ""
 "їх у відповідних формальних виразах."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:91
+#: sss-certmap.5.xml:93
 msgid "Example: &lt;SUBJECT&gt;.*,DC=MY,DC=DOMAIN"
 msgstr "Приклад: &lt;SUBJECT&gt;.*,DC=MY,DC=DOMAIN"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:96
+#: sss-certmap.5.xml:98
 msgid "&lt;ISSUER&gt;regular-expression"
 msgstr "&lt;ISSUER&gt;формальний-вираз"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:99
+#: sss-certmap.5.xml:101
 msgid ""
 "With this a part or the whole issuer name of the certificate can be matched. "
 "All comments for &lt;SUBJECT&gt; apply her as well."
@@ -9342,21 +9364,17 @@ msgstr ""
 "SUBJECT&gt;."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:104
+#: sss-certmap.5.xml:106
 msgid "Example: &lt;ISSUER&gt;^CN=My-CA,DC=MY,DC=DOMAIN$"
 msgstr "Приклад: &lt;ISSUER&gt;^CN=My-CA,DC=MY,DC=DOMAIN$"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:109
+#: sss-certmap.5.xml:111
 msgid "&lt;KU&gt;key-usage"
 msgstr "&lt;KU&gt;використання-ключа"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:112
-#, fuzzy
-#| msgid ""
-#| "This option can be used to specify which key usage values the certificate "
-#| "should have. The following value can be used in a comma separate list:"
+#: sss-certmap.5.xml:114
 msgid ""
 "This option can be used to specify which key usage values the certificate "
 "should have. The following values can be used in a comma separated list:"
@@ -9366,52 +9384,52 @@ msgstr ""
 "можна використовувати такі значення:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:116
+#: sss-certmap.5.xml:118
 msgid "digitalSignature"
 msgstr "digitalSignature"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:117
+#: sss-certmap.5.xml:119
 msgid "nonRepudiation"
 msgstr "nonRepudiation"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:118
+#: sss-certmap.5.xml:120
 msgid "keyEncipherment"
 msgstr "keyEncipherment"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:119
+#: sss-certmap.5.xml:121
 msgid "dataEncipherment"
 msgstr "dataEncipherment"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:120
+#: sss-certmap.5.xml:122
 msgid "keyAgreement"
 msgstr "keyAgreement"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:121
+#: sss-certmap.5.xml:123
 msgid "keyCertSign"
 msgstr "keyCertSign"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:122
+#: sss-certmap.5.xml:124
 msgid "cRLSign"
 msgstr "cRLSign"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:123
+#: sss-certmap.5.xml:125
 msgid "encipherOnly"
 msgstr "encipherOnly"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:124
+#: sss-certmap.5.xml:126
 msgid "decipherOnly"
 msgstr "decipherOnly"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:128
+#: sss-certmap.5.xml:130
 msgid ""
 "A numerical value in the range of a 32bit unsigned integer can be used as "
 "well to cover special use cases."
@@ -9420,17 +9438,17 @@ msgstr ""
 "діапазоні 32-бітових цілих чисел без знаку."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:132
+#: sss-certmap.5.xml:134
 msgid "Example: &lt;KU&gt;digitalSignature,keyEncipherment"
 msgstr "Приклад: &lt;KU&gt;digitalSignature,keyEncipherment"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:137
+#: sss-certmap.5.xml:139
 msgid "&lt;EKU&gt;extended-key-usage"
 msgstr "&lt;EKU&gt;розширене-використання-ключа"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:140
+#: sss-certmap.5.xml:142
 msgid ""
 "This option can be used to specify which extended key usage the certificate "
 "should have. The following value can be used in a comma separated list:"
@@ -9440,52 +9458,52 @@ msgstr ""
 "відокремлених комами, можна використовувати такі значення:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:144
+#: sss-certmap.5.xml:146
 msgid "serverAuth"
 msgstr "serverAuth"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:145
+#: sss-certmap.5.xml:147
 msgid "clientAuth"
 msgstr "clientAuth"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:146
+#: sss-certmap.5.xml:148
 msgid "codeSigning"
 msgstr "codeSigning"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:147
+#: sss-certmap.5.xml:149
 msgid "emailProtection"
 msgstr "emailProtection"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:148
+#: sss-certmap.5.xml:150
 msgid "timeStamping"
 msgstr "timeStamping"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:149
+#: sss-certmap.5.xml:151
 msgid "OCSPSigning"
 msgstr "OCSPSigning"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:150
+#: sss-certmap.5.xml:152
 msgid "KPClientAuth"
 msgstr "KPClientAuth"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:151
+#: sss-certmap.5.xml:153
 msgid "pkinit"
 msgstr "pkinit"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:152
+#: sss-certmap.5.xml:154
 msgid "msScLogin"
 msgstr "msScLogin"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:156
+#: sss-certmap.5.xml:158
 msgid ""
 "Extended key usages which are not listed above can be specified with their "
 "OID in dotted-decimal notation."
@@ -9494,17 +9512,17 @@ msgstr ""
 "можна визначити за допомогою їхнього OID у точково-десятковому позначенні."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:160
+#: sss-certmap.5.xml:162
 msgid "Example: &lt;EKU&gt;clientAuth,1.3.6.1.5.2.3.4"
 msgstr "Приклад: &lt;EKU&gt;clientAuth,1.3.6.1.5.2.3.4"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:165
+#: sss-certmap.5.xml:167
 msgid "&lt;SAN&gt;regular-expression"
 msgstr "&lt;SAN&gt;формальний-вираз"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:168
+#: sss-certmap.5.xml:170
 msgid ""
 "To be compatible with the usage of MIT Kerberos this option will match the "
 "Kerberos principals in the PKINIT or AD NT Principal SAN as &lt;SAN:"
@@ -9515,65 +9533,65 @@ msgstr ""
 "так, як це робить &lt;SAN:Principal&gt;."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:173
+#: sss-certmap.5.xml:175
 msgid "Example: &lt;SAN&gt;.*@MY\\.REALM"
 msgstr "Приклад: &lt;SAN&gt;.*@MY\\.REALM"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:178
+#: sss-certmap.5.xml:180
 msgid "&lt;SAN:Principal&gt;regular-expression"
 msgstr "&lt;SAN:Principal&gt;формальний-вираз"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:181
+#: sss-certmap.5.xml:183
 msgid "Match the Kerberos principals in the PKINIT or AD NT Principal SAN."
 msgstr ""
 "Встановити відповідність реєстраційних даних Kerberos у PKINIT або AD NT "
 "Principal SAN."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:185
+#: sss-certmap.5.xml:187
 msgid "Example: &lt;SAN:Principal&gt;.*@MY\\.REALM"
 msgstr "Приклад: &lt;SAN:Principal&gt;.*@MY\\.REALM"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:190
+#: sss-certmap.5.xml:192
 msgid "&lt;SAN:ntPrincipalName&gt;regular-expression"
 msgstr "&lt;SAN:ntPrincipalName&gt;формальний-вираз"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:193
+#: sss-certmap.5.xml:195
 msgid "Match the Kerberos principals from the AD NT Principal SAN."
 msgstr ""
 "Встановити відповідність реєстраційних даних Kerberos з AD NT Principal SAN."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:197
+#: sss-certmap.5.xml:199
 msgid "Example: &lt;SAN:ntPrincipalName&gt;.*@MY.AD.REALM"
 msgstr "Приклад: &lt;SAN:ntPrincipalName&gt;.*@MY.AD.REALM"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:202
+#: sss-certmap.5.xml:204
 msgid "&lt;SAN:pkinit&gt;regular-expression"
 msgstr "&lt;SAN:pkinit&gt;формальний-вираз"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:205
+#: sss-certmap.5.xml:207
 msgid "Match the Kerberos principals from the PKINIT SAN."
 msgstr "Встановити відповідність реєстраційних даних Kerberos з SAN PKINIT."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:208
+#: sss-certmap.5.xml:210
 msgid "Example: &lt;SAN:ntPrincipalName&gt;.*@MY\\.PKINIT\\.REALM"
 msgstr "Приклад: &lt;SAN:ntPrincipalName&gt;.*@MY\\.PKINIT\\.REALM"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:213
+#: sss-certmap.5.xml:215
 msgid "&lt;SAN:dotted-decimal-oid&gt;regular-expression"
 msgstr "&lt;SAN:dotted-decimal-oid&gt;формальний-вираз"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:216
+#: sss-certmap.5.xml:218
 msgid ""
 "Take the value of the otherName SAN component given by the OID in dotted-"
 "decimal notation, interpret it as string and try to match it against the "
@@ -9584,17 +9602,17 @@ msgstr ""
 "відповідність формальному виразу."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:222
+#: sss-certmap.5.xml:224
 msgid "Example: &lt;SAN:1.2.3.4&gt;test"
 msgstr "Приклад: &lt;SAN:1.2.3.4&gt;test"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:227
+#: sss-certmap.5.xml:229
 msgid "&lt;SAN:otherName&gt;base64-string"
 msgstr "&lt;SAN:otherName&gt;base64-string"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:230
+#: sss-certmap.5.xml:232
 msgid ""
 "Do a binary match with the base64 encoded blob against all otherName SAN "
 "components. With this option it is possible to match against custom "
@@ -9607,62 +9625,62 @@ msgstr ""
 "особливими кодуваннями, які не можна обробляти як рядки."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:237
+#: sss-certmap.5.xml:239
 msgid "Example: &lt;SAN:otherName&gt;MTIz"
 msgstr "Приклад: &lt;SAN:otherName&gt;MTIz"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:242
+#: sss-certmap.5.xml:244
 msgid "&lt;SAN:rfc822Name&gt;regular-expression"
 msgstr "&lt;SAN:rfc822Name&gt;формальний-вираз"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:245
+#: sss-certmap.5.xml:247
 msgid "Match the value of the rfc822Name SAN."
 msgstr "Встановити відповідність значення SAN rfc822Name."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:248
+#: sss-certmap.5.xml:250
 msgid "Example: &lt;SAN:rfc822Name&gt;.*@email\\.domain"
 msgstr "Приклад: &lt;SAN:rfc822Name&gt;.*@email\\.domain"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:253
+#: sss-certmap.5.xml:255
 msgid "&lt;SAN:dNSName&gt;regular-expression"
 msgstr "&lt;SAN:dNSName&gt;формальний-вираз"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:256
+#: sss-certmap.5.xml:258
 msgid "Match the value of the dNSName SAN."
 msgstr "Встановити відповідність значення SAN dNSName."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:259
+#: sss-certmap.5.xml:261
 msgid "Example: &lt;SAN:dNSName&gt;.*\\.my\\.dns\\.domain"
 msgstr "Приклад: &lt;SAN:dNSName&gt;.*\\.my\\.dns\\.domain"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:264
+#: sss-certmap.5.xml:266
 msgid "&lt;SAN:x400Address&gt;base64-string"
 msgstr "&lt;SAN:x400Address&gt;рядок-base64"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:267
+#: sss-certmap.5.xml:269
 msgid "Binary match the value of the x400Address SAN."
 msgstr "Встановити двійкову відповідність значення SAN x400Address."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:270
+#: sss-certmap.5.xml:272
 msgid "Example: &lt;SAN:x400Address&gt;MTIz"
 msgstr "Приклад: &lt;SAN:x400Address&gt;MTIz"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:275
+#: sss-certmap.5.xml:277
 msgid "&lt;SAN:directoryName&gt;regular-expression"
 msgstr "&lt;SAN:directoryName&gt;формальний-вираз"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:278
+#: sss-certmap.5.xml:280
 msgid ""
 "Match the value of the directoryName SAN. The same comments as given for &lt;"
 "ISSUER&gt; and &lt;SUBJECT&gt; apply here as well."
@@ -9672,84 +9690,84 @@ msgstr ""
 "та &lt;SUBJECT&gt;."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:283
+#: sss-certmap.5.xml:285
 msgid "Example: &lt;SAN:directoryName&gt;.*,DC=com"
 msgstr "Приклад: &lt;SAN:directoryName&gt;.*,DC=com"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:288
+#: sss-certmap.5.xml:290
 msgid "&lt;SAN:ediPartyName&gt;base64-string"
 msgstr "&lt;SAN:ediPartyName&gt;рядок-base64"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:291
+#: sss-certmap.5.xml:293
 msgid "Binary match the value of the ediPartyName SAN."
 msgstr "Встановити двійкову відповідність значення SAN ediPartyName."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:294
+#: sss-certmap.5.xml:296
 msgid "Example: &lt;SAN:ediPartyName&gt;MTIz"
 msgstr "Приклад: &lt;SAN:ediPartyName&gt;MTIz"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:299
+#: sss-certmap.5.xml:301
 msgid "&lt;SAN:uniformResourceIdentifier&gt;regular-expression"
 msgstr "&lt;SAN:uniformResourceIdentifier&gt;формальний-вираз"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:302
+#: sss-certmap.5.xml:304
 msgid "Match the value of the uniformResourceIdentifier SAN."
 msgstr "Встановити відповідність значення SAN uniformResourceIdentifier."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:305
+#: sss-certmap.5.xml:307
 msgid "Example: &lt;SAN:uniformResourceIdentifier&gt;URN:.*"
 msgstr "Приклад: &lt;SAN:uniformResourceIdentifier&gt;URN:.*"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:310
+#: sss-certmap.5.xml:312
 msgid "&lt;SAN:iPAddress&gt;regular-expression"
 msgstr "&lt;SAN:iPAddress&gt;формальний-вираз"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:313
+#: sss-certmap.5.xml:315
 msgid "Match the value of the iPAddress SAN."
 msgstr "Встановити відповідність значення SAN iPAddress."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:316
+#: sss-certmap.5.xml:318
 msgid "Example: &lt;SAN:iPAddress&gt;192\\.168\\..*"
 msgstr "Приклад: &lt;SAN:iPAddress&gt;192\\.168\\..*"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:321
+#: sss-certmap.5.xml:323
 msgid "&lt;SAN:registeredID&gt;regular-expression"
 msgstr "&lt;SAN:registeredID&gt;формальний-вираз"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:324
+#: sss-certmap.5.xml:326
 msgid "Match the value of the registeredID SAN as dotted-decimal string."
 msgstr ""
 "Встановити значення SAN registeredID у форматі точково-десяткового рядка."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:328
+#: sss-certmap.5.xml:330
 msgid "Example: &lt;SAN:registeredID&gt;1\\.2\\.3\\..*"
 msgstr "Приклад: &lt;SAN:registeredID&gt;1\\.2\\.3\\..*"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:66
+#: sss-certmap.5.xml:68
 msgid ""
 "The available options are: <placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr "Доступні варіанти: <placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sss-certmap.5.xml:336
+#: sss-certmap.5.xml:338
 msgid "MAPPING RULE"
 msgstr "ПРАВИЛО ПРИВʼЯЗУВАННЯ"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:338
+#: sss-certmap.5.xml:340
 msgid ""
 "The mapping rule is used to associate a certificate with one or more "
 "accounts. A Smartcard with the certificate and the matching private key can "
@@ -9761,17 +9779,7 @@ msgstr ""
 "цих облікових записів."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:343
-#, fuzzy
-#| msgid ""
-#| "Currently SSSD basically only supports LDAP to lookup user information "
-#| "(the exception is the proxy provider which is not of relevance here). "
-#| "Because of this the mapping rule is based on LDAP search filter syntax "
-#| "with templates to add certificate content to the filter. It is expected "
-#| "that the filter will only contain the specific data needed for the "
-#| "mapping an that the caller will embed it in another filter to do the "
-#| "actual search. Because of this the filter string should start and stop "
-#| "with '(' and ')' respectively."
+#: sss-certmap.5.xml:345
 msgid ""
 "Currently SSSD basically only supports LDAP to lookup user information (the "
 "exception is the proxy provider which is not of relevance here). Because of "
@@ -9791,7 +9799,7 @@ msgstr ""
 "завершуватися «(» і «)», відповідно."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:353
+#: sss-certmap.5.xml:355
 msgid ""
 "In general it is recommended to use attributes from the certificate and add "
 "them to special attributes to the LDAP user object. E.g. the "
@@ -9804,14 +9812,7 @@ msgstr ""
 "«ipaCertMapData» для IPA."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:359
-#, fuzzy
-#| msgid ""
-#| "This should be preferred to read user specific data from the certificate "
-#| "like e.g. an email address and search for it in the LDAP server. The "
-#| "reason is that the user specific data in LDAP might change for various "
-#| "reasons would would break the mapping. On the other hand it would be hard "
-#| "to break the mapping on purpose for a specific user."
+#: sss-certmap.5.xml:361
 msgid ""
 "This should be preferred to read user specific data from the certificate "
 "like e.g. an email address and search for it in the LDAP server. The reason "
@@ -9826,12 +9827,12 @@ msgstr ""
 "бажаним шляхом, розірвати прив'язку буде важко."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:374
+#: sss-certmap.5.xml:376
 msgid "{issuer_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
 msgstr "{issuer_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:377
+#: sss-certmap.5.xml:379
 msgid ""
 "This template will add the full issuer DN converted to a string according to "
 "RFC 4514. If X.500 ordering (most specific RDN comes last) an option with "
@@ -9842,7 +9843,7 @@ msgstr ""
 "стоїть останнім), буде використано параметр із префіксом «_x500»."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:383 sss-certmap.5.xml:409
+#: sss-certmap.5.xml:385 sss-certmap.5.xml:411
 msgid ""
 "The conversion options starting with 'ad_' will use attribute names as used "
 "by AD, e.g. 'S' instead of 'ST'."
@@ -9852,7 +9853,7 @@ msgstr ""
 "«S», замість «ST»."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:387 sss-certmap.5.xml:413
+#: sss-certmap.5.xml:389 sss-certmap.5.xml:415
 msgid ""
 "The conversion options starting with 'nss_' will use attribute names as used "
 "by NSS."
@@ -9861,7 +9862,7 @@ msgstr ""
 "використовуватимуться назви атрибутів, які використовуються NSS."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:391 sss-certmap.5.xml:417
+#: sss-certmap.5.xml:393 sss-certmap.5.xml:419
 msgid ""
 "The default conversion option is 'nss', i.e. attribute names according to "
 "NSS and LDAP/RFC 4514 ordering."
@@ -9870,7 +9871,7 @@ msgstr ""
 "NSS і упорядковування за LDAP/RFC 4514."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:395
+#: sss-certmap.5.xml:397
 msgid ""
 "Example: (ipacertmapdata=X509:&lt;I&gt;{issuer_dn!ad}&lt;S&gt;{subject_dn!"
 "ad})"
@@ -9879,12 +9880,12 @@ msgstr ""
 "ad})"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:400
+#: sss-certmap.5.xml:402
 msgid "{subject_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
 msgstr "{subject_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:403
+#: sss-certmap.5.xml:405
 msgid ""
 "This template will add the full subject DN converted to string according to "
 "RFC 4514. If X.500 ordering (most specific RDN comes last) an option with "
@@ -9895,7 +9896,7 @@ msgstr ""
 "стоїть останнім), буде використано параметр із префіксом «_x500»."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:421
+#: sss-certmap.5.xml:423
 msgid ""
 "Example: (ipacertmapdata=X509:&lt;I&gt;{issuer_dn!nss_x500}&lt;S&gt;"
 "{subject_dn!nss_x500})"
@@ -9904,12 +9905,12 @@ msgstr ""
 "{subject_dn!nss_x500})"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:426
+#: sss-certmap.5.xml:428
 msgid "{cert[!(bin|base64)]}"
 msgstr "{cert[!(bin|base64)]}"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:429
+#: sss-certmap.5.xml:431
 msgid ""
 "This template will add the whole DER encoded certificate as a string to the "
 "search filter. Depending on the conversion option the binary certificate is "
@@ -9925,22 +9926,17 @@ msgstr ""
 "«userCertificate;binary»."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:437
+#: sss-certmap.5.xml:439
 msgid "Example: (userCertificate;binary={cert!bin})"
 msgstr "Приклад: (userCertificate;binary={cert!bin})"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:442
+#: sss-certmap.5.xml:444
 msgid "{subject_principal[.short_name]}"
 msgstr "{subject_principal[.short_name]}"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:445
-#, fuzzy
-#| msgid ""
-#| "This template will add the Kerberos principal which is taken either from "
-#| "the SAN used by pkinit or the one used by AD. The 'short_name' component "
-#| "represent the first part of the principal before the '@' sign."
+#: sss-certmap.5.xml:447
 msgid ""
 "This template will add the Kerberos principal which is taken either from the "
 "SAN used by pkinit or the one used by AD. The 'short_name' component "
@@ -9951,7 +9947,7 @@ msgstr ""
 "«short_name» відповідає першій частині реєстраційного запису до символу «@»."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:451 sss-certmap.5.xml:479
+#: sss-certmap.5.xml:453 sss-certmap.5.xml:481
 msgid ""
 "Example: (|(userPrincipal={subject_principal})"
 "(samAccountName={subject_principal.short_name}))"
@@ -9960,17 +9956,12 @@ msgstr ""
 "(samAccountName={subject_principal.short_name}))"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:456
+#: sss-certmap.5.xml:458
 msgid "{subject_pkinit_principal[.short_name]}"
 msgstr "{subject_pkinit_principal[.short_name]}"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:459
-#, fuzzy
-#| msgid ""
-#| "This template will add the Kerberos principal which is given by then SAN "
-#| "used by pkinit. The 'short_name' component represent the first part of "
-#| "the principal before the '@' sign."
+#: sss-certmap.5.xml:461
 msgid ""
 "This template will add the Kerberos principal which is given by the SAN used "
 "by pkinit. The 'short_name' component represents the first part of the "
@@ -9981,7 +9972,7 @@ msgstr ""
 "реєстраційного запису до символу «@»."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:465
+#: sss-certmap.5.xml:467
 msgid ""
 "Example: (|(userPrincipal={subject_pkinit_principal})"
 "(uid={subject_pkinit_principal.short_name}))"
@@ -9990,17 +9981,12 @@ msgstr ""
 "(uid={subject_pkinit_principal.short_name}))"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:470
+#: sss-certmap.5.xml:472
 msgid "{subject_nt_principal[.short_name]}"
 msgstr "{subject_nt_principal[.short_name]}"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:473
-#, fuzzy
-#| msgid ""
-#| "This template will add the Kerberos principal which is given by then SAN "
-#| "used by AD. The 'short_name' component represent the first part of the "
-#| "principal before the '@' sign."
+#: sss-certmap.5.xml:475
 msgid ""
 "This template will add the Kerberos principal which is given by the SAN used "
 "by AD. The 'short_name' component represent the first part of the principal "
@@ -10011,17 +9997,12 @@ msgstr ""
 "реєстраційного запису до символу «@»."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:484
+#: sss-certmap.5.xml:486
 msgid "{subject_rfc822_name[.short_name]}"
 msgstr "{subject_rfc822_name[.short_name]}"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:487
-#, fuzzy
-#| msgid ""
-#| "This template will add the string which is stored in the rfc822Name "
-#| "component of the SAN, typically an email address. The 'short_name' "
-#| "component represent the first part of the address before the '@' sign."
+#: sss-certmap.5.xml:489
 msgid ""
 "This template will add the string which is stored in the rfc822Name "
 "component of the SAN, typically an email address. The 'short_name' component "
@@ -10032,7 +10013,7 @@ msgstr ""
 "частині адреси до символу «@»."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:493
+#: sss-certmap.5.xml:495
 msgid ""
 "Example: (|(mail={subject_rfc822_name})(uid={subject_rfc822_name."
 "short_name}))"
@@ -10041,18 +10022,12 @@ msgstr ""
 "short_name}))"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:498
+#: sss-certmap.5.xml:500
 msgid "{subject_dns_name[.short_name]}"
 msgstr "{subject_dns_name[.short_name]}"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:501
-#, fuzzy
-#| msgid ""
-#| "This template will add the string which is stored in the dNSName "
-#| "component of the SAN, typically a fully-qualified host name.  The "
-#| "'short_name' component represent the first part of the name before the "
-#| "first '.' sign."
+#: sss-certmap.5.xml:503
 msgid ""
 "This template will add the string which is stored in the dNSName component "
 "of the SAN, typically a fully-qualified host name.  The 'short_name' "
@@ -10063,19 +10038,19 @@ msgstr ""
 "назви до першого символу «.»."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:507
+#: sss-certmap.5.xml:509
 msgid ""
 "Example: (|(fqdn={subject_dns_name})(host={subject_dns_name.short_name}))"
 msgstr ""
 "Приклад: (|(fqdn={subject_dns_name})(host={subject_dns_name.short_name}))"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:512
+#: sss-certmap.5.xml:514
 msgid "{subject_uri}"
 msgstr "{subject_uri}"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:515
+#: sss-certmap.5.xml:517
 msgid ""
 "This template will add the string which is stored in the "
 "uniformResourceIdentifier component of the SAN."
@@ -10084,34 +10059,34 @@ msgstr ""
 "uniformResourceIdentifier SAN."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:519
+#: sss-certmap.5.xml:521
 msgid "Example: (uri={subject_uri})"
 msgstr "Приклад: (uri={subject_uri})"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:524
+#: sss-certmap.5.xml:526
 msgid "{subject_ip_address}"
 msgstr "{subject_ip_address}"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:527
+#: sss-certmap.5.xml:529
 msgid ""
 "This template will add the string which is stored in the iPAddress component "
 "of the SAN."
 msgstr "Цей шаблон додає рядок, який зберігається у компоненті iPAddress SAN."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:531
+#: sss-certmap.5.xml:533
 msgid "Example: (ip={subject_ip_address})"
 msgstr "Приклад: (ip={subject_ip_address})"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:536
+#: sss-certmap.5.xml:538
 msgid "{subject_x400_address}"
 msgstr "{subject_x400_address}"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:539
+#: sss-certmap.5.xml:541
 msgid ""
 "This template will add the value which is stored in the x400Address "
 "component of the SAN as escaped hex sequence."
@@ -10120,19 +10095,19 @@ msgstr ""
 "послідовність екранованих шістнадцяткових чисел."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:544
+#: sss-certmap.5.xml:546
 msgid "Example: (attr:binary={subject_x400_address})"
 msgstr "Приклад: (attr:binary={subject_x400_address})"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:549
+#: sss-certmap.5.xml:551
 msgid ""
 "{subject_directory_name[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
 msgstr ""
 "{subject_directory_name[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:552
+#: sss-certmap.5.xml:554
 msgid ""
 "This template will add the DN string of the value which is stored in the "
 "directoryName component of the SAN."
@@ -10141,17 +10116,17 @@ msgstr ""
 "directoryName SAN."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:556
+#: sss-certmap.5.xml:558
 msgid "Example: (orig_dn={subject_directory_name})"
 msgstr "Приклад: (orig_dn={subject_directory_name})"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:561
+#: sss-certmap.5.xml:563
 msgid "{subject_ediparty_name}"
 msgstr "{subject_ediparty_name}"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:564
+#: sss-certmap.5.xml:566
 msgid ""
 "This template will add the value which is stored in the ediPartyName "
 "component of the SAN as escaped hex sequence."
@@ -10160,21 +10135,17 @@ msgstr ""
 "послідовність екранованих шістнадцяткових чисел."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:569
+#: sss-certmap.5.xml:571
 msgid "Example: (attr:binary={subject_ediparty_name})"
 msgstr "Приклад: (attr:binary={subject_ediparty_name})"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:574
+#: sss-certmap.5.xml:576
 msgid "{subject_registered_id}"
 msgstr "{subject_registered_id}"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:577
-#, fuzzy
-#| msgid ""
-#| "This template will add the OID which is stored in the registeredID "
-#| "component of the SAN as as dotted-decimal string."
+#: sss-certmap.5.xml:579
 msgid ""
 "This template will add the OID which is stored in the registeredID component "
 "of the SAN as a dotted-decimal string."
@@ -10183,19 +10154,12 @@ msgstr ""
 "форматі точково-десяткового рядка."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:582
+#: sss-certmap.5.xml:584
 msgid "Example: (oid={subject_registered_id})"
 msgstr "Приклад: (oid={subject_registered_id})"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:367
-#, fuzzy
-#| msgid ""
-#| "The templates to add certificate data to the search filter are based on "
-#| "Python-style formatting strings. They consists of a keyword in curly "
-#| "braces with an optional sub-component specifier separated by a '.' or an "
-#| "optional conversion/formatting option separated by a '!'.  Allowed values "
-#| "are: <placeholder type=\"variablelist\" id=\"0\"/>"
+#: sss-certmap.5.xml:369
 msgid ""
 "The templates to add certificate data to the search filter are based on "
 "Python-style formatting strings. They consist of a keyword in curly braces "
@@ -10210,12 +10174,12 @@ msgstr ""
 "Дозволені значення: <placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sss-certmap.5.xml:590
+#: sss-certmap.5.xml:592
 msgid "DOMAIN LIST"
 msgstr "СПИСОК ДОМЕНІВ"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:592
+#: sss-certmap.5.xml:594
 msgid ""
 "If the domain list is not empty users mapped to a given certificate are not "
 "only searched in the local domain but in the listed domains as well as long "
@@ -10317,6 +10281,9 @@ msgid ""
 "configured in sssd.conf then the id_provider must also be set to <quote>ipa</"
 "quote>."
 msgstr ""
+"Якщо у sssd.conf вказано <quote>auth_provider=ipa</quote> або "
+"<quote>access_provider=ipa</quote>, для id_provider також має бути вказано "
+"<quote>ipa</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ipa.5.xml:73
@@ -10372,10 +10339,6 @@ msgstr "ipa_hostname (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:119
-#, fuzzy
-#| msgid ""
-#| "Optional. May be set on machines where the hostname(5) does not reflect "
-#| "the fully qualified name used in the IPA domain to identify this host."
 msgid ""
 "Optional. May be set on machines where the hostname(5) does not reflect the "
 "fully qualified name used in the IPA domain to identify this host.  The "
@@ -10383,10 +10346,10 @@ msgid ""
 msgstr ""
 "Необов’язковий. Може бути встановлено на комп’ютерах, де hostname(5) не "
 "відповідає повній назві, що використовується доменом IPA для розпізнавання "
-"цього вузла."
+"цього вузла. Назву вузла слід вказувати повністю."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:863
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:866
 msgid "dyndns_update (boolean)"
 msgstr "dyndns_update (булеве значення)"
 
@@ -10406,7 +10369,7 @@ msgstr ""
 "допомогою параметра «dyndns_iface»."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:140 sssd-ad.5.xml:877
+#: sssd-ipa.5.xml:140 sssd-ad.5.xml:880
 msgid ""
 "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
 "the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -10427,12 +10390,12 @@ msgstr ""
 "назву, <emphasis>dyndns_update</emphasis>, у файлі налаштувань."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:157 sssd-ad.5.xml:888
+#: sssd-ipa.5.xml:157 sssd-ad.5.xml:891
 msgid "dyndns_ttl (integer)"
 msgstr "dyndns_ttl (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:160 sssd-ad.5.xml:891
+#: sssd-ipa.5.xml:160 sssd-ad.5.xml:894
 msgid ""
 "The TTL to apply to the client DNS record when updating it.  If "
 "dyndns_update is false this has no effect. This will override the TTL "
@@ -10459,12 +10422,12 @@ msgid "Default: 1200 (seconds)"
 msgstr "Типове значення: 1200 (секунд)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:177 sssd-ad.5.xml:902
+#: sssd-ipa.5.xml:177 sssd-ad.5.xml:905
 msgid "dyndns_iface (string)"
 msgstr "dyndns_iface (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:180 sssd-ad.5.xml:905
+#: sssd-ipa.5.xml:180 sssd-ad.5.xml:908
 msgid ""
 "Optional. Applicable only when dyndns_update is true. Choose the interface "
 "or a list of interfaces whose IP addresses should be used for dynamic DNS "
@@ -10497,17 +10460,17 @@ msgstr ""
 "для з’єднання LDAP IPA"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:197 sssd-ad.5.xml:916
+#: sssd-ipa.5.xml:197 sssd-ad.5.xml:919
 msgid "Example: dyndns_iface = em1, vnet1, vnet2"
 msgstr "Приклад: dyndns_iface = em1, vnet1, vnet2"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:203 sssd-ad.5.xml:967
+#: sssd-ipa.5.xml:203 sssd-ad.5.xml:970
 msgid "dyndns_auth (string)"
 msgstr "dyndns_auth (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:206 sssd-ad.5.xml:970
+#: sssd-ipa.5.xml:206 sssd-ad.5.xml:973
 msgid ""
 "Whether the nsupdate utility should use GSS-TSIG authentication for secure "
 "updates with the DNS server, insecure updates can be sent by setting this "
@@ -10518,7 +10481,7 @@ msgstr ""
 "можна надсилати встановленням для цього параметра значення «none»."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:212 sssd-ad.5.xml:976
+#: sssd-ipa.5.xml:212 sssd-ad.5.xml:979
 msgid "Default: GSS-TSIG"
 msgstr "Типове значення: GSS-TSIG"
 
@@ -10528,7 +10491,7 @@ msgid "ipa_enable_dns_sites (boolean)"
 msgstr "ipa_enable_dns_sites (булеве значення)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:221 sssd-ad.5.xml:210
+#: sssd-ipa.5.xml:221 sssd-ad.5.xml:213
 msgid "Enables DNS sites - location based service discovery."
 msgstr "Вмикає сайти DNS — визначення служб на основі адрес."
 
@@ -10553,7 +10516,7 @@ msgstr ""
 "вважатимуться резервними серверами."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:244 sssd-ad.5.xml:922
+#: sssd-ipa.5.xml:244 sssd-ad.5.xml:925
 msgid "dyndns_refresh_interval (integer)"
 msgstr "dyndns_refresh_interval (ціле число)"
 
@@ -10570,12 +10533,12 @@ msgstr ""
 "є обов’язкоми, його застосовують, лише якщо dyndns_update має значення true."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:940
+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:943
 msgid "dyndns_update_ptr (bool)"
 msgstr "dyndns_update_ptr (булеве значення)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:263 sssd-ad.5.xml:943
+#: sssd-ipa.5.xml:263 sssd-ad.5.xml:946
 msgid ""
 "Whether the PTR record should also be explicitly updated when updating the "
 "client's DNS records.  Applicable only when dyndns_update is true."
@@ -10599,12 +10562,12 @@ msgid "Default: False (disabled)"
 msgstr "Типове значення: False (вимкнено)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:280 sssd-ad.5.xml:954
+#: sssd-ipa.5.xml:280 sssd-ad.5.xml:957
 msgid "dyndns_force_tcp (bool)"
 msgstr "dyndns_force_tcp (булеве значення)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:283 sssd-ad.5.xml:957
+#: sssd-ipa.5.xml:283 sssd-ad.5.xml:960
 msgid ""
 "Whether the nsupdate utility should default to using TCP for communicating "
 "with the DNS server."
@@ -10613,17 +10576,17 @@ msgstr ""
 "даними з сервером DNS."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:287 sssd-ad.5.xml:961
+#: sssd-ipa.5.xml:287 sssd-ad.5.xml:964
 msgid "Default: False (let nsupdate choose the protocol)"
 msgstr "Типове значення: False (надати змогу nsupdate вибирати протокол)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:293 sssd-ad.5.xml:982
+#: sssd-ipa.5.xml:293 sssd-ad.5.xml:985
 msgid "dyndns_server (string)"
 msgstr "dyndns_server (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:296 sssd-ad.5.xml:985
+#: sssd-ipa.5.xml:296 sssd-ad.5.xml:988
 msgid ""
 "The DNS server to use when performing a DNS update. In most setups, it's "
 "recommended to leave this option unset."
@@ -10633,7 +10596,7 @@ msgstr ""
 "параметра."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:301 sssd-ad.5.xml:990
+#: sssd-ipa.5.xml:301 sssd-ad.5.xml:993
 msgid ""
 "Setting this option makes sense for environments where the DNS server is "
 "different from the identity server."
@@ -10642,7 +10605,7 @@ msgstr ""
 "DNS відрізняється від сервера профілів."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:306 sssd-ad.5.xml:995
+#: sssd-ipa.5.xml:306 sssd-ad.5.xml:998
 msgid ""
 "Please note that this option will be only used in fallback attempt when "
 "previous attempt using autodetected settings failed."
@@ -10652,28 +10615,23 @@ msgstr ""
 "невдало."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1000
+#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1003
 msgid "Default: None (let nsupdate choose the server)"
 msgstr "Типове значення: немає (надати nsupdate змогу вибирати сервер)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:317
-#, fuzzy
-#| msgid "ipa_views_search_base (string)"
 msgid "ipa_deskprofile_search_base (string)"
-msgstr "ipa_views_search_base (рядок)"
+msgstr "ipa_deskprofile_search_base (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:320
-#, fuzzy
-#| msgid ""
-#| "Optional. Use the given string as search base for HBAC related objects."
 msgid ""
 "Optional. Use the given string as search base for Desktop Profile related "
 "objects."
 msgstr ""
 "Необов’язковий. Використати вказаний рядок як основу пошуку пов’язаних з "
-"HBAC об’єктів."
+"профілями станції (Desktop Profile) об’єктів."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:324 sssd-ipa.5.xml:337
@@ -10700,7 +10658,7 @@ msgstr "ipa_host_search_base (рядок)"
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:346
 msgid "Deprecated. Use ldap_host_search_base instead."
-msgstr ""
+msgstr "Застарілий. Скористайтеся замість нього ldap_host_search_base."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:352
@@ -10785,12 +10743,12 @@ msgstr ""
 "перетворено у основний DN для виконання дій LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:443 sssd-ad.5.xml:1009
+#: sssd-ipa.5.xml:443 sssd-ad.5.xml:1012
 msgid "krb5_confd_path (string)"
 msgstr "krb5_confd_path (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:446 sssd-ad.5.xml:1012
+#: sssd-ipa.5.xml:446 sssd-ad.5.xml:1015
 msgid ""
 "Absolute path of a directory where SSSD should place Kerberos configuration "
 "snippets."
@@ -10799,7 +10757,7 @@ msgstr ""
 "налаштувань Kerberos."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:450 sssd-ad.5.xml:1016
+#: sssd-ipa.5.xml:450 sssd-ad.5.xml:1019
 msgid ""
 "To disable the creation of the configuration snippets set the parameter to "
 "'none'."
@@ -10808,7 +10766,7 @@ msgstr ""
 "значення «none»."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454 sssd-ad.5.xml:1020
+#: sssd-ipa.5.xml:454 sssd-ad.5.xml:1023
 msgid ""
 "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
 msgstr ""
@@ -10817,60 +10775,44 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:461
-#, fuzzy
-#| msgid "ipa_hbac_refresh (integer)"
 msgid "ipa_deskprofile_refresh (integer)"
-msgstr "ipa_hbac_refresh (ціле число)"
+msgstr "ipa_deskprofile_refresh (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:464
-#, fuzzy
-#| msgid ""
-#| "The amount of time between lookups of the HBAC rules against the IPA "
-#| "server. This will reduce the latency and load on the IPA server if there "
-#| "are many access-control requests made in a short period."
 msgid ""
 "The amount of time between lookups of the Desktop Profile rules against the "
 "IPA server. This will reduce the latency and load on the IPA server if there "
 "are many desktop profiles requests made in a short period."
 msgstr ""
-"Проміжок часу між послідовними пошуками правил HBAC щодо сервера IPA. Зміна "
-"може зменшити час затримки та навантаження на сервер IPA, якщо протягом "
-"короткого періоду часу надходить багато запитів щодо керування доступом."
+"Проміжок часу між послідовними пошуками правил профілів станції (Desktop "
+"Profile) щодо сервера IPA. Зміна може зменшити час затримки та навантаження "
+"на сервер IPA, якщо протягом короткого періоду часу надходить багато запитів "
+"щодо профілів станції."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471 sssd-ipa.5.xml:501 sssd-ipa.5.xml:517 sssd-ad.5.xml:428
+#: sssd-ipa.5.xml:471 sssd-ipa.5.xml:501 sssd-ipa.5.xml:517 sssd-ad.5.xml:431
 msgid "Default: 5 (seconds)"
 msgstr "Типове значення: 5 (секунд)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:477
-#, fuzzy
-#| msgid "ldap_sudo_full_refresh_interval (integer)"
 msgid "ipa_deskprofile_request_interval (integer)"
-msgstr "ldap_sudo_full_refresh_interval (ціле число)"
+msgstr "ipa_deskprofile_request_interval (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:480
-#, fuzzy
-#| msgid ""
-#| "The amount of time between lookups of the HBAC rules against the IPA "
-#| "server. This will reduce the latency and load on the IPA server if there "
-#| "are many access-control requests made in a short period."
 msgid ""
 "The amount of time between lookups of the Desktop Profile rules against the "
 "IPA server in case the last request did not return any rule."
 msgstr ""
-"Проміжок часу між послідовними пошуками правил HBAC щодо сервера IPA. Зміна "
-"може зменшити час затримки та навантаження на сервер IPA, якщо протягом "
-"короткого періоду часу надходить багато запитів щодо керування доступом."
+"Час між пошуками у правилах профілів станцій на сервері IPA, якщо за "
+"останнім запитом не повернуто жодного правила."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:485
-#, fuzzy
-#| msgid "Default: 900 (15 minutes)"
 msgid "Default: 60 (minutes)"
-msgstr "Типове значення: 900 (15 хвилин)"
+msgstr "Типове значення: 60 (хвилин)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:491
@@ -10934,6 +10876,8 @@ msgid ""
 "NOTE: There are currently some assumptions that must be met when SSSD is "
 "running on an IPA server."
 msgstr ""
+"Зауваження: у поточній версії має бути виконано декілька умов, якщо SSSD "
+"працює на сервері IPA."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 #: sssd-ipa.5.xml:541
@@ -10942,6 +10886,9 @@ msgid ""
 "server itself. This is already the default set by the IPA installer, so no "
 "manual change is required."
 msgstr ""
+"Параметр <quote>ipa_server</quote> має бути налаштовано так, щоб він "
+"вказував на сам сервер IPA. Це типово робить засіб встановлення IPA, тому "
+"зміни вручну є зайвими."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 #: sssd-ipa.5.xml:550
@@ -10949,6 +10896,8 @@ msgid ""
 "The <quote>full_name_format</quote> option must not be tweaked to only print "
 "short names for users from trusted domains."
 msgstr ""
+"Не слід змінювати значення параметра <quote>full_name_format</quote> для "
+"того, щоб лише виводити короткі імена користувачів з довірених доменів."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ipa.5.xml:565
@@ -11239,13 +11188,6 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ad.5.xml:36
-#, fuzzy
-#| msgid ""
-#| "The AD provider is a back end used to connect to an Active Directory "
-#| "server. This provider requires that the machine be joined to the AD "
-#| "domain and a keytab is available. Back end communication occurs over a "
-#| "GSSAPI-encrypted channel, SSL/TLS options should not be used with the AD "
-#| "provider and will be superceded by Kerberos usage."
 msgid ""
 "The AD provider is a back end used to connect to an Active Directory server. "
 "This provider requires that the machine be joined to the AD domain and a "
@@ -11336,6 +11278,9 @@ msgid ""
 "configured in sssd.conf then the id_provider must also be set to <quote>ad</"
 "quote>."
 msgstr ""
+"Якщо у sssdconf вказано <quote>auth_provider=ad</quote> або "
+"<quote>access_provider=ad</quote>, для id_provider також має бути вказано "
+"<quote>ad</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
 #: sssd-ad.5.xml:91
@@ -11355,10 +11300,15 @@ msgstr ""
 #| "objectSID parameter in Active Directory. For details on this, see the "
 #| "<quote>ID MAPPING</quote> section below. If you want to disable ID "
 #| "mapping and instead rely on POSIX attributes defined in Active Directory, "
-#| "you should set <placeholder type=\"programlisting\" id=\"0\"/> In order "
-#| "to retrieve users and groups using POSIX attributes from trusted domains, "
-#| "the AD administrator must make sure that the POSIX attributes are "
-#| "replicated to the Global Catalog."
+#| "you should set <placeholder type=\"programlisting\" id=\"0\"/> If POSIX "
+#| "attributes should be used, it is recommended for performance reasons that "
+#| "the attributes are also replicated to the Global Catalog. If POSIX "
+#| "attributes are replicated, SSSD will attempt to locate the domain of a "
+#| "requested numerical ID with the help of the Global Catalog and only "
+#| "search that domain. In contrast, if POSIX attributes are not replicated "
+#| "to the Global Catalog, SSSD must search all the domains in the forest "
+#| "sequentially. Please note that the <quote>cache_first</quote> option "
+#| "might be also helpful in speeding up domainless searches."
 msgid ""
 "By default, the AD provider will map UID and GID values from the objectSID "
 "parameter in Active Directory. For details on this, see the <quote>ID "
@@ -11372,20 +11322,27 @@ msgid ""
 "POSIX attributes are not replicated to the Global Catalog, SSSD must search "
 "all the domains in the forest sequentially. Please note that the "
 "<quote>cache_first</quote> option might be also helpful in speeding up "
-"domainless searches."
+"domainless searches.  Note that if only a subset of POSIX attributes is "
+"present in the Global Catalog, the non-replicated attributes are currently "
+"not read from the LDAP port."
 msgstr ""
 "Типово, модуль надання даних AD виконуватиме прив’язку до значень UID та GID "
 "з параметра objectSID у Active Directory. Докладніший опис наведено у "
 "розділі «ВСТАНОВЛЕННЯ ВІДПОВІДНОСТІ ІДЕНТИФІКАТОРІВ». Якщо вам потрібно "
 "вимкнути встановлення відповідності ідентифікаторів і покладатися на "
 "атрибути POSIX, визначені у Active Directory, вам слід встановити "
-"<placeholder type=\"programlisting\" id=\"0\"/> Щоб отримати дані щодо "
-"користувачів і груп за допомогою атрибутів POSIX з надійних доменів, "
-"адміністратор AD має переконатися, що атрибути POSIX відтворюються у "
-"загальному каталозі (Global Catalog)."
+"<placeholder type=\"programlisting\" id=\"0\"/> Якщо має бути використано "
+"атрибути POSIX, рекомендуємо з міркувань швидкодії виконувати також "
+"реплікацію атрибутів до загального каталогу. Якщо виконується реплікація "
+"атрибутів POSIX, SSSD намагатиметься знайти домен числового ідентифікатора "
+"із запиту за допомогою загального каталогу і шукатиме лише цей домен. І "
+"навпаки, якщо реплікація атрибутів POSIX до загального каталогу не "
+"відбувається, SSSD доводиться шукати на усіх доменах у лісі послідовно. Будь "
+"ласка, зауважте, що для пришвидшення пошуку без доменів також може бути "
+"корисним використання параметра <quote>cache_first</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:105
+#: sssd-ad.5.xml:108
 msgid ""
 "Users, groups and other entities served by SSSD are always treated as case-"
 "insensitive in the AD provider for compatibility with Active Directory's "
@@ -11396,12 +11353,12 @@ msgstr ""
 "для забезпечення сумісності з реалізацією Active Directory у LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:120
+#: sssd-ad.5.xml:123
 msgid "ad_domain (string)"
 msgstr "ad_domain (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:123
+#: sssd-ad.5.xml:126
 msgid ""
 "Specifies the name of the Active Directory domain.  This is optional. If not "
 "provided, the configuration domain name is used."
@@ -11410,7 +11367,7 @@ msgstr ""
 "буде використано назву домену з налаштувань."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:128
+#: sssd-ad.5.xml:131
 msgid ""
 "For proper operation, this option should be specified as the lower-case "
 "version of the long version of the Active Directory domain."
@@ -11419,7 +11376,7 @@ msgstr ""
 "малими літерами повної версії назви домену Active Directory."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:133
+#: sssd-ad.5.xml:136
 msgid ""
 "The short domain name (also known as the NetBIOS or the flat name) is "
 "autodetected by the SSSD."
@@ -11428,12 +11385,12 @@ msgstr ""
 "автоматично визначається засобами SSSD."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:140
+#: sssd-ad.5.xml:143
 msgid "ad_enabled_domains (string)"
 msgstr "ad_enabled_domains (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:143
+#: sssd-ad.5.xml:146
 msgid ""
 "A comma-separated list of enabled Active Directory domains.  If provided, "
 "SSSD will ignore any domains not listed in this option. If left unset, all "
@@ -11445,7 +11402,7 @@ msgstr ""
 "домени з лісу AD."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:153
+#: sssd-ad.5.xml:156
 #, no-wrap
 msgid ""
 "ad_enabled_domains = sales.example.com, eng.example.com\n"
@@ -11455,7 +11412,7 @@ msgstr ""
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:149
+#: sssd-ad.5.xml:152
 msgid ""
 "For proper operation, this option must be specified in all lower-case and as "
 "the fully qualified domain name of the Active Directory domain. For example: "
@@ -11466,7 +11423,7 @@ msgstr ""
 "<placeholder type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:157
+#: sssd-ad.5.xml:160
 msgid ""
 "The short domain name (also known as the NetBIOS or the flat name) will be "
 "autodetected by SSSD."
@@ -11475,12 +11432,12 @@ msgstr ""
 "автоматично визначається засобами SSSD."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:167
+#: sssd-ad.5.xml:170
 msgid "ad_server, ad_backup_server (string)"
 msgstr "ad_server, ad_backup_server (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:170
+#: sssd-ad.5.xml:173
 msgid ""
 "The comma-separated list of hostnames of the AD servers to which SSSD should "
 "connect in order of preference. For more information on failover and server "
@@ -11492,7 +11449,7 @@ msgstr ""
 "quote>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:177
+#: sssd-ad.5.xml:180
 msgid ""
 "This is optional if autodiscovery is enabled.  For more information on "
 "service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
@@ -11502,7 +11459,7 @@ msgstr ""
 "«ПОШУК СЛУЖБ»."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:182
+#: sssd-ad.5.xml:185
 msgid ""
 "Note: Trusted domains will always auto-discover servers even if the primary "
 "server is explicitly defined in the ad_server option."
@@ -11511,12 +11468,12 @@ msgstr ""
 "якщо основний сервер явним чином визначено у параметрі ad_server."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:190
+#: sssd-ad.5.xml:193
 msgid "ad_hostname (string)"
 msgstr "ad_hostname (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:193
+#: sssd-ad.5.xml:196
 msgid ""
 "Optional. May be set on machines where the hostname(5) does not reflect the "
 "fully qualified name used in the Active Directory domain to identify this "
@@ -11527,7 +11484,7 @@ msgstr ""
 "розпізнавання цього вузла."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:199
+#: sssd-ad.5.xml:202
 msgid ""
 "This field is used to determine the host principal in use in the keytab. It "
 "must match the hostname for which the keytab was issued."
@@ -11537,12 +11494,12 @@ msgstr ""
 "вузла, для якого випущено таблицю ключів."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:207
+#: sssd-ad.5.xml:210
 msgid "ad_enable_dns_sites (boolean)"
 msgstr "ad_enable_dns_sites (булеве значення)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:214
+#: sssd-ad.5.xml:217
 msgid ""
 "If true and service discovery (see Service Discovery paragraph at the bottom "
 "of the man page)  is enabled, the SSSD will first attempt to discover the "
@@ -11560,12 +11517,12 @@ msgstr ""
 "сайтів."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:230
+#: sssd-ad.5.xml:233
 msgid "ad_access_filter (string)"
 msgstr "ad_access_filter (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:233
+#: sssd-ad.5.xml:236
 msgid ""
 "This option specifies LDAP access control filter that the user must match in "
 "order to be allowed access. Please note that the <quote>access_provider</"
@@ -11578,7 +11535,7 @@ msgstr ""
 "значення «ad», щоб цей параметр почав діяти."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:241
+#: sssd-ad.5.xml:244
 msgid ""
 "The option also supports specifying different filters per domain or forest. "
 "This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>.  "
@@ -11591,7 +11548,7 @@ msgstr ""
 "«FOREST» або ключове слово слід пропустити."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:249
+#: sssd-ad.5.xml:252
 msgid ""
 "If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</"
 "quote> specifies the domain or subdomain the filter applies to.  If the "
@@ -11604,7 +11561,7 @@ msgstr ""
 "вказаного значенням «НАЗВА»."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:257
+#: sssd-ad.5.xml:260
 msgid ""
 "Multiple filters can be separated with the <quote>?</quote> character, "
 "similarly to how search bases work."
@@ -11613,7 +11570,7 @@ msgstr ""
 "визначення фільтрів у базах для пошуку."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:262
+#: sssd-ad.5.xml:265
 msgid ""
 "Nested group membership must be searched for using a special OID "
 "<quote>:1.2.840.113556.1.4.1941:</quote> in addition to the full DOM:domain."
@@ -11635,7 +11592,7 @@ msgstr ""
 "відповідності у LDAP</ulink>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:275
+#: sssd-ad.5.xml:278
 msgid ""
 "The most specific match is always used. For example, if the option specified "
 "filter for a domain the user is a member of and a global filter, the per-"
@@ -11649,7 +11606,7 @@ msgstr ""
 "специфікацією, використовуватиметься лише перший з них."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ad.5.xml:286
+#: sssd-ad.5.xml:289
 #, no-wrap
 msgid ""
 "# apply filter on domain called dom1 only:\n"
@@ -11679,12 +11636,12 @@ msgstr ""
 "                        "
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:305
+#: sssd-ad.5.xml:308
 msgid "ad_site (string)"
 msgstr "ad_site (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:308
+#: sssd-ad.5.xml:311
 msgid ""
 "Specify AD site to which client should try to connect.  If this option is "
 "not provided, the AD site will be auto-discovered."
@@ -11693,12 +11650,12 @@ msgstr ""
 "вказано, виконуватиметься спроба автоматичного визначення сайта AD."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:319
+#: sssd-ad.5.xml:322
 msgid "ad_enable_gc (boolean)"
 msgstr "ad_enable_gc (булеве значення)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:322
+#: sssd-ad.5.xml:325
 msgid ""
 "By default, the SSSD connects to the Global Catalog first to retrieve users "
 "from trusted domains and uses the LDAP port to retrieve group memberships or "
@@ -11712,7 +11669,7 @@ msgstr ""
 "SSSD встановлюватиме зв’язок лише з портом LDAP поточного сервера AD."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:330
+#: sssd-ad.5.xml:333
 msgid ""
 "Please note that disabling Global Catalog support does not disable "
 "retrieving users from trusted domains. The SSSD would connect to the LDAP "
@@ -11727,12 +11684,12 @@ msgstr ""
 "групах для різних доменів."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:344
+#: sssd-ad.5.xml:347
 msgid "ad_gpo_access_control (string)"
 msgstr "ad_gpo_access_control (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:347
+#: sssd-ad.5.xml:350
 msgid ""
 "This option specifies the operation mode for GPO-based access control "
 "functionality: whether it operates in disabled mode, enforcing mode, or "
@@ -11747,7 +11704,7 @@ msgstr ""
 "«access_provider» значення «ad»."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:356
+#: sssd-ad.5.xml:359
 msgid ""
 "GPO-based access control functionality uses GPO policy settings to determine "
 "whether or not a particular user is allowed to logon to a particular host."
@@ -11757,15 +11714,19 @@ msgstr ""
 "користувач увійти до системи певного вузла мережі."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:362
+#: sssd-ad.5.xml:365
 msgid ""
 "NOTE: The current version of SSSD does not support host (computer) entries "
 "in the GPO 'Security Filtering' list. Only user and group entries are "
 "supported. Host entries in the list have no effect."
 msgstr ""
+"Зауваження: у поточній версії SSSD не передбачено підтримки записів вузлів "
+"(комп'ютерів) до списку «Фільтрування захисту» («Security Filtering») GPO. "
+"Передбачено підтримку лише записів користувачів і груп. Записи вузлів у "
+"списку ні на що не впливатимуть."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:369
+#: sssd-ad.5.xml:372
 msgid ""
 "NOTE: If the operation mode is set to enforcing, it is possible that users "
 "that were previously allowed logon access will now be denied logon access "
@@ -11788,12 +11749,12 @@ msgstr ""
 "режиму (enforcing)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:382
+#: sssd-ad.5.xml:385
 msgid "There are three supported values for this option:"
 msgstr "У цього параметра є три підтримуваних значення:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:386
+#: sssd-ad.5.xml:389
 msgid ""
 "disabled: GPO-based access control rules are neither evaluated nor enforced."
 msgstr ""
@@ -11801,14 +11762,14 @@ msgstr ""
 "використовуються примусово."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:392
+#: sssd-ad.5.xml:395
 msgid "enforcing: GPO-based access control rules are evaluated and enforced."
 msgstr ""
 "enforcing: правила керування доступом, засновані на GPO, обробляються і "
 "використовуються примусово."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:398
+#: sssd-ad.5.xml:401
 msgid ""
 "permissive: GPO-based access control rules are evaluated, but not enforced.  "
 "Instead, a syslog message will be emitted indicating that the user would "
@@ -11821,22 +11782,22 @@ msgstr ""
 "enforcing."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:409
+#: sssd-ad.5.xml:412
 msgid "Default: permissive"
 msgstr "Типове значення: permissive"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:412
+#: sssd-ad.5.xml:415
 msgid "Default: enforcing"
 msgstr "Типове значення: enforcing"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:418
+#: sssd-ad.5.xml:421
 msgid "ad_gpo_cache_timeout (integer)"
 msgstr "ad_gpo_cache_timeout (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:421
+#: sssd-ad.5.xml:424
 msgid ""
 "The amount of time between lookups of GPO policy files against the AD "
 "server. This will reduce the latency and load on the AD server if there are "
@@ -11847,12 +11808,12 @@ msgstr ""
 "короткого періоду часу надходить багато запитів щодо керування доступом."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:434
+#: sssd-ad.5.xml:437
 msgid "ad_gpo_map_interactive (string)"
 msgstr "ad_gpo_map_interactive (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:437
+#: sssd-ad.5.xml:440
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the InteractiveLogonRight and "
@@ -11863,7 +11824,7 @@ msgstr ""
 "InteractiveLogonRight і DenyInteractiveLogonRight."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:443
+#: sssd-ad.5.xml:446
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Allow "
 "log on locally\" and \"Deny log on locally\"."
@@ -11873,7 +11834,7 @@ msgstr ""
 "вхід» («Deny log on locally»)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:457
+#: sssd-ad.5.xml:460
 #, no-wrap
 msgid ""
 "ad_gpo_map_interactive = +my_pam_service, -login\n"
@@ -11883,7 +11844,7 @@ msgstr ""
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:448
+#: sssd-ad.5.xml:451
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -11902,79 +11863,79 @@ msgstr ""
 "\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:461 sssd-ad.5.xml:557 sssd-ad.5.xml:603 sssd-ad.5.xml:648
-#: sssd-ad.5.xml:714
+#: sssd-ad.5.xml:464 sssd-ad.5.xml:560 sssd-ad.5.xml:606 sssd-ad.5.xml:651
+#: sssd-ad.5.xml:717
 msgid "Default: the default set of PAM service names includes:"
 msgstr ""
 "Типове значення: типовий набір назв служб PAM складається з таких значень:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:465
+#: sssd-ad.5.xml:468
 msgid "login"
 msgstr "login"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:470
+#: sssd-ad.5.xml:473
 msgid "su"
 msgstr "su"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:475
+#: sssd-ad.5.xml:478
 msgid "su-l"
 msgstr "su-l"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:480
+#: sssd-ad.5.xml:483
 msgid "gdm-fingerprint"
 msgstr "gdm-fingerprint"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:485
+#: sssd-ad.5.xml:488
 msgid "gdm-password"
 msgstr "gdm-password"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:490
+#: sssd-ad.5.xml:493
 msgid "gdm-smartcard"
 msgstr "gdm-smartcard"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:495
+#: sssd-ad.5.xml:498
 msgid "kdm"
 msgstr "kdm"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:500
+#: sssd-ad.5.xml:503
 msgid "lightdm"
 msgstr "lightdm"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:505
+#: sssd-ad.5.xml:508
 msgid "lxdm"
 msgstr "lxdm"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:510
+#: sssd-ad.5.xml:513
 msgid "sddm"
 msgstr "sddm"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:515
+#: sssd-ad.5.xml:518
 msgid "unity"
 msgstr "unity"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:520
+#: sssd-ad.5.xml:523
 msgid "xdm"
 msgstr "xdm"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:529
+#: sssd-ad.5.xml:532
 msgid "ad_gpo_map_remote_interactive (string)"
 msgstr "ad_gpo_map_remote_interactive (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:532
+#: sssd-ad.5.xml:535
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the RemoteInteractiveLogonRight and "
@@ -11985,7 +11946,7 @@ msgstr ""
 "DenyRemoteInteractiveLogonRight."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:538
+#: sssd-ad.5.xml:541
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Allow "
 "log on through Remote Desktop Services\" and \"Deny log on through Remote "
@@ -11997,7 +11958,7 @@ msgstr ""
 "служб віддаленої стільниці» («Deny log on through Remote Desktop Services»)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:553
+#: sssd-ad.5.xml:556
 #, no-wrap
 msgid ""
 "ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n"
@@ -12007,7 +11968,7 @@ msgstr ""
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:544
+#: sssd-ad.5.xml:547
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -12026,22 +11987,22 @@ msgstr ""
 "\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:561
+#: sssd-ad.5.xml:564
 msgid "sshd"
 msgstr "sshd"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:566
+#: sssd-ad.5.xml:569
 msgid "cockpit"
 msgstr "cockpit"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:575
+#: sssd-ad.5.xml:578
 msgid "ad_gpo_map_network (string)"
 msgstr "ad_gpo_map_network (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:578
+#: sssd-ad.5.xml:581
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the NetworkLogonRight and "
@@ -12052,7 +12013,7 @@ msgstr ""
 "DenyNetworkLogonRight."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:584
+#: sssd-ad.5.xml:587
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Access "
 "this computer from the network\" and \"Deny access to this computer from the "
@@ -12064,7 +12025,7 @@ msgstr ""
 "мережі» (Deny access to this computer from the network»)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:599
+#: sssd-ad.5.xml:602
 #, no-wrap
 msgid ""
 "ad_gpo_map_network = +my_pam_service, -ftp\n"
@@ -12074,7 +12035,7 @@ msgstr ""
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:590
+#: sssd-ad.5.xml:593
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -12093,22 +12054,22 @@ msgstr ""
 "\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:607
+#: sssd-ad.5.xml:610
 msgid "ftp"
 msgstr "ftp"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:612
+#: sssd-ad.5.xml:615
 msgid "samba"
 msgstr "samba"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:621
+#: sssd-ad.5.xml:624
 msgid "ad_gpo_map_batch (string)"
 msgstr "ad_gpo_map_batch (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:624
+#: sssd-ad.5.xml:627
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the BatchLogonRight and DenyBatchLogonRight "
@@ -12119,7 +12080,7 @@ msgstr ""
 "DenyBatchLogonRight."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:630
+#: sssd-ad.5.xml:633
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Allow "
 "log on as a batch job\" and \"Deny log on as a batch job\"."
@@ -12129,7 +12090,7 @@ msgstr ""
 "job») і «Заборонити вхід як пакетне завдання» («Deny log on as a batch job»)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:644
+#: sssd-ad.5.xml:647
 #, no-wrap
 msgid ""
 "ad_gpo_map_batch = +my_pam_service, -crond\n"
@@ -12139,7 +12100,7 @@ msgstr ""
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:635
+#: sssd-ad.5.xml:638
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -12158,17 +12119,17 @@ msgstr ""
 "\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:652
+#: sssd-ad.5.xml:655
 msgid "crond"
 msgstr "crond"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:661
+#: sssd-ad.5.xml:664
 msgid "ad_gpo_map_service (string)"
 msgstr "ad_gpo_map_service (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:664
+#: sssd-ad.5.xml:667
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the ServiceLogonRight and "
@@ -12179,7 +12140,7 @@ msgstr ""
 "DenyServiceLogonRight."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:670
+#: sssd-ad.5.xml:673
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Allow "
 "log on as a service\" and \"Deny log on as a service\"."
@@ -12189,7 +12150,7 @@ msgstr ""
 "«Заборонити вхід як службу» («Deny log on as a service»)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:683
+#: sssd-ad.5.xml:686
 #, no-wrap
 msgid ""
 "ad_gpo_map_service = +my_pam_service\n"
@@ -12199,7 +12160,7 @@ msgstr ""
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:675 sssd-ad.5.xml:750
+#: sssd-ad.5.xml:678 sssd-ad.5.xml:753
 msgid ""
 "It is possible to add a PAM service name to the default set by using <quote>"
 "+service_name</quote>.  Since the default set is empty, it is not possible "
@@ -12216,12 +12177,12 @@ msgstr ""
 "\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:693
+#: sssd-ad.5.xml:696
 msgid "ad_gpo_map_permit (string)"
 msgstr "ad_gpo_map_permit (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:696
+#: sssd-ad.5.xml:699
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access is "
 "always granted, regardless of any GPO Logon Rights."
@@ -12230,7 +12191,7 @@ msgstr ""
 "основі GPO, незалежно від будь-яких прав входу GPO."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:710
+#: sssd-ad.5.xml:713
 #, no-wrap
 msgid ""
 "ad_gpo_map_permit = +my_pam_service, -sudo\n"
@@ -12240,7 +12201,7 @@ msgstr ""
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:701
+#: sssd-ad.5.xml:704
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -12259,32 +12220,32 @@ msgstr ""
 "type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:718
+#: sssd-ad.5.xml:721
 msgid "polkit-1"
 msgstr "polkit-1"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:723
+#: sssd-ad.5.xml:726
 msgid "sudo"
 msgstr "sudo"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:728
+#: sssd-ad.5.xml:731
 msgid "sudo-i"
 msgstr "sudo-i"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:733
+#: sssd-ad.5.xml:736
 msgid "systemd-user"
 msgstr "systemd-user"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:742
+#: sssd-ad.5.xml:745
 msgid "ad_gpo_map_deny (string)"
 msgstr "ad_gpo_map_deny (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:745
+#: sssd-ad.5.xml:748
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access is "
 "always denied, regardless of any GPO Logon Rights."
@@ -12293,7 +12254,7 @@ msgstr ""
 "на основі GPO, незалежно від будь-яких прав входу GPO."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:758
+#: sssd-ad.5.xml:761
 #, no-wrap
 msgid ""
 "ad_gpo_map_deny = +my_pam_service\n"
@@ -12303,12 +12264,12 @@ msgstr ""
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:768
+#: sssd-ad.5.xml:771
 msgid "ad_gpo_default_right (string)"
 msgstr "ad_gpo_default_right (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:771
+#: sssd-ad.5.xml:774
 msgid ""
 "This option defines how access control is evaluated for PAM service names "
 "that are not explicitly listed in one of the ad_gpo_map_* options. This "
@@ -12330,57 +12291,57 @@ msgstr ""
 "забороняла доступ для непов’язаних назв служб PAM."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:784
+#: sssd-ad.5.xml:787
 msgid "Supported values for this option include:"
 msgstr "Передбачені значення для цього параметра:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:788
+#: sssd-ad.5.xml:791
 msgid "interactive"
 msgstr "interactive"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:793
+#: sssd-ad.5.xml:796
 msgid "remote_interactive"
 msgstr "remote_interactive"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:798
+#: sssd-ad.5.xml:801
 msgid "network"
 msgstr "network"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:803
+#: sssd-ad.5.xml:806
 msgid "batch"
 msgstr "batch"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:808
+#: sssd-ad.5.xml:811
 msgid "service"
 msgstr "service"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:813
+#: sssd-ad.5.xml:816
 msgid "permit"
 msgstr "permit"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:818
+#: sssd-ad.5.xml:821
 msgid "deny"
 msgstr "deny"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:824
+#: sssd-ad.5.xml:827
 msgid "Default: deny"
 msgstr "Типове значення: deny"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:830
+#: sssd-ad.5.xml:833
 msgid "ad_maximum_machine_account_password_age (integer)"
 msgstr "ad_maximum_machine_account_password_age (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:833
+#: sssd-ad.5.xml:836
 msgid ""
 "SSSD will check once a day if the machine account password is older than the "
 "given age in days and try to renew it. A value of 0 will disable the renewal "
@@ -12391,24 +12352,17 @@ msgstr ""
 "Значення 0 вимкне спроби оновлення."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:839
+#: sssd-ad.5.xml:842
 msgid "Default: 30 days"
 msgstr "Типове значення: 30 днів"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:845
+#: sssd-ad.5.xml:848
 msgid "ad_machine_account_password_renewal_opts (string)"
 msgstr "ad_machine_account_password_renewal_opts (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:848
-#, fuzzy
-#| msgid ""
-#| "This option should only be used to test the machine account renewal task. "
-#| "The option expect 2 integers seperated by a colon (':'). The first "
-#| "integer defines the interval in seconds how often the task is run. The "
-#| "second specifies the inital timeout in seconds before the task is run for "
-#| "the first time after startup."
+#: sssd-ad.5.xml:851
 msgid ""
 "This option should only be used to test the machine account renewal task. "
 "The option expects 2 integers separated by a colon (':'). The first integer "
@@ -12417,18 +12371,18 @@ msgid ""
 "first time after startup."
 msgstr ""
 "Цей параметр має використовуватися лише для перевірки завдання із оновлення "
-"облікових записів комп'ютерів. Параметру слід передати 2 цілих числа, "
+"облікових записів комп'ютерів. Параметру слід передати  цілих числа, "
 "відокремлених двокрапкою («:»). Перше ціле число визначає інтервал у "
 "секундах між послідовними повторними виконаннями завдання з оновлення. Друге "
 "— визначає початковий час очікування на перший запуск завдання."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:857
+#: sssd-ad.5.xml:860
 msgid "Default: 86400:750 (24h and 15m)"
 msgstr "Типове значення: 86400:750 (24 годин і 15 хвилин)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:866
+#: sssd-ad.5.xml:869
 msgid ""
 "Optional. This option tells SSSD to automatically update the Active "
 "Directory DNS server with the IP address of this client. The update is "
@@ -12445,12 +12399,12 @@ msgstr ""
 "якщо цю адресу не було змінено за допомогою параметра «dyndns_iface»."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:896
+#: sssd-ad.5.xml:899
 msgid "Default: 3600 (seconds)"
 msgstr "Типове значення: 3600 (секунд)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:912
+#: sssd-ad.5.xml:915
 msgid ""
 "Default: Use the IP addresses of the interface which is used for AD LDAP "
 "connection"
@@ -12459,7 +12413,7 @@ msgstr ""
 "для з’єднання LDAP AD"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:925
+#: sssd-ad.5.xml:928
 msgid ""
 "How often should the back end perform periodic DNS update in addition to the "
 "automatic update performed when the back end goes online.  This option is "
@@ -12476,12 +12430,12 @@ msgstr ""
 "значення."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:948 sss_rpcidmapd.5.xml:76
+#: sssd-ad.5.xml:951 sss_rpcidmapd.5.xml:76
 msgid "Default: True"
 msgstr "Типове значення: True"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:1040
+#: sssd-ad.5.xml:1043
 msgid ""
 "The following example assumes that SSSD is correctly configured and example."
 "com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -12492,7 +12446,7 @@ msgstr ""
 "У прикладі продемонстровано лише параметри доступу, специфічні для засобу AD."
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:1047
+#: sssd-ad.5.xml:1050
 #, no-wrap
 msgid ""
 "[domain/EXAMPLE]\n"
@@ -12516,7 +12470,7 @@ msgstr ""
 "ad_domain = example.com\n"
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:1067
+#: sssd-ad.5.xml:1070
 #, no-wrap
 msgid ""
 "access_provider = ldap\n"
@@ -12528,7 +12482,7 @@ msgstr ""
 "ldap_account_expire_policy = ad\n"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:1063
+#: sssd-ad.5.xml:1066
 msgid ""
 "The AD access control provider checks if the account is expired.  It has the "
 "same effect as the following configuration of the LDAP provider: "
@@ -12540,7 +12494,7 @@ msgstr ""
 "\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:1073
+#: sssd-ad.5.xml:1076
 msgid ""
 "However, unless the <quote>ad</quote> access control provider is explicitly "
 "configured, the default access provider is <quote>permit</quote>. Please "
@@ -12555,7 +12509,7 @@ msgstr ""
 "шифрування) вручну."
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:1081
+#: sssd-ad.5.xml:1084
 msgid ""
 "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
 "attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
@@ -12565,8 +12519,8 @@ msgstr ""
 "використовується схема прив'язки атрибутів RFC2307 (nisMap, nisObject, ...), "
 "оскільки ці атрибути включено до типової схеми Active Directory."
 
-#. type: Content of: <reference><refentry><refmeta><refentrytitle>
-#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 sssd-session-recording.5.xml:10
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16
 msgid "sssd-sudo"
 msgstr "sssd-sudo"
 
@@ -12987,13 +12941,13 @@ msgstr ""
 msgid ""
 "This option is deprecated. It is replaced by <option>--logger=files</option>."
 msgstr ""
+"Цей параметр вважається застарілим. Його замінено параметром <option>--"
+"logger=files</option>."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sssd.8.xml:101
-#, fuzzy
-#| msgid "<option>--debug</option> <replaceable>LEVEL</replaceable>"
 msgid "<option>--logger=</option><replaceable>value</replaceable>"
-msgstr "<option>--debug</option> <replaceable>РІВЕНЬ</replaceable>"
+msgstr "<option>--logger=</option><replaceable>значення</replaceable>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd.8.xml:105
@@ -13002,41 +12956,39 @@ msgid ""
 "of the deprecated option <option>--debug-to-files</option>. The deprecated "
 "option will still work if the <option>--logger</option> is not used."
 msgstr ""
+"Місце, куди SSSD надсилатиме повідомлення журналу. Значення цього параметра "
+"має вищий пріоритет за значення застарілого параметра <option>--debug-to-"
+"files</option>. Застарілий параметр працюватиме, якщо не використано "
+"параметр <option>--logger</option>."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd.8.xml:112
-#, fuzzy
-#| msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages"
 msgid ""
 "<emphasis>stderr</emphasis>: Redirect debug messages to standard error "
 "output."
 msgstr ""
-"<emphasis>1</emphasis>: додати часову позначку до діагностичних повідомлень."
+"<emphasis>stderr</emphasis>: переспрямувати діагностичні повідомлення до "
+"стандартного виведення помилок."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd.8.xml:116
-#, fuzzy
-#| msgid ""
-#| "Send the debug output to files instead of stderr. By default, the log "
-#| "files are stored in <filename>/var/log/sssd</filename> and there are "
-#| "separate log files for every SSSD service and domain."
 msgid ""
 "<emphasis>files</emphasis>: Redirect debug messages to the log files. By "
 "default, the log files are stored in <filename>/var/log/sssd</filename> and "
 "there are separate log files for every SSSD service and domain."
 msgstr ""
-"Надіслати діагностичні дані до файлів, а не до stderr. Типово файли журналів "
-"зберігаються у <filename>/var/log/sssd</filename>, передбачено також окремий "
-"журнал для кожної служби і домену SSSD."
+"<emphasis>files</emphasis>: переспрямувати діагностичні повідомлення до "
+"файлів журналу. Типово файли журналів зберігаються у <filename>/var/log/"
+"sssd</filename>, передбачено також окремий журнал для кожної служби і домену "
+"SSSD."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd.8.xml:122
-#, fuzzy
-#| msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages"
 msgid ""
 "<emphasis>journald</emphasis>: Redirect debug messages to systemd-journald"
 msgstr ""
-"<emphasis>1</emphasis>: додати часову позначку до діагностичних повідомлень."
+"<emphasis>journald</emphasis>: переспрямувати діагностичні повідомлення до "
+"systemd-journald"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sssd.8.xml:132
@@ -13244,7 +13196,7 @@ msgstr ""
 "Пароль для заплутування буде прочитано зі стандартного джерела вхідних даних."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:70
+#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:127
 #: sss_ssh_knownhostsproxy.1.xml:78
 msgid ""
 "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
@@ -15157,10 +15109,8 @@ msgstr "sss_debuglevel"
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sss_debuglevel.8.xml:16
-#, fuzzy
-#| msgid "change debug level while SSSD is running"
 msgid "[DEPRECATED] change debug level while SSSD is running"
-msgstr "змінити рівень діагностики протягом сеансу роботи з SSSD"
+msgstr "[ЗАСТАРІЛИЙ] змінити рівень діагностики протягом сеансу роботи з SSSD"
 
 #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
 #: sss_debuglevel.8.xml:21
@@ -15180,6 +15130,9 @@ msgid ""
 "debug-level command. Please refer to the <command>sssctl</command> man page "
 "for more information on sssctl usage."
 msgstr ""
+"<command>sss_debuglevel</command> вважається застарілим, його замінено "
+"командою debug-level sssctl. Будь ласка, зверніться до сторінки підручника "
+"щодо <command>sssctl</command>, щоб дізнатися більше про використання sssctl."
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sss_seed.8.xml:10 sss_seed.8.xml:15
@@ -15782,8 +15735,100 @@ msgstr ""
 "<manvolnum>5</manvolnum></citerefentry>: <placeholder type=\"programlisting"
 "\" id=\"0\"/>"
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sss_ssh_authorizedkeys.1.xml:65
+msgid "KEYS FROM CERTIFICATES"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:67
+msgid ""
+"In addition to the public SSH keys for user <replaceable>USER</replaceable> "
+"<command>sss_ssh_authorizedkeys</command> can return public SSH keys derived "
+"from the public key of a X.509 certificate as well."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:73
+msgid ""
+"To enable this the <quote>ssh_use_certificate_keys</quote> option must be "
+"set to true (default) in the [ssh] section of <filename>sssd.conf</"
+"filename>. If the user entry contains certificates (see "
+"<quote>ldap_user_certificate</quote> in <citerefentry><refentrytitle>sssd-"
+"ldap</refentrytitle> <manvolnum>5</manvolnum></citerefentry> for details) or "
+"there is a certificate in an override entry for the user (see "
+"<citerefentry><refentrytitle>sss_override</refentrytitle> <manvolnum>8</"
+"manvolnum></citerefentry> or <citerefentry><refentrytitle>sssd-ipa</"
+"refentrytitle> <manvolnum>5</manvolnum></citerefentry> for details) and the "
+"certificate is valid SSSD will extract the public key from the certificate "
+"and convert it into the format expected by sshd."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:90
+msgid "Besides <quote>ssh_use_certificate_keys</quote> the options"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+#: sss_ssh_authorizedkeys.1.xml:92
+msgid "ca_db"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+#: sss_ssh_authorizedkeys.1.xml:93
+#, fuzzy
+#| msgid "p11_child_timeout (integer)"
+msgid "p11_child_timeout"
+msgstr "p11_child_timeout (ціле число)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+#: sss_ssh_authorizedkeys.1.xml:94
+#, fuzzy
+#| msgid "certificate_verification (string)"
+msgid "certificate_verification"
+msgstr "certificate_verification (рядок)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:96
+#, fuzzy
+#| msgid ""
+#| "Please refer to the <quote>dns_discovery_domain</quote> parameter in the "
+#| "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+#| "manvolnum> </citerefentry> manual page for more details."
+msgid ""
+"can be used to control how the certificates are validated (see "
+"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry> for details)."
+msgstr ""
+"З докладнішими відомостями щодо параметра «dns_discovery_domain» можна "
+"ознайомитися на сторінці підручника (man) <citerefentry> <refentrytitle>sssd."
+"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:101
+msgid ""
+"The validation is the benefit of using X.509 certificates instead of SSH "
+"keys directly because e.g. it gives a better control of the lifetime of the "
+"keys. When the ssh client is configured to use the private keys from a "
+"Smartcard with the help of a PKCS#11 shared library (see "
+"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></"
+"citerefentry> for details) it might be irritating that authentication is "
+"still working even if the related X.509 certificate on the Smartcard is "
+"already expired because neither <command>ssh</command> nor <command>sshd</"
+"command> will look at the certificate at all."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:114
+msgid ""
+"It has to be noted that the derived public SSH key can still be added to the "
+"<filename>authorized_keys</filename> file of the user to bypass the "
+"certificate validation if the <command>sshd</command> configuration permits "
+"this."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_authorizedkeys.1.xml:75
+#: sss_ssh_authorizedkeys.1.xml:132
 msgid ""
 "Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
 msgstr ""
@@ -15791,12 +15836,12 @@ msgstr ""
 "replaceable>."
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_authorizedkeys.1.xml:84 sss_ssh_knownhostsproxy.1.xml:92
+#: sss_ssh_authorizedkeys.1.xml:141 sss_ssh_knownhostsproxy.1.xml:92
 msgid "EXIT STATUS"
 msgstr "СТАН ВИХОДУ"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:86 sss_ssh_knownhostsproxy.1.xml:94
+#: sss_ssh_authorizedkeys.1.xml:143 sss_ssh_knownhostsproxy.1.xml:94
 msgid ""
 "In case of success, an exit value of 0 is returned. Otherwise, 1 is returned."
 msgstr ""
@@ -15909,8 +15954,6 @@ msgstr "idmap_sss"
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: idmap_sss.8.xml:16
-#, fuzzy
-#| msgid "SSSSD's idmap_sss Backend for Winbind"
 msgid "SSSD's idmap_sss Backend for Winbind"
 msgstr "Модуль idmap_sss SSSD для Winbind"
 
@@ -16065,14 +16108,65 @@ msgstr ""
 "інтерфейсів SSSD, зокрема <citerefentry> <refentrytitle>sssd-ifp</"
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
 
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-files.5.xml:69
+#, fuzzy
+#| msgid "pwfield (string)"
+msgid "passwd_files (string)"
+msgstr "pwfield (рядок)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:72
+msgid ""
+"Comma-separated list of one or multiple password filenames to be read and "
+"enumerated by the files provider, inotify monitor watches will be set on "
+"each file to detect changes dynamically."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:78
+#, fuzzy
+#| msgid "Default: /etc/pki/nssdb"
+msgid "Default: /etc/passwd"
+msgstr "Типове значення: /etc/pki/nssdb"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-files.5.xml:84
+#, fuzzy
+#| msgid "groups (string)"
+msgid "group_files (string)"
+msgstr "groups (рядок)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:87
+msgid ""
+"Comma-separated list of one or multiple group filenames to be read and "
+"enumerated by the files provider, inotify monitor watches will be set on "
+"each file to detect changes dynamically."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:93
+#, fuzzy
+#| msgid "Default: nisNetgroup"
+msgid "Default: /etc/group"
+msgstr "Типове значення: nisNetgroup"
+
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-files.5.xml:59
-msgid ""
-"The files provider has no specific options of its own, however, generic SSSD "
-"domain options can be set where applicable.  Refer to the section "
-"<quote>DOMAIN SECTIONS</quote> of the <citerefentry> <refentrytitle>sssd."
-"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page "
-"for details on the configuration of an SSSD domain."
+#, fuzzy
+#| msgid ""
+#| "The files provider has no specific options of its own, however, generic "
+#| "SSSD domain options can be set where applicable.  Refer to the section "
+#| "<quote>DOMAIN SECTIONS</quote> of the <citerefentry> <refentrytitle>sssd."
+#| "conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page "
+#| "for details on the configuration of an SSSD domain."
+msgid ""
+"In addition to the options listed below, generic SSSD domain options can be "
+"set where applicable.  Refer to the section <quote>DOMAIN SECTIONS</quote> "
+"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> manual page for details on the configuration of "
+"an SSSD domain.  <placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 "Засіб надання даних файлів не має власних специфічних параметрів. Втім, "
 "можна використовувати загальні параметри доменів SSSD там, де це є доречним. "
@@ -16082,7 +16176,7 @@ msgstr ""
 "SSSD. "
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-files.5.xml:73
+#: sssd-files.5.xml:105
 msgid ""
 "The following example assumes that SSSD is correctly configured and files is "
 "one of the domains in the <replaceable>[sssd]</replaceable> section."
@@ -16092,7 +16186,7 @@ msgstr ""
 "replaceable>."
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-files.5.xml:79
+#: sssd-files.5.xml:111
 #, no-wrap
 msgid ""
 "[domain/files]\n"
@@ -16147,15 +16241,6 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-secrets.5.xml:45
-#, fuzzy
-#| msgid ""
-#| "The <ulink url=\"https://github.com/latchset/custodia\">custodia</ulink> "
-#| "project was born to deal with this problem in cloud like environments, "
-#| "but we found the idea compelling even at a single system level. As a "
-#| "security service, SSSD is ideal to host this capability while offering "
-#| "the same API via a Unix Socket. This will make it possible to use local "
-#| "calls and have them transparently routed to a local or a remote key "
-#| "management store like IPA Vault for storage, escrow and recovery."
 msgid ""
 "The <ulink url=\"https://github.com/latchset/custodia\">custodia</ulink> "
 "project was born to deal with this problem in cloud like environments, but "
@@ -16170,7 +16255,7 @@ msgstr ""
 "але нам ця ідея здалася вартою уваги навіть на рівні окремої ізольованої "
 "системи. Як служба захисту, SSSD є ідеальним місцем для реалізації такої "
 "можливості з доступом до відповідного програмного інтерфейсу через сокети "
-"Unix. Така реалізація уможливлює використання локальних викликів і належну "
+"UNIX. Така реалізація уможливлює використання локальних викликів і належну "
 "маршрутизацію до локального або віддаленого сховища ключів, зокрема сховища "
 "IPA, для зберігання, депонування і відновлення даних."
 
@@ -16190,37 +16275,27 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-secrets.5.xml:69
-#, fuzzy
-#| msgid "sssd-secrets"
 msgid "secrets"
-msgstr "sssd-secrets"
+msgstr "secrets"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-secrets.5.xml:70
 msgid "secrets for general usage"
-msgstr ""
+msgstr "записи реєстраційних даних для загального використання"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-secrets.5.xml:73
-#, fuzzy
-#| msgid "kdm"
 msgid "kcm"
-msgstr "kdm"
+msgstr "kcm"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-secrets.5.xml:75
-#, fuzzy
-#| msgid ""
-#| "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
-#| "<manvolnum>8</manvolnum> </citerefentry> to specify the default "
-#| "permissions on a newly created home directory."
 msgid ""
 "used by the <citerefentry> <refentrytitle>sssd-kcm</refentrytitle> "
 "<manvolnum>8</manvolnum> </citerefentry> service."
 msgstr ""
-"Використовується <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
-"<manvolnum>8</manvolnum> </citerefentry> для визначення типових прав доступу "
-"до щойно створеного домашнього каталогу."
+"використовується службою <citerefentry> <refentrytitle>sssd-kcm</"
+"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-secrets.5.xml:61
@@ -16232,6 +16307,13 @@ msgid ""
 "configuration subsection named after the hive. The currently supported hives "
 "are: <placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
+"Оскільки відповідач реєстраційних даних може використовуватися ззовні для "
+"зберігання загальних реєстраційних даних, як це описано у решті цієї "
+"сторінки підручника, і всередині іншими компонентами SSSD для зберігання "
+"власних реєстраційних даних, можна налаштувати деякі параметри, зокрема "
+"квоти для окремих записів <quote>hive</quote> у підрозділі налаштувань із "
+"назвою відповідного рою. Підтримувані у поточній версії рої: <placeholder "
+"type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd-secrets.5.xml:89
@@ -16311,6 +16393,11 @@ msgid ""
 "in <filename>sssd.conf</filename>. Please note that some options, notably as "
 "the provider type, can only be specified in the per-user subsections."
 msgstr ""
+"Відповідач реєстраційних даних налаштовується за допомогою загального "
+"розділу <quote>[secrets]</quote> і необов'язкових розділів <quote>[secrets/"
+"users/$uid]</quote> для окремих користувачів у <filename>sssd.conf</"
+"filename>. Будь ласка, зауважте, що деякі параметра, зокрема тип "
+"постачальника даних, можна вказати лише у підрозділах окремих користувачів."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sssd-secrets.5.xml:141
@@ -16350,15 +16437,6 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd-secrets.5.xml:144
-#, fuzzy
-#| msgid ""
-#| "This option specifies where should the secrets be stored. The secrets "
-#| "responder can configure a per-user subsections that define which provider "
-#| "store the secrets for this particular user. The per-user subsections "
-#| "should contain all options for that user's provider. If a per-user "
-#| "section does not exist, the global settings from the secret responder's "
-#| "section are used.  The following providers are supported: <placeholder "
-#| "type=\"variablelist\" id=\"0\"/>"
 msgid ""
 "This option specifies where should the secrets be stored. The secrets "
 "responder can configure a per-user subsections (e.g. <quote>[secrets/"
@@ -16371,13 +16449,16 @@ msgid ""
 "\"variablelist\" id=\"0\"/>"
 msgstr ""
 "Цей параметр визначає, де слід зберігати реєстраційні дані. Відповідач "
-"реєстраційних даних може налаштувати підрозділи для окремих користувачів, "
-"які визначатимуть, яке сховище відповідача зберігатиме дані певного "
-"користувача. Підрозділи окремих користувачів мають містити усі параметри "
-"відповідного засобу надання даних користувача. Якщо окремого підрозділу "
-"користувача не існує, буде використано загальні параметри відповідача "
-"реєстраційних даних. Передбачено підтримку таких відповідачів: <placeholder "
-"type=\"variablelist\" id=\"0\"/>"
+"реєстраційних даних може налаштувати підрозділи для окремих користувачів "
+"(наприклад, <quote>[secrets/users/123]</quote> — див. нижню частину цієї "
+"сторінки підручників, де наведено повний приклад використання Custodia для "
+"окремого користувача), які визначатимуть, яке сховище відповідача "
+"зберігатиме дані певного користувача. Підрозділи окремих користувачів мають "
+"містити усі параметри відповідного засобу надання даних користувача. Будь "
+"ласка, зауважте, що у поточній версії загальний постачальних даних з завжди "
+"локальним, а проміжного постачальника можна вказати лише для окремого "
+"користувача у відповідному розділі. Передбачено підтримку таких "
+"відповідачів: <placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd-secrets.5.xml:180
@@ -16391,6 +16472,9 @@ msgid ""
 "therefore should be set in a per-hive subsection. Setting the option to 0 "
 "means \"unlimited\"."
 msgstr ""
+"Наведені нижче параметри стосуються лише записів реєстраційних даних "
+"<quote>hive</quote> і тому їх слід встановлювати у підрозділах окремих роїв. "
+"Встановлення значення параметра 0 означає «без обмежень»."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sssd-secrets.5.xml:192
@@ -16415,44 +16499,36 @@ msgstr "max_secrets (ціле значення)"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd-secrets.5.xml:207
-#, fuzzy
-#| msgid ""
-#| "This option specifies the maximum number of secrets that can be stored."
 msgid ""
 "This option specifies the maximum number of secrets that can be stored in "
 "the hive."
 msgstr ""
 "Цей параметр визначає максимальну кількість записів реєстраційних даних, які "
-"можна зберігати."
+"можна зберігати у рою."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd-secrets.5.xml:211
 msgid "Default: 1024 (secrets hive), 256 (kcm hive)"
-msgstr ""
+msgstr "Типове значення: 1024 (рій реєстраційних даних), 256 (рій kcm)"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sssd-secrets.5.xml:216
-#, fuzzy
-#| msgid "max_secrets (integer)"
 msgid "max_uid_secrets (integer)"
-msgstr "max_secrets (ціле значення)"
+msgstr "max_uid_secrets (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd-secrets.5.xml:219
-#, fuzzy
-#| msgid ""
-#| "This option specifies the maximum number of secrets that can be stored."
 msgid ""
 "This option specifies the maximum number of secrets that can be stored per-"
 "UID in the hive."
 msgstr ""
 "Цей параметр визначає максимальну кількість записів реєстраційних даних, які "
-"можна зберігати."
+"можна зберігати окремо для різних UID у рою."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd-secrets.5.xml:223
 msgid "Default: 256 (secrets hive), 64 (kcm hive)"
-msgstr ""
+msgstr "Типове значення: 256 (рій реєстраційних даних), 64 (рій kcm)"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sssd-secrets.5.xml:228
@@ -16472,6 +16548,7 @@ msgstr ""
 #: sssd-secrets.5.xml:235
 msgid "Default: 16 (secrets hive), 65536 (64 MiB) (kcm hive)"
 msgstr ""
+"Типове значення: 16 (рій реєстраційних даних), 65536 (64 МіБ) (рій kcm)"
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
 #: sssd-secrets.5.xml:244
@@ -16484,21 +16561,22 @@ msgid ""
 "max_payload_size = 256\n"
 "            "
 msgstr ""
+"[secrets/secrets]\n"
+"max_payload_size = 128\n"
+"\n"
+"[secrets/kcm]\n"
+"max_payload_size = 256\n"
+"            "
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-secrets.5.xml:241
-#, fuzzy
-#| msgid ""
-#| "To manipulate secrets under this container, just nest the secrets "
-#| "underneath the container path: <placeholder type=\"programlisting\" id="
-#| "\"0\"/>"
 msgid ""
 "For example, to adjust quotas differently for both the <quote>secrets</"
 "quote> and the <quote>kcm</quote> hives, configure the following: "
 "<placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
-"Щоб працювати із записами реєстраційних даних у цьому контейнері, просто "
-"вкладіть записи реєстраційних даних до шляху контейнера: <placeholder type="
+"Наприклад, щоб встановити різні квоти для роїв <quote>secrets</quote> та "
+"<quote>kcm</quote>, скористайтеся такими рядками: <placeholder type="
 "\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
@@ -17140,27 +17218,17 @@ msgstr ""
 "        "
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-session-recording.5.xml:16
+#: sssd-session-recording.5.xml:10 sssd-session-recording.5.xml:16
 msgid "sssd-session-recording"
-msgstr ""
+msgstr "sssd-session-recording"
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sssd-session-recording.5.xml:17
-#, fuzzy
-#| msgid "Configuring sudo to cooperate with SSSD"
 msgid "Configuring session recording with SSSD"
-msgstr "Налаштовування sudo на співпрацю з SSSD"
+msgstr "Налаштовування записів сеансів за допомогою SSSD"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-session-recording.5.xml:23
-#, fuzzy
-#| msgid ""
-#| "This manual page describes the configuration of the simple access-control "
-#| "provider for <citerefentry> <refentrytitle>sssd</refentrytitle> "
-#| "<manvolnum>8</manvolnum> </citerefentry>.  For a detailed syntax "
-#| "reference, refer to the <quote>FILE FORMAT</quote> section of the "
-#| "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-#| "manvolnum> </citerefentry> manual page."
 msgid ""
 "This manual page describes how to configure <citerefentry> "
 "<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> "
@@ -17171,12 +17239,15 @@ msgid ""
 "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
 "<manvolnum>5</manvolnum> </citerefentry> manual page."
 msgstr ""
-"На цій сторінці довідника описано налаштування простого засобу керування "
-"доступом для <citerefentry> <refentrytitle>sssd</refentrytitle> "
-"<manvolnum>8</manvolnum> </citerefentry>. Щоб дізнатися більше про синтаксис "
-"налаштування, зверніться до розділу «ФОРМАТ ФАЙЛА» сторінки довідника "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry>."
+"На цій сторінці підручника описано налаштовування <citerefentry> "
+"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> "
+"на роботу з <citerefentry> <refentrytitle>tlog-rec-session</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry>, частиною пакунка tlog, для "
+"реалізації записування сеансів користувачів у текстових терміналах. "
+"Докладний довідник щодо синтаксису налаштувань можна знайти у розділі "
+"<quote>ФОРМАТ ФАЙЛА</quote> сторінки підручника з <citerefentry> "
+"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-session-recording.5.xml:41
@@ -17187,6 +17258,12 @@ msgid ""
 "tlog-rec-session is started upon user login, so it can record according to "
 "its configuration."
 msgstr ""
+"SSSD можна налаштувати так, щоб уможливити запис усіх даних, які бачать або "
+"вводять протягом сеансу у текстових терміналах вказані користувачі. "
+"Наприклад, можна записувати дані щодо входу користувачів за допомогою "
+"консолі або SSH. Сама SSSD нічого не записує, а лише забезпечує запуск tlog-"
+"rec-session під час входу до системи користувача, щоб можна було здійснювати "
+"запис відповідно до налаштувань."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-session-recording.5.xml:48
@@ -17197,14 +17274,17 @@ msgid ""
 "tlog-rec-session can be started in place of the user shell, and know which "
 "actual shell to start, once it set up the recording."
 msgstr ""
+"Для користувачів, для яких увімкнено запис сеансів, SSSD замінює командну "
+"оболонку користувача на tlog-rec-session у відповідях NSS і додає змінну, "
+"яка вказує на початкову командну оболонку до середовища користувача у "
+"налаштування сеансу PAM. Таким чином забезпечується запуск tlog-rec-session "
+"замість командної оболонки користувача і надання даних про те, яку командну "
+"оболонку слід запустити, щойно розпочнеться записування."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-session-recording.5.xml:60
-#, fuzzy
-#| msgid "These options can be used to configure the PAC responder."
 msgid "These options can be used to configure the session recording."
-msgstr ""
-"Цими параметрами можна скористатися для налаштовування відповідача PAC."
+msgstr "Цими параметрами можна скористатися для налаштовування запису сеансів."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-session-recording.5.xml:146
@@ -17212,6 +17292,8 @@ msgid ""
 "The following snippet of sssd.conf enables session recording for users "
 "\"contractor1\" and \"contractor2\", and group \"students\"."
 msgstr ""
+"У наведеному нижче фрагменті файла sssd.conf увімкнено запис сеансів для "
+"користувачів contractor1 і contractor2» та групи students."
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
 #: sssd-session-recording.5.xml:151
@@ -17222,6 +17304,10 @@ msgid ""
 "users = contractor1, contractor2\n"
 "groups = students\n"
 msgstr ""
+"[session_recording]\n"
+"scope = some\n"
+"users = contractor1, contractor2\n"
+"groups = students\n"
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sssd-kcm.8.xml:10 sssd-kcm.8.xml:16
@@ -17378,12 +17464,7 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
 #: sssd-kcm.8.xml:113
-#, fuzzy, no-wrap
-#| msgid ""
-#| "systemctl start sssd-kcm.socket\n"
-#| "systemctl enable sssd-kcm.socket\n"
-#| "systemctl enable sssd-kcm.service\n"
-#| "            "
+#, no-wrap
 msgid ""
 "systemctl start sssd-kcm.socket\n"
 "systemctl enable sssd-kcm.socket\n"
@@ -17391,7 +17472,6 @@ msgid ""
 msgstr ""
 "systemctl start sssd-kcm.socket\n"
 "systemctl enable sssd-kcm.socket\n"
-"systemctl enable sssd-kcm.service\n"
 "            "
 
 #. type: Content of: <reference><refentry><refsect1><para>
@@ -17421,12 +17501,7 @@ msgstr "СХОВИЩЕ КЕШУ РЕЄСТРАЦІЙНИХ ДАНИХ"
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
 #: sssd-kcm.8.xml:131
-#, fuzzy, no-wrap
-#| msgid ""
-#| "systemctl start sssd-secrets.socket\n"
-#| "systemctl enable sssd-secrets.socket\n"
-#| "systemctl enable sssd-secrets.service\n"
-#| "            "
+#, no-wrap
 msgid ""
 "systemctl start sssd-secrets.socket\n"
 "systemctl enable sssd-secrets.socket\n"
@@ -17434,7 +17509,6 @@ msgid ""
 msgstr ""
 "systemctl start sssd-secrets.socket\n"
 "systemctl enable sssd-secrets.socket\n"
-"systemctl enable sssd-secrets.service\n"
 "            "
 
 #. type: Content of: <reference><refentry><refsect1><para>
@@ -17522,31 +17596,24 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sssd-systemtap.5.xml:10 sssd-systemtap.5.xml:16
-#, fuzzy
-#| msgid "sssd-simple"
 msgid "sssd-systemtap"
-msgstr "sssd-simple"
+msgstr "sssd-systemtap"
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sssd-systemtap.5.xml:17
 msgid "SSSD systemtap information"
-msgstr ""
+msgstr "Дані systemtap SSSD"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-systemtap.5.xml:23
-#, fuzzy
-#| msgid ""
-#| "The detailed instructions for configuration of sudo_provider are in the "
-#| "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
-#| "<manvolnum>5</manvolnum> </citerefentry>."
 msgid ""
 "This manual page provides information about the systemtap functionality in "
 "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
 "</citerefentry>."
 msgstr ""
-"Докладні настанов щодо налаштовування sudo_provider можна знайти на сторінці "
-"довідника (man) <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry>."
+"Цю сторінку підручника присвячено функціональним можливостям systemtap у "
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-systemtap.5.xml:32
@@ -17554,11 +17621,14 @@ msgid ""
 "SystemTap Probe points have been added into various locations in SSSD code "
 "to assist in troubleshooting and analyzing performance related issues."
 msgstr ""
+"Точки зондування SystemTap додано до різноманітних частин коду SSSD, щоб "
+"полегшити усування вад та аналіз пов'язаних зі швидкодією проблем."
 
 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
 #: sssd-systemtap.5.xml:40
 msgid "Sample SystemTap scripts are provided in /usr/share/sssd/systemtap/"
 msgstr ""
+"Зразки скриптів SystemTap зберігаються у каталозі /usr/share/sssd/systemtap/"
 
 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
 #: sssd-systemtap.5.xml:46
@@ -17567,11 +17637,13 @@ msgid ""
 "tapset/sssd.stp and /usr/share/systemtap/tapset/sssd_functions.stp "
 "respectively."
 msgstr ""
+"Зонди і різноманітні функції визначено у /usr/share/systemtap/tapset/sssd."
+"stp і /usr/share/systemtap/tapset/sssd_functions.stp, відповідно."
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd-systemtap.5.xml:57
 msgid "PROBE POINTS"
-msgstr ""
+msgstr "ТОЧКИ ЗОНДУВАННЯ"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 #: sssd-systemtap.5.xml:59 sssd-systemtap.5.xml:341
@@ -17579,18 +17651,18 @@ msgid ""
 "The information below lists the probe points and arguments available in the "
 "following format:"
 msgstr ""
+"Дані у наведених нижче списках точок зондування та аргументів записано у "
+"такому форматі:"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sssd-systemtap.5.xml:64
-#, fuzzy
-#| msgid "realm name"
 msgid "probe $name"
-msgstr "назва області"
+msgstr "зонд $назва"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd-systemtap.5.xml:67
 msgid "Description of probe point"
-msgstr ""
+msgstr "Опис точки зондування"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><programlisting>
 #: sssd-systemtap.5.xml:70
@@ -17602,22 +17674,27 @@ msgid ""
 "...\n"
 "                        "
 msgstr ""
+"змінна1:тип даних\n"
+"змінна2:тип даних\n"
+"змінна3:тип даних\n"
+"...\n"
+"                        "
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
 #: sssd-systemtap.5.xml:80
 msgid "Database Transaction Probes"
-msgstr ""
+msgstr "Зонди операцій із базою даних"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sssd-systemtap.5.xml:84
 msgid "probe sssd_transaction_start"
-msgstr ""
+msgstr "зонд sssd_transaction_start"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd-systemtap.5.xml:87
 msgid ""
 "Start of a sysdb transaction, probes the sysdb_transaction_start() function."
-msgstr ""
+msgstr "Розпочати операцію sysdb, зондує функцію sysdb_transaction_start()."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
 #: sssd-systemtap.5.xml:91 sssd-systemtap.5.xml:105 sssd-systemtap.5.xml:118
@@ -17628,11 +17705,14 @@ msgid ""
 "probestr:string\n"
 "                        "
 msgstr ""
+"nesting:ціле число\n"
+"probestr:рядок\n"
+"                        "
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sssd-systemtap.5.xml:97
 msgid "probe sssd_transaction_cancel"
-msgstr ""
+msgstr "зонд sssd_transaction_cancel"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd-systemtap.5.xml:100
@@ -17640,43 +17720,42 @@ msgid ""
 "Cancellation of a sysdb transaction, probes the sysdb_transaction_cancel()  "
 "function."
 msgstr ""
+"Скасовування операції sysdb, зондує функцію sysdb_transaction_cancel() ."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sssd-systemtap.5.xml:111
 msgid "probe sssd_transaction_commit_before"
-msgstr ""
+msgstr "зонд sssd_transaction_commit_before"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd-systemtap.5.xml:114
 msgid "Probes the sysdb_transaction_commit_before()  function."
-msgstr ""
+msgstr "Зондує функцію sysdb_transaction_commit_before()."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sssd-systemtap.5.xml:124
 msgid "probe sssd_transaction_commit_after"
-msgstr ""
+msgstr "зонд sssd_transaction_commit_after"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd-systemtap.5.xml:127
 msgid "Probes the sysdb_transaction_commit_after()  function."
-msgstr ""
+msgstr "Зондує функцію sysdb_transaction_commit_after()."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
 #: sssd-systemtap.5.xml:141
 msgid "LDAP Search Probes"
-msgstr ""
+msgstr "Зонди пошуку у LDAP"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sssd-systemtap.5.xml:145
-#, fuzzy
-#| msgid "ldap_search_base,"
 msgid "probe sdap_search_send"
-msgstr "ldap_search_base,"
+msgstr "зонд sdap_search_send"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd-systemtap.5.xml:148
 msgid "Probes the sdap_get_generic_ext_send()  function."
-msgstr ""
+msgstr "Зондує функцію sdap_get_generic_ext_send()."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
 #: sssd-systemtap.5.xml:152 sssd-systemtap.5.xml:167 sssd-systemtap.5.xml:196
@@ -17688,28 +17767,31 @@ msgid ""
 "probestr:string\n"
 "                        "
 msgstr ""
+"base:рядок\n"
+"scope:ціле число\n"
+"filter:рядок\n"
+"probestr:рядок\n"
+"                        "
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sssd-systemtap.5.xml:160
-#, fuzzy
-#| msgid "ldap_search_base,"
 msgid "probe sdap_search_recv"
-msgstr "ldap_search_base,"
+msgstr "зонд sdap_search_recv"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd-systemtap.5.xml:163
 msgid "Probes the sdap_get_generic_ext_recv()  function."
-msgstr ""
+msgstr "Зондує функцію sdap_get_generic_ext_recv()."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sssd-systemtap.5.xml:175
 msgid "probe sdap_deref_send"
-msgstr ""
+msgstr "зонд sdap_deref_send"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd-systemtap.5.xml:178
 msgid "Probes the sdap_deref_search_send()  function."
-msgstr ""
+msgstr "Зондує функцію sdap_deref_search_send()."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
 #: sssd-systemtap.5.xml:182
@@ -17720,31 +17802,35 @@ msgid ""
 "probestr:string\n"
 "                        "
 msgstr ""
+"base_dn:рядок\n"
+"deref_attr:рядок\n"
+"probestr:рядок\n"
+"                        "
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sssd-systemtap.5.xml:189
 msgid "probe sdap_deref_recv"
-msgstr ""
+msgstr "зонд sdap_deref_recv"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd-systemtap.5.xml:192
 msgid "Probes the sdap_deref_search_recv()  function."
-msgstr ""
+msgstr "Зондує функцію sdap_deref_search_recv()."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
 #: sssd-systemtap.5.xml:208
 msgid "LDAP Account Request Probes"
-msgstr ""
+msgstr "Зонди запитів щодо облікових записів у LDAP"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sssd-systemtap.5.xml:212
 msgid "probe sdap_acct_req_send"
-msgstr ""
+msgstr "зонд sdap_acct_req_send"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd-systemtap.5.xml:215
 msgid "Probes the sdap_acct_req_send()  function."
-msgstr ""
+msgstr "Зондує функцію sdap_acct_req_send()."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
 #: sssd-systemtap.5.xml:219 sssd-systemtap.5.xml:234
@@ -17756,90 +17842,92 @@ msgid ""
 "extra_value:string\n"
 "                       "
 msgstr ""
+"entry_type:ціле число\n"
+"filter_type:ціле число\n"
+"filter_value:рядок\n"
+"extra_value:рядок\n"
+"                       "
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sssd-systemtap.5.xml:227
 msgid "probe sdap_acct_req_recv"
-msgstr ""
+msgstr "зонд sdap_acct_req_recv"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd-systemtap.5.xml:230
 msgid "Probes the sdap_acct_req_recv()  function."
-msgstr ""
+msgstr "Зондує функцію sdap_acct_req_recv()."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
 #: sssd-systemtap.5.xml:246
 msgid "LDAP User Search Probes"
-msgstr ""
+msgstr "Зонди пошуку користувачів у LDAP"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sssd-systemtap.5.xml:250
 msgid "probe sdap_search_user_send"
-msgstr ""
+msgstr "зонд sdap_search_user_send"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd-systemtap.5.xml:253
 msgid "Probes the sdap_search_user_send()  function."
-msgstr ""
+msgstr "Зондує функцію sdap_search_user_send()."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
 #: sssd-systemtap.5.xml:257 sssd-systemtap.5.xml:269 sssd-systemtap.5.xml:281
 #: sssd-systemtap.5.xml:293
-#, fuzzy, no-wrap
-#| msgid ""
-#| "fallback_homedir = /home/%u\n"
-#| "                            "
+#, no-wrap
 msgid ""
 "filter:string\n"
 "                       "
 msgstr ""
-"fallback_homedir = /home/%u\n"
-"                            "
+"filter:рядок\n"
+"                       "
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sssd-systemtap.5.xml:262
 msgid "probe sdap_search_user_recv"
-msgstr ""
+msgstr "зонд sdap_search_user_recv"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd-systemtap.5.xml:265
 msgid "Probes the sdap_search_user_recv()  function."
-msgstr ""
+msgstr "Зондує функцію sdap_search_user_recv()."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sssd-systemtap.5.xml:274
 msgid "probe sdap_search_user_save_begin"
-msgstr ""
+msgstr "зонд sdap_search_user_save_begin"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd-systemtap.5.xml:277
 msgid "Probes the sdap_search_user_save_begin()  function."
-msgstr ""
+msgstr "Зондує функцію sdap_search_user_save_begin()."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sssd-systemtap.5.xml:286
 msgid "probe sdap_search_user_save_end"
-msgstr ""
+msgstr "зонд sdap_search_user_save_end"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd-systemtap.5.xml:289
 msgid "Probes the sdap_search_user_save_end()  function."
-msgstr ""
+msgstr "Зондує функцію sdap_search_user_save_end()."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
 #: sssd-systemtap.5.xml:302
 msgid "Data Provider Request Probes"
-msgstr ""
+msgstr "Зонди запитів до постачальника даних"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sssd-systemtap.5.xml:306
 msgid "probe dp_req_send"
-msgstr ""
+msgstr "зонд dp_req_send"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd-systemtap.5.xml:309
 msgid "A Data Provider request is submitted."
-msgstr ""
+msgstr "Подано запит до постачальника даних."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
 #: sssd-systemtap.5.xml:312
@@ -17851,16 +17939,21 @@ msgid ""
 "dp_req_method:int\n"
 "                       "
 msgstr ""
+"dp_req_domain:рядок\n"
+"dp_req_name:рядок\n"
+"dp_req_target:ціле число\n"
+"dp_req_method:ціле число\n"
+"                       "
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sssd-systemtap.5.xml:320
 msgid "probe dp_req_done"
-msgstr ""
+msgstr "зонд dp_req_done"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd-systemtap.5.xml:323
 msgid "A Data Provider request is completed."
-msgstr ""
+msgstr "Завершено виконання запиту до постачальника даних."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
 #: sssd-systemtap.5.xml:326
@@ -17873,21 +17966,27 @@ msgid ""
 "dp_errorstr:string\n"
 "                       "
 msgstr ""
+"dp_req_name:рядок\n"
+"dp_req_target:ціле число\n"
+"dp_req_method:ціле число\n"
+"dp_ret:ціле число\n"
+"dp_errorstr:рядок\n"
+"                       "
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
 #: sssd-systemtap.5.xml:339
 msgid "MISCELLANEOUS FUNCTIONS"
-msgstr ""
+msgstr "РІЗНОМАНІТНІ ФУНКЦІЇ"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 #: sssd-systemtap.5.xml:346
 msgid "function acct_req_desc(entry_type)"
-msgstr ""
+msgstr "функція acct_req_desc(entry_type)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 #: sssd-systemtap.5.xml:349
 msgid "Convert entry_type to string and return string"
-msgstr ""
+msgstr "Перетворення entry_type на рядок і повернення рядка"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 #: sssd-systemtap.5.xml:354
@@ -17895,31 +17994,33 @@ msgid ""
 "function sssd_acct_req_probestr(fc_name, entry_type, filter_type, "
 "filter_value, extra_value)"
 msgstr ""
+"функція sssd_acct_req_probestr(fc_name, entry_type, filter_type, "
+"filter_value, extra_value)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 #: sssd-systemtap.5.xml:358
 msgid "Create probe string based on filter type"
-msgstr ""
+msgstr "Створення рядка зонду на основі типу фільтрування"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 #: sssd-systemtap.5.xml:363
 msgid "function dp_target_str(target)"
-msgstr ""
+msgstr "функція dp_target_str(target)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 #: sssd-systemtap.5.xml:366
 msgid "Convert target to string and return string"
-msgstr ""
+msgstr "Перетворення target на рядок і повернення рядка"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 #: sssd-systemtap.5.xml:371
 msgid "function dp_method_str(target)"
-msgstr ""
+msgstr "функція dp_method_str(target)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 #: sssd-systemtap.5.xml:374
 msgid "Convert method to string and return string"
-msgstr ""
+msgstr "Перетворення методу на рядок і повернення рядка"
 
 #. type: Content of: <refsect1><title>
 #: include/service_discovery.xml:2
@@ -18126,6 +18227,7 @@ msgstr ""
 #: include/failover.xml:53
 msgid "Failover time outs and tuning"
 msgstr ""
+"Час очікування на перемикання на резервний ресурс та точне налаштовування"
 
 #. type: Content of: <refsect1><refsect2><para>
 #: include/failover.xml:55
@@ -18140,25 +18242,31 @@ msgid ""
 "timing out before a live server is contacted, you can consider changing the "
 "time outs."
 msgstr ""
+"Для визначення сервера для з'єднання достатньо одного запиту DNS або "
+"декількох кроків, зокрема визначення відповідного сайта або спроба "
+"використати декілька назв вузлів у випадку, якщо якісь із налаштованих "
+"серверів недоступні. Складніші сценарії можуть потребувати додаткового часу, "
+"а SSSD треба збалансувати надання достатнього часу для завершення процесу "
+"визначення і використання притомного часу на виконання цього запиту перед "
+"переходом до автономного режиму. Якщо діагностичний журнал SSSD показує, що "
+"під час визначення сервера перевищено час очікування на з'єднання із "
+"працездатним сервером, варто змінити значення параметрів часу очікування."
 
 #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
 #: include/failover.xml:76
-#, fuzzy
-#| msgid "dns_resolver_timeout (integer)"
 msgid "dns_resolver_op_timeout"
-msgstr "dns_resolver_timeout (ціле число)"
+msgstr "dns_resolver_op_timeout"
 
 #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: include/failover.xml:80
 msgid "How long would SSSD talk to a single DNS server."
 msgstr ""
+"Наскільки довго SSSD обмінюватиметься інформацією із окремим сервером DNS."
 
 #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
 #: include/failover.xml:86
-#, fuzzy
-#| msgid "dns_resolver_timeout (integer)"
 msgid "dns_resolver_timeout"
-msgstr "dns_resolver_timeout (ціле число)"
+msgstr "dns_resolver_timeout"
 
 #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: include/failover.xml:90
@@ -18167,37 +18275,45 @@ msgid ""
 "resolution internally might include several steps, such as resolving DNS SRV "
 "queries or locating the site."
 msgstr ""
+"Наскільки довго має чекати SSSD на визначення резервної служби надання "
+"даних. На внутрішньому рівні визначення такої служби може включати декілька "
+"кроків, зокрема визначення адрес запитів DNS SRV або пошук розташування "
+"сайта."
 
 #. type: Content of: <refsect1><refsect2><para>
 #: include/failover.xml:67
-#, fuzzy
-#| msgid ""
-#| "All of the common configuration options that apply to SSSD domains also "
-#| "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> "
-#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
-#| "<manvolnum>5</manvolnum> </citerefentry> manual page for full details.  "
-#| "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgid ""
 "This section lists the available tunables. Please refer to their description "
 "in the <citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
 "manvolnum> </citerefentry>, manual page.  <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
 msgstr ""
-"Всі загальні параметри налаштування, які стосуються доменів SSSD, також "
-"стосуються і доменів LDAP. Зверніться до розділу «РОЗДІЛИ ДОМЕНІВ» сторінки "
-"підручника <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry>, щоб дізнатися більше.  "
-"<placeholder type=\"variablelist\" id=\"0\"/>"
+"У цьому розділі наведено списки доступних для коригування параметрів. Будь "
+"ласка, ознайомтеся із їхніми описами за допомогою сторінки підручника "
+"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
+"manvolnum> </citerefentry>.  <placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <refsect1><refsect2><para>
 #: include/failover.xml:100
+#, fuzzy
+#| msgid ""
+#| "For LDAP-based providers, the resolve operation is performed as part of "
+#| "an LDAP connection operation. Thefore, also the <quote>ldap_opt_timeout></"
+#| "quote> timeout should be set to a larger value than "
+#| "<quote>dns_resolver_timeout</quote> which in turn should be set to a "
+#| "larger value than <quote>dns_resolver_op_timeout</quote>."
 msgid ""
 "For LDAP-based providers, the resolve operation is performed as part of an "
-"LDAP connection operation. Thefore, also the <quote>ldap_opt_timeout></"
+"LDAP connection operation. Therefore, also the <quote>ldap_opt_timeout></"
 "quote> timeout should be set to a larger value than "
 "<quote>dns_resolver_timeout</quote> which in turn should be set to a larger "
 "value than <quote>dns_resolver_op_timeout</quote>."
 msgstr ""
+"Для заснованих на LDAP постачальників даних дія з визначення виконується як "
+"частина дії зі встановлення з'єднання із LDAP. Тому слід також встановити "
+"для часу очікування <quote>ldap_opt_timeout></quote> значення, яке "
+"перевищуватиме значення <quote>dns_resolver_timeout</quote>, яке також має "
+"перевищувати значення <quote>dns_resolver_op_timeout</quote>."
 
 #. type: Content of: <refsect1><title>
 #: include/ldap_id_mapping.xml:2
@@ -18950,50 +19066,6 @@ msgstr ""
 
 #. type: Content of: <refsect1><para>
 #: include/seealso.xml:4
-#, fuzzy
-#| msgid ""
-#| "<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</"
-#| "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
-#| "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-#| "<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </"
-#| "citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
-#| "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-#| "<refentrytitle>sssd-simple</refentrytitle><manvolnum>5</manvolnum> </"
-#| "citerefentry>, <citerefentry> <refentrytitle>sssd-ipa</"
-#| "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-#| "<refentrytitle>sssd-ad</refentrytitle><manvolnum>5</manvolnum> </"
-#| "citerefentry>, <phrase condition=\"with_sudo\"> <citerefentry> "
-#| "<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </"
-#| "citerefentry>, </phrase> <phrase condition=\"with_secrets\"> "
-#| "<citerefentry> <refentrytitle>sssd-secrets</refentrytitle> <manvolnum>5</"
-#| "manvolnum> </citerefentry>, </phrase> <citerefentry> "
-#| "<refentrytitle>sss_cache</refentrytitle><manvolnum>8</manvolnum> </"
-#| "citerefentry>, <citerefentry> <refentrytitle>sss_debuglevel</"
-#| "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-#| "<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> </"
-#| "citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-#| "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-#| "<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-#| "citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-#| "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-#| "<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-#| "citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-#| "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-#| "<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
-#| "citerefentry>, <citerefentry> <refentrytitle>sss_obfuscate</"
-#| "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-#| "<refentrytitle>sss_seed</refentrytitle><manvolnum>8</manvolnum> </"
-#| "citerefentry>, <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
-#| "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <phrase condition="
-#| "\"with_ssh\"> <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</"
-#| "refentrytitle> <manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-#| "<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</"
-#| "manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> "
-#| "<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</"
-#| "manvolnum> </citerefentry>, </phrase> <citerefentry> "
-#| "<refentrytitle>pam_sss</refentrytitle><manvolnum>8</manvolnum> </"
-#| "citerefentry>.  <citerefentry> <refentrytitle>sss_rpcidmapd</"
-#| "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>"
 msgid ""
 "<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </"
 "citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
@@ -19055,34 +19127,37 @@ msgstr ""
 "<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </"
 "citerefentry>, </phrase> <phrase condition=\"with_secrets\"> <citerefentry> "
 "<refentrytitle>sssd-secrets</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>, </phrase> <citerefentry> <refentrytitle>sss_cache</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_debuglevel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
+"citerefentry>, </phrase> <citerefentry> <refentrytitle>sssd-session-"
+"recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>, "
+"<citerefentry> <refentrytitle>sss_cache</refentrytitle><manvolnum>8</"
+"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_debuglevel</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
+"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
+"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
+"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_seed</"
+"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_obfuscate</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> "
-"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_seed</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <phrase condition="
+"\"with_ssh\"> <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</"
+"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
 "<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</"
 "manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> "
 "<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</"
 "manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>.  <citerefentry> "
 "<refentrytitle>sss_rpcidmapd</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>"
+"citerefentry> <phrase condition=\"with_stap\"> <citerefentry> "
+"<refentrytitle>sssd-systemtap</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> </phrase>"
 
 #. type: Content of: <listitem><para>
 #: include/ldap_search_bases.xml:3
@@ -19339,6 +19414,23 @@ msgstr "ldap_account_expire_policy = ad"
 msgid "ldap_use_tokengroups = true"
 msgstr "ldap_use_tokengroups = true"
 
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ad_modified_defaults.xml:63
+msgid "ldap_sasl_authid = sAMAccountName@REALM (typically SHORTNAME$@REALM)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ad_modified_defaults.xml:66
+msgid ""
+"The AD provider looks for a different principal than the LDAP provider by "
+"default, because in an Active Directory environment the principals are "
+"divided into two groups - User Principals and Service Principals. Only User "
+"Principal can be used to obtain a TGT and by default, computer object's "
+"principal is constructed from its sAMAccountName and the AD realm. The well-"
+"known host/hostname@REALM principal is a Service Principal and thus cannot "
+"be used to get a TGT with."
+msgstr ""
+
 #. type: Content of: <refsect1><para>
 #: include/ipa_modified_defaults.xml:4
 msgid ""
@@ -19445,33 +19537,3 @@ msgstr "ldap_group_objectsid = ipaNTSecurityIdentifier"
 #: include/ipa_modified_defaults.xml:118
 msgid "ldap_group_external_member = ipaExternalMember"
 msgstr "ldap_group_external_member = ipaExternalMember"
-
-#~ msgid ""
-#~ "Determines if a domain can be enumerated. This parameter can have one of "
-#~ "the following values:"
-#~ msgstr ""
-#~ "Визначає, чи можна нумерувати домен. Цей параметр може мати одне з таких "
-#~ "значень:"
-
-#~ msgid "Default: no set in the general case, userCertificate;binary for IPA"
-#~ msgstr ""
-#~ "Типове значення: не встановлено у загальному випадку, userCertificate;"
-#~ "binary для IPA"
-
-#~ msgid ""
-#~ "<command>sss_debuglevel</command> changes debug level of SSSD monitor and "
-#~ "providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is "
-#~ "running."
-#~ msgstr ""
-#~ "<command>sss_debuglevel</command> змінює рівень діагностики засобу "
-#~ "спостереження та надавачів даних SSSD на вказане значення "
-#~ "<replaceable>НОВИЙ_РІВЕНЬ_ДІАГНОСТИКИ</replaceable> під час роботи SSSD."
-
-#~ msgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>"
-#~ msgstr "<replaceable>НОВИЙ_РІВЕНЬ_ДІАГНОСТИКИ</replaceable>"
-
-#~ msgid "Default: 1024"
-#~ msgstr "Типове значення: 1024"
-
-#~ msgid "Default: 16"
-#~ msgstr "Типове значення: 16"
diff --git a/src/man/po/zh_CN.po b/src/man/po/zh_CN.po
index 3d0e585..96d252a 100644
--- a/src/man/po/zh_CN.po
+++ b/src/man/po/zh_CN.po
@@ -6,19 +6,19 @@
 # Christopher Meng <cickumqt@gmail.com>, 2012
 msgid ""
 msgstr ""
-"Project-Id-Version: sssd-docs 1.15.3\n"
+"Project-Id-Version: sssd-docs 1.16.1\n"
 "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2018-03-09 12:30+0100\n"
-"PO-Revision-Date: 2014-12-15 12:16-0500\n"
+"POT-Creation-Date: 2018-06-08 21:00+0200\n"
+"PO-Revision-Date: 2014-12-15 12:16+0000\n"
 "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
 "Language-Team: Chinese (China) (http://www.transifex.com/projects/p/sssd/"
 "language/zh_CN/)\n"
-"Language: zh-CN\n"
+"Language: zh_CN\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=1; plural=0;\n"
-"X-Generator: Zanata 3.9.6\n"
+"X-Generator: Zanata 4.4.5\n"
 
 #. type: Content of: <reference><title>
 #: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
@@ -89,7 +89,7 @@ msgstr ""
 #: sss_groupmod.8.xml:39 pam_sss.8.xml:64 sssd.8.xml:42 sss_obfuscate.8.xml:58
 #: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
 #: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
-#: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:66
+#: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:123
 #: sss_ssh_knownhostsproxy.1.xml:62
 msgid "OPTIONS"
 msgstr "选项"
@@ -191,7 +191,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd.conf.5.xml:41
 msgid ""
-"A line comment starts with a hash sign (<quote>#</quote>) or a semicolon "
+"A comment line starts with a hash sign (<quote>#</quote>) or a semicolon "
 "(<quote>;</quote>).  Inline comments are not supported."
 msgstr ""
 
@@ -299,11 +299,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:133 sssd.conf.5.xml:543 sssd.conf.5.xml:837
-#: sssd.conf.5.xml:1474 sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1937
-#: sssd-ldap.5.xml:1999 sssd-ldap.5.xml:2565 sssd-ldap.5.xml:2630
-#: sssd-ldap.5.xml:2648 sssd-ad.5.xml:224 sssd-ad.5.xml:338 sssd-ad.5.xml:882
-#: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
+#: sssd.conf.5.xml:133 sssd.conf.5.xml:543 sssd.conf.5.xml:839
+#: sssd.conf.5.xml:1491 sssd.conf.5.xml:1521 sssd-ldap.5.xml:1840
+#: sssd-ldap.5.xml:1937 sssd-ldap.5.xml:1999 sssd-ldap.5.xml:2565
+#: sssd-ldap.5.xml:2630 sssd-ldap.5.xml:2648 sssd-ad.5.xml:227
+#: sssd-ad.5.xml:341 sssd-ad.5.xml:885 sssd-krb5.5.xml:499
+#: sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
 msgid "Default: true"
 msgstr ""
 
@@ -320,8 +321,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:146 sssd.conf.5.xml:540 sssd.conf.5.xml:721
-#: sssd.conf.5.xml:1407 sssd.conf.5.xml:2925 sssd-ldap.5.xml:708
+#: sssd.conf.5.xml:146 sssd.conf.5.xml:540 sssd.conf.5.xml:722
+#: sssd.conf.5.xml:1424 sssd.conf.5.xml:2983 sssd-ldap.5.xml:708
 #: sssd-ldap.5.xml:1714 sssd-ldap.5.xml:1733 sssd-ldap.5.xml:1909
 #: sssd-ldap.5.xml:2335 sssd-ipa.5.xml:151 sssd-ipa.5.xml:238
 #: sssd-ipa.5.xml:559 sssd-krb5.5.xml:266 sssd-krb5.5.xml:300
@@ -355,7 +356,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:169 sssd.conf.5.xml:1359 sssd.conf.5.xml:2941
+#: sssd.conf.5.xml:169 sssd.conf.5.xml:1376 sssd.conf.5.xml:2999
 #: sssd-ldap.5.xml:1585 include/ldap_id_mapping.xml:264
 msgid "Default: 10"
 msgstr ""
@@ -371,7 +372,7 @@ msgid "The [sssd] section"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:191 sssd.conf.5.xml:3030
+#: sssd.conf.5.xml:191 sssd.conf.5.xml:3088
 msgid "Section parameters"
 msgstr ""
 
@@ -419,19 +420,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231 sssd.conf.5.xml:613
+#: sssd.conf.5.xml:231 sssd.conf.5.xml:614
 msgid "reconnection_retries (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:234 sssd.conf.5.xml:616
+#: sssd.conf.5.xml:234 sssd.conf.5.xml:617
 msgid ""
 "Number of times services should attempt to reconnect in the event of a Data "
 "Provider crash or restart before they give up"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:239 sssd.conf.5.xml:621
+#: sssd.conf.5.xml:239 sssd.conf.5.xml:622
 msgid "Default: 3"
 msgstr "默认： 3"
 
@@ -451,7 +452,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:259 sssd.conf.5.xml:2539
+#: sssd.conf.5.xml:259 sssd.conf.5.xml:2597
 msgid "re_expression (string)"
 msgstr ""
 
@@ -471,12 +472,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:276 sssd.conf.5.xml:2590
+#: sssd.conf.5.xml:276 sssd.conf.5.xml:2648
 msgid "full_name_format (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:279 sssd.conf.5.xml:2593
+#: sssd.conf.5.xml:279 sssd.conf.5.xml:2651
 msgid ""
 "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
 "manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -484,39 +485,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:290 sssd.conf.5.xml:2604
+#: sssd.conf.5.xml:290 sssd.conf.5.xml:2662
 msgid "%1$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:291 sssd.conf.5.xml:2605
+#: sssd.conf.5.xml:291 sssd.conf.5.xml:2663
 msgid "user name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:294 sssd.conf.5.xml:2608
+#: sssd.conf.5.xml:294 sssd.conf.5.xml:2666
 msgid "%2$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:297 sssd.conf.5.xml:2611
+#: sssd.conf.5.xml:297 sssd.conf.5.xml:2669
 msgid "domain name as specified in the SSSD config file."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:303 sssd.conf.5.xml:2617
+#: sssd.conf.5.xml:303 sssd.conf.5.xml:2675
 msgid "%3$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:306 sssd.conf.5.xml:2620
+#: sssd.conf.5.xml:306 sssd.conf.5.xml:2678
 msgid ""
 "domain flat name. Mostly usable for Active Directory domains, both directly "
 "configured or discovered via IPA trusts."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:287 sssd.conf.5.xml:2601
+#: sssd.conf.5.xml:287 sssd.conf.5.xml:2659
 msgid ""
 "The following expansions are supported: <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
@@ -640,9 +641,9 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:418 sssd.conf.5.xml:1163 sssd-ldap.5.xml:679
+#: sssd.conf.5.xml:418 sssd.conf.5.xml:1165 sssd-ldap.5.xml:679
 #: sssd-ldap.5.xml:1319 sssd-ldap.5.xml:1673 sssd-ldap.5.xml:1685
-#: sssd-ldap.5.xml:1767 sssd-ad.5.xml:687 sssd-ad.5.xml:762 sssd.8.xml:126
+#: sssd-ldap.5.xml:1767 sssd-ad.5.xml:690 sssd-ad.5.xml:765 sssd.8.xml:126
 #: sssd-krb5.5.xml:410 sssd-krb5.5.xml:556 sssd-secrets.5.xml:339
 #: sssd-secrets.5.xml:377 sssd-secrets.5.xml:390 sssd-secrets.5.xml:404
 #: sssd-secrets.5.xml:415 include/ldap_id_mapping.xml:205
@@ -820,21 +821,22 @@ msgstr ""
 #: sssd.conf.5.xml:563
 msgid ""
 "Please, note that when this option is set the output format of all commands "
-"is always fully-qualified even when using short names for input.  In case "
-"the administrator wants the output not fully-qualified, the full_name_format "
-"option can be used as shown below: <quote>full_name_format=%1$s</quote> "
-"However, keep in mind that during login, login applications often "
-"canonicalize the username by calling <citerefentry> <refentrytitle>getpwnam</"
-"refentrytitle> <manvolnum>3</manvolnum> </citerefentry> which, if a "
-"shortname is returned for a qualified input (while trying to reach a user "
-"which exists in multiple domains) might re-route the login attempt into the "
-"domain which users shortnames, making this workaround totally not "
-"recommended in cases where usernames may overlap between domains."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587 sssd.conf.5.xml:1371 sssd.conf.5.xml:2991
-#: sssd-ad.5.xml:161 sssd-ad.5.xml:299 sssd-ad.5.xml:313
+"is always fully-qualified even when using short names for input, for all "
+"users but the ones managed by the files provider.  In case the administrator "
+"wants the output not fully-qualified, the full_name_format option can be "
+"used as shown below: <quote>full_name_format=%1$s</quote> However, keep in "
+"mind that during login, login applications often canonicalize the username "
+"by calling <citerefentry> <refentrytitle>getpwnam</refentrytitle> "
+"<manvolnum>3</manvolnum> </citerefentry> which, if a shortname is returned "
+"for a qualified input (while trying to reach a user which exists in multiple "
+"domains) might re-route the login attempt into the domain which uses "
+"shortnames, making this workaround totally not recommended in cases where "
+"usernames may overlap between domains."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:588 sssd.conf.5.xml:1388 sssd.conf.5.xml:3049
+#: sssd-ad.5.xml:164 sssd-ad.5.xml:302 sssd-ad.5.xml:316
 msgid "Default: Not set"
 msgstr ""
 
@@ -850,12 +852,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:598
+#: sssd.conf.5.xml:599
 msgid "SERVICES SECTIONS"
 msgstr "服务部分"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:600
+#: sssd.conf.5.xml:601
 msgid ""
 "Settings that can be used to configure different services are described in "
 "this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -864,22 +866,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:607
+#: sssd.conf.5.xml:608
 msgid "General service configuration options"
 msgstr "基本服务配置选项"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:609
+#: sssd.conf.5.xml:610
 msgid "These options can be used to configure any service."
 msgstr "这些选项可被用于配置任何服务。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:626
+#: sssd.conf.5.xml:627
 msgid "fd_limit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:629
+#: sssd.conf.5.xml:630
 msgid ""
 "This option specifies the maximum number of file descriptors that may be "
 "opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -889,17 +891,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:638
+#: sssd.conf.5.xml:639
 msgid "Default: 8192 (or limits.conf \"hard\" limit)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:643
+#: sssd.conf.5.xml:644
 msgid "client_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:646
+#: sssd.conf.5.xml:647
 msgid ""
 "This option specifies the number of seconds that a client of an SSSD process "
 "can hold onto a file descriptor without communicating on it. This value is "
@@ -909,18 +911,18 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:655 sssd.conf.5.xml:687 sssd.conf.5.xml:968
-#: sssd.conf.5.xml:1229 sssd-ldap.5.xml:1412
+#: sssd.conf.5.xml:656 sssd.conf.5.xml:688 sssd.conf.5.xml:970
+#: sssd.conf.5.xml:1231 sssd-ldap.5.xml:1412
 msgid "Default: 60"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:660
+#: sssd.conf.5.xml:661
 msgid "offline_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:663
+#: sssd.conf.5.xml:664
 msgid ""
 "When SSSD switches to offline mode the amount of time before it tries to go "
 "back online will increase based upon the time spent disconnected.  This "
@@ -928,24 +930,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:670
+#: sssd.conf.5.xml:671
 msgid "offline_timeout + random_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:673
+#: sssd.conf.5.xml:674
 msgid ""
 "The random offset can increment up to 30 seconds.  After each unsuccessful "
 "attempt to go online, the new interval is recalculated by the following:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:678
+#: sssd.conf.5.xml:679
 msgid "new_interval = old_interval*2 + random_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:681
+#: sssd.conf.5.xml:682
 msgid ""
 "Note that the maximum length of each interval is currently limited to one "
 "hour. If the calculated length of new_interval is greater than an hour, it "
@@ -953,12 +955,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:692
+#: sssd.conf.5.xml:693
 msgid "responder_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:695
+#: sssd.conf.5.xml:696
 msgid ""
 "This option specifies the number of seconds that an SSSD responder process "
 "can be up without being used. This value is limited in order to avoid "
@@ -970,58 +972,58 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:709 sssd.conf.5.xml:981 sssd.conf.5.xml:1566
+#: sssd.conf.5.xml:710 sssd.conf.5.xml:983 sssd.conf.5.xml:1616
 #: sssd-ldap.5.xml:722
 msgid "Default: 300"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:714
+#: sssd.conf.5.xml:715
 msgid "cache_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:717
+#: sssd.conf.5.xml:718
 msgid ""
 "This option specifies whether the responder should query all caches before "
 "querying the Data Providers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:729
+#: sssd.conf.5.xml:730
 msgid "NSS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:731
+#: sssd.conf.5.xml:732
 msgid ""
 "These options can be used to configure the Name Service Switch (NSS) service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:736
+#: sssd.conf.5.xml:737
 msgid "enum_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:739
+#: sssd.conf.5.xml:740
 msgid ""
 "How many seconds should nss_sss cache enumerations (requests for info about "
 "all users)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:743
+#: sssd.conf.5.xml:744
 msgid "Default: 120"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:748
+#: sssd.conf.5.xml:749
 msgid "entry_cache_nowait_percentage (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:751
+#: sssd.conf.5.xml:752
 msgid ""
 "The entry cache can be set to automatically update entries in the background "
 "if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -1029,7 +1031,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:757
+#: sssd.conf.5.xml:758
 msgid ""
 "For example, if the domain's entry_cache_timeout is set to 30s and "
 "entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -1039,7 +1041,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:767
+#: sssd.conf.5.xml:768
 msgid ""
 "Valid values for this option are 0-99 and represent a percentage of the "
 "entry_cache_timeout for each domain. For performance reasons, this "
@@ -1048,17 +1050,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:775 sssd.conf.5.xml:1428
+#: sssd.conf.5.xml:776 sssd.conf.5.xml:1445
 msgid "Default: 50"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:780
+#: sssd.conf.5.xml:781
 msgid "entry_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:784
 msgid ""
 "Specifies for how many seconds nss_sss should cache negative cache hits "
 "(that is, queries for invalid database entries, like nonexistent ones)  "
@@ -1066,34 +1068,35 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:789 sssd.conf.5.xml:1452
+#: sssd.conf.5.xml:790 sssd.conf.5.xml:1469
 msgid "Default: 15"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:794
+#: sssd.conf.5.xml:795
 msgid "local_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:797
+#: sssd.conf.5.xml:798
 msgid ""
 "Specifies for how many seconds nss_sss should keep local users and groups in "
-"negative cache before trying to look it up in the back end again."
+"negative cache before trying to look it up in the back end again. Setting "
+"the option to 0 disables this feature."
 msgstr ""
 
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:802 sssd.conf.5.xml:1217 sssd.conf.5.xml:2846 sssd.8.xml:79
-msgid "Default: 0"
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:804
+msgid "Default: 14400 (4 hours)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:807
+#: sssd.conf.5.xml:809
 msgid "filter_users, filter_groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:810
+#: sssd.conf.5.xml:812
 msgid ""
 "Exclude certain users or groups from being fetched from the sss NSS "
 "database. This is particularly useful for system accounts. This option can "
@@ -1102,7 +1105,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:817
+#: sssd.conf.5.xml:819
 msgid ""
 "NOTE: The filter_groups option doesn't affect inheritance of nested group "
 "members, since filtering happens after they are propagated for returning via "
@@ -1111,41 +1114,41 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:825
+#: sssd.conf.5.xml:827
 msgid "Default: root"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:830
+#: sssd.conf.5.xml:832
 msgid "filter_users_in_groups (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:833
+#: sssd.conf.5.xml:835
 msgid ""
 "If you want filtered user still be group members set this option to false."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:844
+#: sssd.conf.5.xml:846
 msgid "fallback_homedir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:849
 msgid ""
 "Set a default template for a user's home directory if one is not specified "
 "explicitly by the domain's data provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:852
+#: sssd.conf.5.xml:854
 msgid ""
 "The available values for this option are the same as for override_homedir."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:858
+#: sssd.conf.5.xml:860
 #, no-wrap
 msgid ""
 "fallback_homedir = /home/%u\n"
@@ -1153,23 +1156,23 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:856 sssd.conf.5.xml:1296 sssd.conf.5.xml:1315
+#: sssd.conf.5.xml:858 sssd.conf.5.xml:1298 sssd.conf.5.xml:1317
 #: sssd-krb5.5.xml:539 include/override_homedir.xml:59
 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:862
+#: sssd.conf.5.xml:864
 msgid "Default: not set (no substitution for unset home directories)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:870
 msgid "override_shell (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:873
 msgid ""
 "Override the login shell for all users. This option supersedes any other "
 "shell options if it takes effect and can be set either in the [nss] section "
@@ -1177,47 +1180,47 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:877
+#: sssd.conf.5.xml:879
 msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:883
+#: sssd.conf.5.xml:885
 msgid "allowed_shells (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:886
+#: sssd.conf.5.xml:888
 msgid ""
 "Restrict user shell to one of the listed values. The order of evaluation is:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:889
+#: sssd.conf.5.xml:891
 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:895
 msgid ""
 "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
 "quote>, use the value of the shell_fallback parameter."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:898
+#: sssd.conf.5.xml:900
 msgid ""
 "3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
 "shells</quote>, a nologin shell is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:903
+#: sssd.conf.5.xml:905
 msgid "The wildcard (*) can be used to allow any shell."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:906
+#: sssd.conf.5.xml:908
 msgid ""
 "The (*) is useful if you want to use shell_fallback in case that user's "
 "shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -1225,112 +1228,112 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:913
+#: sssd.conf.5.xml:915
 msgid "An empty string for shell is passed as-is to libc."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:918
 msgid ""
 "The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
 "that a restart of the SSSD is required in case a new shell is installed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:920
+#: sssd.conf.5.xml:922
 msgid "Default: Not set. The user shell is automatically used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:925
+#: sssd.conf.5.xml:927
 msgid "vetoed_shells (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:928
+#: sssd.conf.5.xml:930
 msgid "Replace any instance of these shells with the shell_fallback"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:933
+#: sssd.conf.5.xml:935
 msgid "shell_fallback (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:936
+#: sssd.conf.5.xml:938
 msgid ""
 "The default shell to use if an allowed shell is not installed on the machine."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
+#: sssd.conf.5.xml:942
 msgid "Default: /bin/sh"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:945
+#: sssd.conf.5.xml:947
 msgid "default_shell"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:950
 msgid ""
 "The default shell to use if the provider does not return one during lookup. "
 "This option can be specified globally in the [nss] section or per-domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:956
 msgid ""
 "Default: not set (Return NULL if no shell is specified and rely on libc to "
 "substitute something sensible when necessary, usually /bin/sh)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:961 sssd.conf.5.xml:1222
+#: sssd.conf.5.xml:963 sssd.conf.5.xml:1224
 msgid "get_domains_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:964 sssd.conf.5.xml:1225
+#: sssd.conf.5.xml:966 sssd.conf.5.xml:1227
 msgid ""
 "Specifies time in seconds for which the list of subdomains will be "
 "considered valid."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:973
+#: sssd.conf.5.xml:975
 msgid "memcache_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:976
+#: sssd.conf.5.xml:978
 msgid ""
 "Specifies time in seconds for which records in the in-memory cache will be "
 "valid. Setting this option to zero will disable the in-memory cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:984
+#: sssd.conf.5.xml:986
 msgid ""
 "WARNING: Disabling the in-memory cache will have significant negative impact "
 "on SSSD's performance and should only be used for testing."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:990
+#: sssd.conf.5.xml:992
 msgid ""
 "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
 "client applications will not use the fast in-memory cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:998 sssd-ifp.5.xml:74
+#: sssd.conf.5.xml:1000 sssd-ifp.5.xml:74
 msgid "user_attributes (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1001
+#: sssd.conf.5.xml:1003
 msgid ""
 "Some of the additional NSS responder requests can return more attributes "
 "than just the POSIX ones defined by the NSS interface. The list of "
@@ -1341,96 +1344,96 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1014
+#: sssd.conf.5.xml:1016
 msgid ""
 "To make configuration more easy the NSS responder will check the InfoPipe "
 "option if it is not set for the NSS responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1019
+#: sssd.conf.5.xml:1021
 msgid "Default: not set, fallback to InfoPipe option"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1026
 msgid "pwfield (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1029
 msgid ""
 "The value that NSS operations that return users or groups will return for "
 "the <quote>password</quote> field."
 msgstr ""
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:1032 include/override_homedir.xml:56
+#: sssd.conf.5.xml:1034 include/override_homedir.xml:56
 msgid "This option can also be set per-domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1035
+#: sssd.conf.5.xml:1037
 msgid ""
 "Default: <quote>*</quote> (remote domains)  or <quote>x</quote> (the files "
 "domain)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1043
+#: sssd.conf.5.xml:1045
 msgid "PAM configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1047
 msgid ""
 "These options can be used to configure the Pluggable Authentication Module "
 "(PAM) service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1050
+#: sssd.conf.5.xml:1052
 msgid "offline_credentials_expiration (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1053
+#: sssd.conf.5.xml:1055
 msgid ""
 "If the authentication provider is offline, how long should we allow cached "
 "logins (in days since the last successful online login)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1058 sssd.conf.5.xml:1071
+#: sssd.conf.5.xml:1060 sssd.conf.5.xml:1073
 msgid "Default: 0 (No limit)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1064
+#: sssd.conf.5.xml:1066
 msgid "offline_failed_login_attempts (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1067
+#: sssd.conf.5.xml:1069
 msgid ""
 "If the authentication provider is offline, how many failed login attempts "
 "are allowed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1077
+#: sssd.conf.5.xml:1079
 msgid "offline_failed_login_delay (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1080
+#: sssd.conf.5.xml:1082
 msgid ""
 "The time in minutes which has to pass after offline_failed_login_attempts "
 "has been reached before a new login attempt is possible."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1085
+#: sssd.conf.5.xml:1087
 msgid ""
 "If set to 0 the user cannot authenticate offline if "
 "offline_failed_login_attempts has been reached. Only a successful online "
@@ -1438,59 +1441,59 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1091 sssd.conf.5.xml:1189
+#: sssd.conf.5.xml:1093 sssd.conf.5.xml:1191
 msgid "Default: 5"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1097
+#: sssd.conf.5.xml:1099
 msgid "pam_verbosity (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1100
+#: sssd.conf.5.xml:1102
 msgid ""
 "Controls what kind of messages are shown to the user during authentication. "
 "The higher the number to more messages are displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1105
+#: sssd.conf.5.xml:1107
 msgid "Currently sssd supports the following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1108
+#: sssd.conf.5.xml:1110
 msgid "<emphasis>0</emphasis>: do not show any message"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1111
+#: sssd.conf.5.xml:1113
 msgid "<emphasis>1</emphasis>: show only important messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1115
+#: sssd.conf.5.xml:1117
 msgid "<emphasis>2</emphasis>: show informational messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1118
+#: sssd.conf.5.xml:1120
 msgid "<emphasis>3</emphasis>: show all messages and debug information"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1122 sssd.8.xml:63
+#: sssd.conf.5.xml:1124 sssd.8.xml:63
 msgid "Default: 1"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1128
+#: sssd.conf.5.xml:1130
 msgid "pam_response_filter (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1131
+#: sssd.conf.5.xml:1133
 msgid ""
 "A comma separated list of strings which allows to remove (filter) data sent "
 "by the PAM responder to pam_sss PAM module. There are different kind of "
@@ -1499,61 +1502,61 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1139
+#: sssd.conf.5.xml:1141
 msgid ""
 "While messages already can be controlled with the help of the pam_verbosity "
 "option this option allows to filter out other kind of responses as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1148
 msgid "ENV"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1147
+#: sssd.conf.5.xml:1149
 msgid "Do not send any environment variables to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1150
+#: sssd.conf.5.xml:1152
 msgid "ENV:var_name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1151
+#: sssd.conf.5.xml:1153
 msgid "Do not send environment variable var_name to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1155
+#: sssd.conf.5.xml:1157
 msgid "ENV:var_name:service"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1156
+#: sssd.conf.5.xml:1158
 msgid "Do not send environment variable var_name to service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1144
+#: sssd.conf.5.xml:1146
 msgid ""
 "Currently the following filters are supported: <placeholder type="
 "\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1166
+#: sssd.conf.5.xml:1168
 msgid "Example: ENV:KRB5CCNAME:sudo-i"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1174
 msgid "pam_id_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1175
+#: sssd.conf.5.xml:1177
 msgid ""
 "For any PAM request while SSSD is online, the SSSD will attempt to "
 "immediately update the cached identity information for the user in order to "
@@ -1561,7 +1564,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1181
+#: sssd.conf.5.xml:1183
 msgid ""
 "A complete PAM conversation may perform multiple PAM requests, such as "
 "account management and session opening. This option controls (on a per-"
@@ -1570,17 +1573,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1195
+#: sssd.conf.5.xml:1197
 msgid "pam_pwd_expiration_warning (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1198 sssd.conf.5.xml:2028
+#: sssd.conf.5.xml:1200 sssd.conf.5.xml:2078
 msgid "Display a warning N days before the password expires."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1201
+#: sssd.conf.5.xml:1203
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -1588,26 +1591,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1207 sssd.conf.5.xml:2031
+#: sssd.conf.5.xml:1209 sssd.conf.5.xml:2081
 msgid ""
 "If zero is set, then this filter is not applied, i.e. if the expiration "
 "warning was received from backend server, it will automatically be displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1212
+#: sssd.conf.5.xml:1214
 msgid ""
 "This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
 "emphasis> for a particular domain."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1219 sssd.conf.5.xml:2904 sssd.8.xml:79
+msgid "Default: 0"
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1234
+#: sssd.conf.5.xml:1236
 msgid "pam_trusted_users (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1237
+#: sssd.conf.5.xml:1239
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to run PAM conversations against trusted domains.  Users not "
@@ -1617,74 +1625,74 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1247
+#: sssd.conf.5.xml:1249
 msgid "Default: All users are considered trusted by default"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1251
+#: sssd.conf.5.xml:1253
 msgid ""
 "Please note that UID 0 is always allowed to access the PAM responder even in "
 "case it is not in the pam_trusted_users list."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1258
+#: sssd.conf.5.xml:1260
 msgid "pam_public_domains (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1261
+#: sssd.conf.5.xml:1263
 msgid ""
 "Specifies the comma-separated list of domain names that are accessible even "
 "to untrusted users."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1265
+#: sssd.conf.5.xml:1267
 msgid "Two special values for pam_public_domains option are defined:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1269
+#: sssd.conf.5.xml:1271
 msgid ""
 "all (Untrusted users are allowed to access all domains in PAM responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1273
+#: sssd.conf.5.xml:1275
 msgid ""
 "none (Untrusted users are not allowed to access any domains PAM in "
 "responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1277 sssd.conf.5.xml:1302 sssd.conf.5.xml:1321
-#: sssd.conf.5.xml:1825 sssd.conf.5.xml:2782 sssd-ldap.5.xml:1968
+#: sssd.conf.5.xml:1279 sssd.conf.5.xml:1304 sssd.conf.5.xml:1323
+#: sssd.conf.5.xml:1875 sssd.conf.5.xml:2840 sssd-ldap.5.xml:1968
 msgid "Default: none"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1282
+#: sssd.conf.5.xml:1284
 msgid "pam_account_expired_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1285
+#: sssd.conf.5.xml:1287
 msgid ""
 "Allows a custom expiration message to be set, replacing the default "
 "'Permission denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1290
+#: sssd.conf.5.xml:1292
 msgid ""
 "Note: Please be aware that message is only printed for the SSH service "
 "unless pam_verbosity is set to 3 (show all messages and debug information)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1298
+#: sssd.conf.5.xml:1300
 #, no-wrap
 msgid ""
 "pam_account_expired_message = Account expired, please contact help desk.\n"
@@ -1692,19 +1700,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1307
+#: sssd.conf.5.xml:1309
 msgid "pam_account_locked_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1310
+#: sssd.conf.5.xml:1312
 msgid ""
 "Allows a custom lockout message to be set, replacing the default 'Permission "
 "denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1317
+#: sssd.conf.5.xml:1319
 #, no-wrap
 msgid ""
 "pam_account_locked_message = Account locked, please contact help desk.\n"
@@ -1712,12 +1720,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1326
+#: sssd.conf.5.xml:1328
 msgid "pam_cert_auth (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1329
+#: sssd.conf.5.xml:1331
 msgid ""
 "Enable certificate based Smartcard authentication.  Since this requires "
 "additional communication with the Smartcard which will delay the "
@@ -1725,58 +1733,82 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1335 sssd.conf.5.xml:2875 sssd-ldap.5.xml:1087
+#: sssd.conf.5.xml:1337 sssd.conf.5.xml:2933 sssd-ldap.5.xml:1087
 #: sssd-ldap.5.xml:1114 sssd-ldap.5.xml:1514 sssd-ldap.5.xml:1535
 #: sssd-ldap.5.xml:2041 include/ldap_id_mapping.xml:244
 msgid "Default: False"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1340
+#: sssd.conf.5.xml:1342
 msgid "pam_cert_db_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1343
+#: sssd.conf.5.xml:1345
 msgid ""
 "The path to the certificate database which contain the PKCS#11 modules to "
 "access the Smartcard."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1347
-msgid "Default: /etc/pki/nssdb (NSS version)"
+#: sssd.conf.5.xml:1349 sssd.conf.5.xml:1534
+#, fuzzy
+#| msgid "Default: 3"
+msgid "Default:"
+msgstr "默认： 3"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:1351 sssd.conf.5.xml:1536
+msgid "/etc/pki/nssdb (NSS version, path to a NSS database)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:1354 sssd.conf.5.xml:1539
+msgid ""
+"/etc/sssd/pki/sssd_auth_ca_db.pem (OpenSSL version, path to a file with "
+"trusted CA certificates in PEM format)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1361 sssd.conf.5.xml:1546
+msgid "This man page was generated for the NSS version."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1364 sssd.conf.5.xml:1549
+msgid "This man page was generated for the OpenSSL version."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1352
+#: sssd.conf.5.xml:1369
 msgid "p11_child_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1355
+#: sssd.conf.5.xml:1372
 msgid "How many seconds will pam_sss wait for p11_child to finish."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1364
+#: sssd.conf.5.xml:1381
 msgid "pam_app_services (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1367
+#: sssd.conf.5.xml:1384
 msgid ""
 "Which PAM services are permitted to contact domains of type "
 "<quote>application</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1380
+#: sssd.conf.5.xml:1397
 msgid "SUDO configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1382
+#: sssd.conf.5.xml:1399
 msgid ""
 "These options can be used to configure the sudo service.  The detailed "
 "instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -1787,24 +1819,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1399
+#: sssd.conf.5.xml:1416
 msgid "sudo_timed (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1402
+#: sssd.conf.5.xml:1419
 msgid ""
 "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
 "that implement time-dependent sudoers entries."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1414
+#: sssd.conf.5.xml:1431
 msgid "sudo_threshold (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1417
+#: sssd.conf.5.xml:1434
 msgid ""
 "Maximum number of expired rules that can be refreshed at once. If number of "
 "expired rules is below threshold, those rules are refreshed with "
@@ -1814,22 +1846,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1436
+#: sssd.conf.5.xml:1453
 msgid "AUTOFS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1438
+#: sssd.conf.5.xml:1455
 msgid "These options can be used to configure the autofs service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1442
+#: sssd.conf.5.xml:1459
 msgid "autofs_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1445
+#: sssd.conf.5.xml:1462
 msgid ""
 "Specifies for how many seconds should the autofs responder negative cache "
 "hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1837,68 +1869,77 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1461
+#: sssd.conf.5.xml:1478
 msgid "SSH configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1463
+#: sssd.conf.5.xml:1480
 msgid "These options can be used to configure the SSH service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1467
+#: sssd.conf.5.xml:1484
 msgid "ssh_hash_known_hosts (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1470
+#: sssd.conf.5.xml:1487
 msgid ""
 "Whether or not to hash host names and addresses in the managed known_hosts "
 "file."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1479
+#: sssd.conf.5.xml:1496
 msgid "ssh_known_hosts_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1482
+#: sssd.conf.5.xml:1499
 msgid ""
 "How many seconds to keep a host in the managed known_hosts file after its "
 "host keys were requested."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1486
+#: sssd.conf.5.xml:1503
 msgid "Default: 180"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1491
-msgid "ca_db (string)"
+#: sssd.conf.5.xml:1508
+msgid "ssh_use_certificate_keys (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1494
+#: sssd.conf.5.xml:1511
 msgid ""
-"Path to a storage of trusted CA certificates. The option is used to validate "
-"user certificates before deriving public ssh keys from them."
+"If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh "
+"keys derived from the public key of X.509 certificates stored in the user "
+"entry as well. See <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</"
+"refentrytitle> <manvolnum>1</manvolnum> </citerefentry> for details."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1526
+msgid "ca_db (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1499
-msgid "Default: /etc/pki/nssdb"
+#: sssd.conf.5.xml:1529
+msgid ""
+"Path to a storage of trusted CA certificates. The option is used to validate "
+"user certificates before deriving public ssh keys from them."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1507
+#: sssd.conf.5.xml:1557
 msgid "PAC responder configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1509
+#: sssd.conf.5.xml:1559
 msgid ""
 "The PAC responder works together with the authorization data plugin for MIT "
 "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -1909,7 +1950,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1518
+#: sssd.conf.5.xml:1568
 msgid ""
 "If the remote user does not exist in the cache, it is created. The UID is "
 "determined with the help of the SID, trusted domains will have UPGs and the "
@@ -1920,24 +1961,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1526
+#: sssd.conf.5.xml:1576
 msgid ""
 "If there are SIDs of groups from domains sssd knows about, the user will be "
 "added to those groups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1532
+#: sssd.conf.5.xml:1582
 msgid "These options can be used to configure the PAC responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1536 sssd-ifp.5.xml:50
+#: sssd.conf.5.xml:1586 sssd-ifp.5.xml:50
 msgid "allowed_uids (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1539
+#: sssd.conf.5.xml:1589
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -1945,12 +1986,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1545
+#: sssd.conf.5.xml:1595
 msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1549
+#: sssd.conf.5.xml:1599
 msgid ""
 "Please note that although the UID 0 is used as the default it will be "
 "overwritten with this option. If you still want to allow the root user to "
@@ -1959,26 +2000,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1558
+#: sssd.conf.5.xml:1608
 msgid "pac_lifetime (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1561
+#: sssd.conf.5.xml:1611
 msgid ""
 "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
 "data can be used to determine the group memberships of a user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1574
-#, fuzzy
-#| msgid "General service configuration options"
+#: sssd.conf.5.xml:1624
 msgid "Session recording configuration options"
-msgstr "基本服务配置选项"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1576
+#: sssd.conf.5.xml:1626
 msgid ""
 "Session recording works in conjunction with <citerefentry> "
 "<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </"
@@ -1988,70 +2027,66 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1589
-#, fuzzy
-#| msgid "These options can be used to configure any service."
+#: sssd.conf.5.xml:1639
 msgid "These options can be used to configure session recording."
-msgstr "这些选项可被用于配置任何服务。"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1593 sssd-session-recording.5.xml:64
+#: sssd.conf.5.xml:1643 sssd-session-recording.5.xml:64
 msgid "scope (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1600 sssd-session-recording.5.xml:71
+#: sssd.conf.5.xml:1650 sssd-session-recording.5.xml:71
 msgid "\"none\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1603 sssd-session-recording.5.xml:74
+#: sssd.conf.5.xml:1653 sssd-session-recording.5.xml:74
 msgid "No users are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1608 sssd-session-recording.5.xml:79
+#: sssd.conf.5.xml:1658 sssd-session-recording.5.xml:79
 msgid "\"some\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1611 sssd-session-recording.5.xml:82
+#: sssd.conf.5.xml:1661 sssd-session-recording.5.xml:82
 msgid ""
 "Users/groups specified by <replaceable>users</replaceable> and "
 "<replaceable>groups</replaceable> options are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1620 sssd-session-recording.5.xml:91
+#: sssd.conf.5.xml:1670 sssd-session-recording.5.xml:91
 msgid "\"all\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1623 sssd-session-recording.5.xml:94
+#: sssd.conf.5.xml:1673 sssd-session-recording.5.xml:94
 msgid "All users are recorded."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1596 sssd-session-recording.5.xml:67
+#: sssd.conf.5.xml:1646 sssd-session-recording.5.xml:67
 msgid ""
 "One of the following strings specifying the scope of session recording: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1630 sssd-session-recording.5.xml:101
-#, fuzzy
-#| msgid "Default: 3"
+#: sssd.conf.5.xml:1680 sssd-session-recording.5.xml:101
 msgid "Default: \"none\""
-msgstr "默认： 3"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1635 sssd-session-recording.5.xml:106
+#: sssd.conf.5.xml:1685 sssd-session-recording.5.xml:106
 msgid "users (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1638 sssd-session-recording.5.xml:109
+#: sssd.conf.5.xml:1688 sssd-session-recording.5.xml:109
 msgid ""
 "A comma-separated list of users which should have session recording enabled. "
 "Matches user names as returned by NSS. I.e. after the possible space "
@@ -2059,17 +2094,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1644 sssd-session-recording.5.xml:115
+#: sssd.conf.5.xml:1694 sssd-session-recording.5.xml:115
 msgid "Default: Empty. Matches no users."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1649 sssd-session-recording.5.xml:120
+#: sssd.conf.5.xml:1699 sssd-session-recording.5.xml:120
 msgid "groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1652 sssd-session-recording.5.xml:123
+#: sssd.conf.5.xml:1702 sssd-session-recording.5.xml:123
 msgid ""
 "A comma-separated list of groups, members of which should have session "
 "recording enabled. Matches group names as returned by NSS. I.e. after the "
@@ -2077,7 +2112,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1658 sssd-session-recording.5.xml:129
+#: sssd.conf.5.xml:1708 sssd-session-recording.5.xml:129
 msgid ""
 "NOTE: using this option (having it set to anything) has a considerable "
 "performance cost, because each uncached request for a user requires "
@@ -2085,22 +2120,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1665 sssd-session-recording.5.xml:136
+#: sssd.conf.5.xml:1715 sssd-session-recording.5.xml:136
 msgid "Default: Empty. Matches no groups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1675
+#: sssd.conf.5.xml:1725
 msgid "DOMAIN SECTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1682
+#: sssd.conf.5.xml:1732
 msgid "domain_type (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1685
+#: sssd.conf.5.xml:1735
 msgid ""
 "Specifies whether the domain is meant to be used by POSIX-aware clients such "
 "as the Name Service Switch or by applications that do not need POSIX data to "
@@ -2109,14 +2144,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1693
+#: sssd.conf.5.xml:1743
 msgid ""
 "Allowed values for this option are <quote>posix</quote> and "
 "<quote>application</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1697
+#: sssd.conf.5.xml:1747
 msgid ""
 "POSIX domains are reachable by all services. Application domains are only "
 "reachable from the InfoPipe responder (see <citerefentry> "
@@ -2125,38 +2160,38 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1705
+#: sssd.conf.5.xml:1755
 msgid ""
 "NOTE: The application domains are currently well tested with "
 "<quote>id_provider=ldap</quote> only."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1709
+#: sssd.conf.5.xml:1759
 msgid ""
 "For an easy way to configure a non-POSIX domains, please see the "
 "<quote>Application domains</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1713
+#: sssd.conf.5.xml:1763
 msgid "Default: posix"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1719
+#: sssd.conf.5.xml:1769
 msgid "min_id,max_id (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1722
+#: sssd.conf.5.xml:1772
 msgid ""
 "UID and GID limits for the domain. If a domain contains an entry that is "
 "outside these limits, it is ignored."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1727
+#: sssd.conf.5.xml:1777
 msgid ""
 "For users, this affects the primary GID limit. The user will not be returned "
 "to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -2165,24 +2200,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1734
+#: sssd.conf.5.xml:1784
 msgid ""
 "These ID limits affect even saving entries to cache, not only returning them "
 "by name or ID."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1738
+#: sssd.conf.5.xml:1788
 msgid "Default: 1 for min_id, 0 (no limit) for max_id"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1744
+#: sssd.conf.5.xml:1794
 msgid "enumerate (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1747
+#: sssd.conf.5.xml:1797
 msgid ""
 "Determines if a domain can be enumerated, that is, whether the domain can "
 "list all the users and group it contains. Note that it is not required to "
@@ -2191,29 +2226,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1755
+#: sssd.conf.5.xml:1805
 msgid "TRUE = Users and groups are enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1758
+#: sssd.conf.5.xml:1808
 msgid "FALSE = No enumerations for this domain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1761 sssd.conf.5.xml:1983 sssd.conf.5.xml:2150
+#: sssd.conf.5.xml:1811 sssd.conf.5.xml:2033 sssd.conf.5.xml:2208
 msgid "Default: FALSE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1764
+#: sssd.conf.5.xml:1814
 msgid ""
 "Enumerating a domain requires SSSD to download and store ALL user and group "
 "entries from the remote server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1769
+#: sssd.conf.5.xml:1819
 msgid ""
 "Note: Enabling enumeration has a moderate performance impact on SSSD while "
 "enumeration is running. It may take up to several minutes after SSSD startup "
@@ -2227,14 +2262,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1784
+#: sssd.conf.5.xml:1834
 msgid ""
 "While the first enumeration is running, requests for the complete user or "
 "group lists may return no results until it completes."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1789
+#: sssd.conf.5.xml:1839
 msgid ""
 "Further, enabling enumeration may increase the time necessary to detect "
 "network disconnection, as longer timeouts are required to ensure that "
@@ -2243,39 +2278,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1797
+#: sssd.conf.5.xml:1847
 msgid ""
 "For the reasons cited above, enabling enumeration is not recommended, "
 "especially in large environments."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1805
+#: sssd.conf.5.xml:1855
 msgid "subdomain_enumerate (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1812
+#: sssd.conf.5.xml:1862
 msgid "all"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1813
+#: sssd.conf.5.xml:1863
 msgid "All discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1816
+#: sssd.conf.5.xml:1866
 msgid "none"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1817
+#: sssd.conf.5.xml:1867
 msgid "No discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1808
+#: sssd.conf.5.xml:1858
 msgid ""
 "Whether any of autodetected trusted domains should be enumerated. The "
 "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -2284,19 +2319,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1831
+#: sssd.conf.5.xml:1881
 msgid "entry_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1834
+#: sssd.conf.5.xml:1884
 msgid ""
 "How many seconds should nss_sss consider entries valid before asking the "
 "backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1838
+#: sssd.conf.5.xml:1888
 msgid ""
 "The cache expiration timestamps are stored as attributes of individual "
 "objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -2307,151 +2342,151 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1851
+#: sssd.conf.5.xml:1901
 msgid "Default: 5400"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1857
+#: sssd.conf.5.xml:1907
 msgid "entry_cache_user_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1860
+#: sssd.conf.5.xml:1910
 msgid ""
 "How many seconds should nss_sss consider user entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1864 sssd.conf.5.xml:1877 sssd.conf.5.xml:1890
-#: sssd.conf.5.xml:1903 sssd.conf.5.xml:1916 sssd.conf.5.xml:1930
-#: sssd.conf.5.xml:1944
+#: sssd.conf.5.xml:1914 sssd.conf.5.xml:1927 sssd.conf.5.xml:1940
+#: sssd.conf.5.xml:1953 sssd.conf.5.xml:1966 sssd.conf.5.xml:1980
+#: sssd.conf.5.xml:1994
 msgid "Default: entry_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1870
+#: sssd.conf.5.xml:1920
 msgid "entry_cache_group_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1873
+#: sssd.conf.5.xml:1923
 msgid ""
 "How many seconds should nss_sss consider group entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1883
+#: sssd.conf.5.xml:1933
 msgid "entry_cache_netgroup_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1886
+#: sssd.conf.5.xml:1936
 msgid ""
 "How many seconds should nss_sss consider netgroup entries valid before "
 "asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1896
+#: sssd.conf.5.xml:1946
 msgid "entry_cache_service_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1899
+#: sssd.conf.5.xml:1949
 msgid ""
 "How many seconds should nss_sss consider service entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1909
+#: sssd.conf.5.xml:1959
 msgid "entry_cache_sudo_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:1962
 msgid ""
 "How many seconds should sudo consider rules valid before asking the backend "
 "again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1922
+#: sssd.conf.5.xml:1972
 msgid "entry_cache_autofs_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1925
+#: sssd.conf.5.xml:1975
 msgid ""
 "How many seconds should the autofs service consider automounter maps valid "
 "before asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1936
+#: sssd.conf.5.xml:1986
 msgid "entry_cache_ssh_host_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1939
+#: sssd.conf.5.xml:1989
 msgid ""
 "How many seconds to keep a host ssh key after refresh. IE how long to cache "
 "the host key for."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1950
+#: sssd.conf.5.xml:2000
 msgid "refresh_expired_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1953
+#: sssd.conf.5.xml:2003
 msgid ""
 "Specifies how many seconds SSSD has to wait before triggering a background "
 "refresh task which will refresh all expired or nearly expired records."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1958
+#: sssd.conf.5.xml:2008
 msgid ""
 "The background refresh will process users, groups and netgroups in the cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1962
+#: sssd.conf.5.xml:2012
 msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1966 sssd-ldap.5.xml:746 sssd-ipa.5.xml:254
+#: sssd.conf.5.xml:2016 sssd-ldap.5.xml:746 sssd-ipa.5.xml:254
 msgid "Default: 0 (disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1972
+#: sssd.conf.5.xml:2022
 msgid "cache_credentials (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1975
+#: sssd.conf.5.xml:2025
 msgid "Determines if user credentials are also cached in the local LDB cache"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1979
+#: sssd.conf.5.xml:2029
 msgid "User credentials are stored in a SHA512 hash, not in plaintext"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1989
+#: sssd.conf.5.xml:2039
 msgid "cache_credentials_minimal_first_factor_length (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1992
+#: sssd.conf.5.xml:2042
 msgid ""
 "If 2-Factor-Authentication (2FA) is used and credentials should be saved "
 "this value determines the minimal length the first authentication factor "
@@ -2459,24 +2494,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1999
+#: sssd.conf.5.xml:2049
 msgid ""
 "This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
 "the cache which would make them easy targets for brute-force attacks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2004
+#: sssd.conf.5.xml:2054
 msgid "Default: 8"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2010
+#: sssd.conf.5.xml:2060
 msgid "account_cache_expiration (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2013
+#: sssd.conf.5.xml:2063
 msgid ""
 "Number of days entries are left in cache after last successful login before "
 "being removed during a cleanup of the cache. 0 means keep forever.  The "
@@ -2485,17 +2520,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2020
+#: sssd.conf.5.xml:2070
 msgid "Default: 0 (unlimited)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2025
+#: sssd.conf.5.xml:2075
 msgid "pwd_expiration_warning (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2036
+#: sssd.conf.5.xml:2086
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -2504,33 +2539,42 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2043
+#: sssd.conf.5.xml:2093
 msgid "Default: 7 (Kerberos), 0 (LDAP)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2049
+#: sssd.conf.5.xml:2099
 msgid "id_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2052
+#: sssd.conf.5.xml:2102
 msgid ""
 "The identification provider used for the domain.  Supported ID providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2056
-msgid "<quote>proxy</quote>: Support a legacy NSS provider"
+#: sssd.conf.5.xml:2106
+msgid "<quote>proxy</quote>: Support a legacy NSS provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2059 sssd.conf.5.xml:2196
-msgid "<quote>local</quote>: SSSD internal provider for local users"
+#: sssd.conf.5.xml:2109
+msgid ""
+"<quote>local</quote>: SSSD internal provider for local users (DEPRECATED)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2063
+#: sssd.conf.5.xml:2113
+msgid ""
+"<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-"
+"files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
+"information on how to mirror local users and groups into SSSD."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2121
 msgid ""
 "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
 "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -2538,8 +2582,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2071 sssd.conf.5.xml:2176 sssd.conf.5.xml:2231
-#: sssd.conf.5.xml:2294
+#: sssd.conf.5.xml:2129 sssd.conf.5.xml:2234 sssd.conf.5.xml:2289
+#: sssd.conf.5.xml:2352
 msgid ""
 "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
 "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -2548,8 +2592,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2080 sssd.conf.5.xml:2185 sssd.conf.5.xml:2240
-#: sssd.conf.5.xml:2303
+#: sssd.conf.5.xml:2138 sssd.conf.5.xml:2243 sssd.conf.5.xml:2298
+#: sssd.conf.5.xml:2361
 msgid ""
 "<quote>ad</quote>: Active Directory provider. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2557,19 +2601,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2091
+#: sssd.conf.5.xml:2149
 msgid "use_fully_qualified_names (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2094
+#: sssd.conf.5.xml:2152
 msgid ""
 "Use the full name and domain (as formatted by the domain's full_name_format) "
 "as the user's login name reported to NSS."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2099
+#: sssd.conf.5.xml:2157
 msgid ""
 "If set to TRUE, all requests to this domain must use fully qualified names. "
 "For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -2578,7 +2622,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2107
+#: sssd.conf.5.xml:2165
 msgid ""
 "NOTE: This option has no effect on netgroup lookups due to their tendency to "
 "include nested netgroups without qualified names. For netgroups, all domains "
@@ -2586,22 +2630,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2114
+#: sssd.conf.5.xml:2172
 msgid "Default: FALSE (TRUE if default_domain_suffix is used)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2120
+#: sssd.conf.5.xml:2178
 msgid "ignore_group_members (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2123
+#: sssd.conf.5.xml:2181
 msgid "Do not return group members for group lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2126
+#: sssd.conf.5.xml:2184
 msgid ""
 "If set to TRUE, the group membership attribute is not requested from the "
 "ldap server, and group members are not returned when processing group lookup "
@@ -2613,7 +2657,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2144
+#: sssd.conf.5.xml:2202
 msgid ""
 "Enabling this option can also make access provider checks for group "
 "membership significantly faster, especially for groups containing many "
@@ -2621,19 +2665,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2155
+#: sssd.conf.5.xml:2213
 msgid "auth_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2158
+#: sssd.conf.5.xml:2216
 msgid ""
 "The authentication provider used for the domain.  Supported auth providers "
 "are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2162 sssd.conf.5.xml:2224
+#: sssd.conf.5.xml:2220 sssd.conf.5.xml:2282
 msgid ""
 "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2641,7 +2685,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2169
+#: sssd.conf.5.xml:2227
 msgid ""
 "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2649,30 +2693,35 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2193
+#: sssd.conf.5.xml:2251
 msgid ""
 "<quote>proxy</quote> for relaying authentication to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2200
+#: sssd.conf.5.xml:2254
+msgid "<quote>local</quote>: SSSD internal provider for local users"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2258
 msgid "<quote>none</quote> disables authentication explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2203
+#: sssd.conf.5.xml:2261
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "authentication requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2209
+#: sssd.conf.5.xml:2267
 msgid "access_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2212
+#: sssd.conf.5.xml:2270
 msgid ""
 "The access control provider used for the domain.  There are two built-in "
 "access providers (in addition to any included in installed backends)  "
@@ -2680,19 +2729,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2218
+#: sssd.conf.5.xml:2276
 msgid ""
 "<quote>permit</quote> always allow access. It's the only permitted access "
 "provider for a local domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2221
+#: sssd.conf.5.xml:2279
 msgid "<quote>deny</quote> always deny access."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2248
+#: sssd.conf.5.xml:2306
 msgid ""
 "<quote>simple</quote> access control based on access or deny lists. See "
 "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -2701,7 +2750,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2255
+#: sssd.conf.5.xml:2313
 msgid ""
 "<quote>krb5</quote>: .k5login based access control.  See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
@@ -2709,29 +2758,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2262
+#: sssd.conf.5.xml:2320
 msgid "<quote>proxy</quote> for relaying access control to another PAM module."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2265
+#: sssd.conf.5.xml:2323
 msgid "Default: <quote>permit</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2270
+#: sssd.conf.5.xml:2328
 msgid "chpass_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2273
+#: sssd.conf.5.xml:2331
 msgid ""
 "The provider which should handle change password operations for the domain.  "
 "Supported change password providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2278
+#: sssd.conf.5.xml:2336
 msgid ""
 "<quote>ldap</quote> to change a password stored in a LDAP server. See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -2739,7 +2788,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2286
+#: sssd.conf.5.xml:2344
 msgid ""
 "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2747,35 +2796,35 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2311
+#: sssd.conf.5.xml:2369
 msgid ""
 "<quote>proxy</quote> for relaying password changes to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2315
+#: sssd.conf.5.xml:2373
 msgid "<quote>none</quote> disallows password changes explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2318
+#: sssd.conf.5.xml:2376
 msgid ""
 "Default: <quote>auth_provider</quote> is used if it is set and can handle "
 "change password requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2325
+#: sssd.conf.5.xml:2383
 msgid "sudo_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2328
+#: sssd.conf.5.xml:2386
 msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2332
+#: sssd.conf.5.xml:2390
 msgid ""
 "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2783,32 +2832,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2340
+#: sssd.conf.5.xml:2398
 msgid ""
 "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2344
+#: sssd.conf.5.xml:2402
 msgid ""
 "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2348
+#: sssd.conf.5.xml:2406
 msgid "<quote>none</quote> disables SUDO explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2351 sssd.conf.5.xml:2437 sssd.conf.5.xml:2507
-#: sssd.conf.5.xml:2532
+#: sssd.conf.5.xml:2409 sssd.conf.5.xml:2495 sssd.conf.5.xml:2565
+#: sssd.conf.5.xml:2590
 msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2355
+#: sssd.conf.5.xml:2413
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -2819,7 +2868,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2370
+#: sssd.conf.5.xml:2428
 msgid ""
 "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the "
 "background unless the sudo provider is explicitly disabled. Set "
@@ -2828,12 +2877,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2380
+#: sssd.conf.5.xml:2438
 msgid "selinux_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2383
+#: sssd.conf.5.xml:2441
 msgid ""
 "The provider which should handle loading of selinux settings. Note that this "
 "provider will be called right after access provider ends.  Supported selinux "
@@ -2841,7 +2890,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2389
+#: sssd.conf.5.xml:2447
 msgid ""
 "<quote>ipa</quote> to load selinux settings from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2849,31 +2898,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2397
+#: sssd.conf.5.xml:2455
 msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2400
+#: sssd.conf.5.xml:2458
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "selinux loading requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2406
+#: sssd.conf.5.xml:2464
 msgid "subdomains_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2409
+#: sssd.conf.5.xml:2467
 msgid ""
 "The provider which should handle fetching of subdomains. This value should "
 "be always the same as id_provider.  Supported subdomain providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2415
+#: sssd.conf.5.xml:2473
 msgid ""
 "<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2881,7 +2930,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2424
+#: sssd.conf.5.xml:2482
 msgid ""
 "<quote>ad</quote> to load a list of subdomains from an Active Directory "
 "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -2890,17 +2939,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2433
+#: sssd.conf.5.xml:2491
 msgid "<quote>none</quote> disallows fetching subdomains explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2443
+#: sssd.conf.5.xml:2501
 msgid "session_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2446
+#: sssd.conf.5.xml:2504
 msgid ""
 "The provider which configures and manages user session related tasks. The "
 "only user session task currently provided is the integration with Fleet "
@@ -2908,43 +2957,43 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2453
+#: sssd.conf.5.xml:2511
 msgid "<quote>ipa</quote> to allow performing user session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2457
+#: sssd.conf.5.xml:2515
 msgid ""
 "<quote>none</quote> does not perform any kind of user session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2461
+#: sssd.conf.5.xml:2519
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can perform "
 "session related tasks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2465
+#: sssd.conf.5.xml:2523
 msgid ""
 "<emphasis>NOTE:</emphasis> In order to have this feature working as expected "
 "SSSD must be running as \"root\" and not as the unprivileged user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2473
+#: sssd.conf.5.xml:2531
 msgid "autofs_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2476
+#: sssd.conf.5.xml:2534
 msgid ""
 "The autofs provider used for the domain.  Supported autofs providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2480
+#: sssd.conf.5.xml:2538
 msgid ""
 "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2952,7 +3001,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2487
+#: sssd.conf.5.xml:2545
 msgid ""
 "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
 "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2960,7 +3009,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2495
+#: sssd.conf.5.xml:2553
 msgid ""
 "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2968,24 +3017,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2504
+#: sssd.conf.5.xml:2562
 msgid "<quote>none</quote> disables autofs explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2514
+#: sssd.conf.5.xml:2572
 msgid "hostid_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2517
+#: sssd.conf.5.xml:2575
 msgid ""
 "The provider used for retrieving host identity information.  Supported "
 "hostid providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2521
+#: sssd.conf.5.xml:2579
 msgid ""
 "<quote>ipa</quote> to load host identity stored in an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2993,12 +3042,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2529
+#: sssd.conf.5.xml:2587
 msgid "<quote>none</quote> disables hostid explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2542
+#: sssd.conf.5.xml:2600
 msgid ""
 "Regular expression for this domain that describes how to parse the string "
 "containing user name and domain into these components.  The \"domain\" can "
@@ -3008,7 +3057,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2551
+#: sssd.conf.5.xml:2609
 msgid ""
 "Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
 "\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -3017,29 +3066,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2556
+#: sssd.conf.5.xml:2614
 msgid "username"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2559
+#: sssd.conf.5.xml:2617
 msgid "username@domain.name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2562
+#: sssd.conf.5.xml:2620
 msgid "domain\\username"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2565
+#: sssd.conf.5.xml:2623
 msgid ""
 "While the first two correspond to the general default the third one is "
 "introduced to allow easy integration of users from Windows domains."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2570
+#: sssd.conf.5.xml:2628
 msgid ""
 "Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
 "which translates to \"the name is everything up to the <quote>@</quote> "
@@ -3047,7 +3096,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2576
+#: sssd.conf.5.xml:2634
 msgid ""
 "PLEASE NOTE: the support for non-unique named subpatterns is not available "
 "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -3055,66 +3104,66 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2583
+#: sssd.conf.5.xml:2641
 msgid ""
 "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
 "P&lt;name&gt;) to label subpatterns."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2630
+#: sssd.conf.5.xml:2688
 msgid "Default: <quote>%1$s@%2$s</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2636
+#: sssd.conf.5.xml:2694
 msgid "lookup_family_order (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2639
+#: sssd.conf.5.xml:2697
 msgid ""
 "Provides the ability to select preferred address family to use when "
 "performing DNS lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2643
+#: sssd.conf.5.xml:2701
 msgid "Supported values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2646
+#: sssd.conf.5.xml:2704
 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2649
+#: sssd.conf.5.xml:2707
 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2652
+#: sssd.conf.5.xml:2710
 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2655
+#: sssd.conf.5.xml:2713
 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2658
+#: sssd.conf.5.xml:2716
 msgid "Default: ipv4_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2664
+#: sssd.conf.5.xml:2722
 msgid "dns_resolver_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2667
+#: sssd.conf.5.xml:2725
 msgid ""
 "Defines the amount of time (in seconds) to wait for a reply from the "
 "internal fail over service before assuming that the service is unreachable. "
@@ -3123,77 +3172,77 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2674
+#: sssd.conf.5.xml:2732
 msgid ""
 "Please see the section <quote>FAILOVER</quote> for more information about "
 "the service resolution."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2679 sssd-ldap.5.xml:1396 sssd-ldap.5.xml:1438
+#: sssd.conf.5.xml:2737 sssd-ldap.5.xml:1396 sssd-ldap.5.xml:1438
 #: sssd-ldap.5.xml:1456 sssd-krb5.5.xml:248
 msgid "Default: 6"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2685
+#: sssd.conf.5.xml:2743
 msgid "dns_discovery_domain (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2688
+#: sssd.conf.5.xml:2746
 msgid ""
 "If service discovery is used in the back end, specifies the domain part of "
 "the service discovery DNS query."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2692
+#: sssd.conf.5.xml:2750
 msgid "Default: Use the domain part of machine's hostname"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2698
+#: sssd.conf.5.xml:2756
 msgid "override_gid (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2701
+#: sssd.conf.5.xml:2759
 msgid "Override the primary GID value with the one specified."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2707
+#: sssd.conf.5.xml:2765
 msgid "case_sensitive (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2715
+#: sssd.conf.5.xml:2773
 msgid "True"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2718
+#: sssd.conf.5.xml:2776
 msgid "Case sensitive. This value is invalid for AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2724
+#: sssd.conf.5.xml:2782
 msgid "False"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2726
+#: sssd.conf.5.xml:2784
 msgid "Case insensitive."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2730
+#: sssd.conf.5.xml:2788
 msgid "Preserving"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2733
+#: sssd.conf.5.xml:2791
 msgid ""
 "Same as False (case insensitive), but does not lowercase names in the result "
 "of NSS operations. Note that name aliases (and in case of services also "
@@ -3201,7 +3250,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2710
+#: sssd.conf.5.xml:2768
 msgid ""
 "Treat user and group names as case sensitive. At the moment, this option is "
 "not supported in the local provider. Possible option values are: "
@@ -3209,17 +3258,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2745
+#: sssd.conf.5.xml:2803
 msgid "Default: True (False for AD provider)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2751
+#: sssd.conf.5.xml:2809
 msgid "subdomain_inherit (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2754
+#: sssd.conf.5.xml:2812
 msgid ""
 "Specifies a list of configuration parameters that should be inherited by a "
 "subdomain. Please note that only selected parameters can be inherited.  "
@@ -3227,34 +3276,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2760
+#: sssd.conf.5.xml:2818
 msgid "ignore_group_members"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2763
+#: sssd.conf.5.xml:2821
 msgid "ldap_purge_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2766 sssd-ldap.5.xml:1120
+#: sssd.conf.5.xml:2824 sssd-ldap.5.xml:1120
 msgid "ldap_use_tokengroups"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2769
+#: sssd.conf.5.xml:2827
 msgid "ldap_user_principal"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2772
+#: sssd.conf.5.xml:2830
 msgid ""
 "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
 "is not set explicitly)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:2778
+#: sssd.conf.5.xml:2836
 #, no-wrap
 msgid ""
 "subdomain_inherit = ldap_purge_cache_timeout\n"
@@ -3262,32 +3311,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2776 sssd-secrets.5.xml:448
+#: sssd.conf.5.xml:2834 sssd-secrets.5.xml:448
 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2785
+#: sssd.conf.5.xml:2843
 msgid "Note: This option only works with the IPA and AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2792
+#: sssd.conf.5.xml:2850
 msgid "subdomain_homedir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2803
+#: sssd.conf.5.xml:2861
 msgid "%F"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2804
+#: sssd.conf.5.xml:2862
 msgid "flat (NetBIOS) name of a subdomain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2795
+#: sssd.conf.5.xml:2853
 msgid ""
 "Use this homedir as default value for all subdomains within this domain in "
 "IPA AD trust.  See <emphasis>override_homedir</emphasis> for info about "
@@ -3297,34 +3346,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2809
+#: sssd.conf.5.xml:2867
 msgid ""
 "The value can be overridden by <emphasis>override_homedir</emphasis> option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2813
+#: sssd.conf.5.xml:2871
 msgid "Default: <filename>/home/%d/%u</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2818
+#: sssd.conf.5.xml:2876
 msgid "realmd_tags (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2821
+#: sssd.conf.5.xml:2879
 msgid ""
 "Various tags stored by the realmd configuration service for this domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2827
+#: sssd.conf.5.xml:2885
 msgid "cached_auth_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2830
+#: sssd.conf.5.xml:2888
 msgid ""
 "Specifies time in seconds since last successful online authentication for "
 "which user will be authenticated using cached credentials while SSSD is in "
@@ -3332,12 +3381,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2836
+#: sssd.conf.5.xml:2894
 msgid "Special value 0 implies that this feature is disabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2840
+#: sssd.conf.5.xml:2898
 msgid ""
 "Please note that if <quote>cached_auth_timeout</quote> is longer than "
 "<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -3345,26 +3394,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2851
+#: sssd.conf.5.xml:2909
 msgid "auto_private_groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2854
+#: sssd.conf.5.xml:2912
 msgid ""
 "If this option is enabled, SSSD will automatically create user private "
 "groups based on user's UID number. The GID number is ignored in this case."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2859
+#: sssd.conf.5.xml:2917
 msgid ""
 "For POSIX subdomains, setting the option in the main domain is inherited in "
 "the subdomain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2863
+#: sssd.conf.5.xml:2921
 msgid ""
 "For ID-mapping subdomains, auto_private_groups is already enabled for the "
 "subdomains and setting it to false will not have any effect for the "
@@ -3372,7 +3421,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2868
+#: sssd.conf.5.xml:2926
 msgid ""
 "NOTE: Because the GID number and the user private group are inferred from "
 "the UID number, it is not supported to have multiple entries with the same "
@@ -3381,7 +3430,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1677
+#: sssd.conf.5.xml:1727
 msgid ""
 "These configuration options can be present in a domain configuration "
 "section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -3389,29 +3438,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2887
+#: sssd.conf.5.xml:2945
 msgid "proxy_pam_target (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2890
+#: sssd.conf.5.xml:2948
 msgid "The proxy target PAM proxies to."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2893
+#: sssd.conf.5.xml:2951
 msgid ""
 "Default: not set by default, you have to take an existing pam configuration "
 "or create a new one and add the service name here."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2901
+#: sssd.conf.5.xml:2959
 msgid "proxy_lib_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2904
+#: sssd.conf.5.xml:2962
 msgid ""
 "The name of the NSS library to use in proxy domains. The NSS functions "
 "searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -3419,12 +3468,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2914
+#: sssd.conf.5.xml:2972
 msgid "proxy_fast_alias (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2917
+#: sssd.conf.5.xml:2975
 msgid ""
 "When a user or group is looked up by name in the proxy provider, a second "
 "lookup by ID is performed to \"canonicalize\" the name in case the requested "
@@ -3433,12 +3482,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2931
+#: sssd.conf.5.xml:2989
 msgid "proxy_max_children (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2934
+#: sssd.conf.5.xml:2992
 msgid ""
 "This option specifies the number of pre-forked proxy children. It is useful "
 "for high-load SSSD environments where sssd may run out of available child "
@@ -3446,19 +3495,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2883
+#: sssd.conf.5.xml:2941
 msgid ""
 "Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
 "\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2950
+#: sssd.conf.5.xml:3008
 msgid "Application domains"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2952
+#: sssd.conf.5.xml:3010
 msgid ""
 "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</"
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to "
@@ -3475,7 +3524,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2972
+#: sssd.conf.5.xml:3030
 msgid ""
 "Please note that the application domain must still be explicitly enabled in "
 "the <quote>domains</quote> parameter so that the lookup order between the "
@@ -3483,17 +3532,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:2978
+#: sssd.conf.5.xml:3036
 msgid "Application domain parameters"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2980
+#: sssd.conf.5.xml:3038
 msgid "inherit_from (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2983
+#: sssd.conf.5.xml:3041
 msgid ""
 "The SSSD POSIX-type domain the application domain inherits all settings "
 "from. The application domain can moreover add its own settings to the "
@@ -3502,7 +3551,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2997
+#: sssd.conf.5.xml:3055
 msgid ""
 "The following example illustrates the use of an application domain. In this "
 "setup, the POSIX domain is connected to an LDAP server and is used by the OS "
@@ -3512,7 +3561,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting>
-#: sssd.conf.5.xml:3005
+#: sssd.conf.5.xml:3063
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -3532,12 +3581,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:3023
+#: sssd.conf.5.xml:3081
 msgid "The local domain section"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:3025
+#: sssd.conf.5.xml:3083
 msgid ""
 "This section contains settings for domain that stores users and groups in "
 "SSSD native database, that is, a domain that uses "
@@ -3545,73 +3594,73 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3032
+#: sssd.conf.5.xml:3090
 msgid "default_shell (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3035
+#: sssd.conf.5.xml:3093
 msgid "The default shell for users created with SSSD userspace tools."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3039
+#: sssd.conf.5.xml:3097
 msgid "Default: <filename>/bin/bash</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3044
+#: sssd.conf.5.xml:3102
 msgid "base_directory (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3047
+#: sssd.conf.5.xml:3105
 msgid ""
 "The tools append the login name to <replaceable>base_directory</replaceable> "
 "and use that as the home directory."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3052
+#: sssd.conf.5.xml:3110
 msgid "Default: <filename>/home</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3057
+#: sssd.conf.5.xml:3115
 msgid "create_homedir (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3060
+#: sssd.conf.5.xml:3118
 msgid ""
 "Indicate if a home directory should be created by default for new users.  "
 "Can be overridden on command line."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3064 sssd.conf.5.xml:3076
+#: sssd.conf.5.xml:3122 sssd.conf.5.xml:3134
 msgid "Default: TRUE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3069
+#: sssd.conf.5.xml:3127
 msgid "remove_homedir (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3072
+#: sssd.conf.5.xml:3130
 msgid ""
 "Indicate if a home directory should be removed by default for deleted "
 "users.  Can be overridden on command line."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3081
+#: sssd.conf.5.xml:3139
 msgid "homedir_umask (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3084
+#: sssd.conf.5.xml:3142
 msgid ""
 "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
 "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -3619,17 +3668,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3092
+#: sssd.conf.5.xml:3150
 msgid "Default: 077"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3097
+#: sssd.conf.5.xml:3155
 msgid "skel_dir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3100
+#: sssd.conf.5.xml:3158
 msgid ""
 "The skeleton directory, which contains files and directories to be copied in "
 "the user's home directory, when the home directory is created by "
@@ -3638,17 +3687,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3110
+#: sssd.conf.5.xml:3168
 msgid "Default: <filename>/etc/skel</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3115
+#: sssd.conf.5.xml:3173
 msgid "mail_dir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3118
+#: sssd.conf.5.xml:3176
 msgid ""
 "The mail spool directory. This is needed to manipulate the mailbox when its "
 "corresponding user account is modified or deleted.  If not specified, a "
@@ -3656,17 +3705,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3125
+#: sssd.conf.5.xml:3183
 msgid "Default: <filename>/var/mail</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:3130
+#: sssd.conf.5.xml:3188
 msgid "userdel_cmd (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3133
+#: sssd.conf.5.xml:3191
 msgid ""
 "The command that is run after a user is removed.  The command us passed the "
 "username of the user being removed as the first and only parameter. The "
@@ -3674,17 +3723,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:3139
+#: sssd.conf.5.xml:3197
 msgid "Default: None, no command is run"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:3149
+#: sssd.conf.5.xml:3207
 msgid "TRUSTED DOMAIN SECTION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3151
+#: sssd.conf.5.xml:3209
 msgid ""
 "Some options used in the domain section can also be used in the trusted "
 "domain section, that is, in a section called <quote>[domain/"
@@ -3695,64 +3744,64 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3158
+#: sssd.conf.5.xml:3216
 msgid "ldap_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3159
+#: sssd.conf.5.xml:3217
 msgid "ldap_user_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3160
+#: sssd.conf.5.xml:3218
 msgid "ldap_group_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3161
+#: sssd.conf.5.xml:3219
 msgid "ldap_netgroup_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3162
+#: sssd.conf.5.xml:3220
 msgid "ldap_service_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3163
+#: sssd.conf.5.xml:3221
 msgid "ad_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3164
+#: sssd.conf.5.xml:3222
 msgid "ad_backup_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3165
+#: sssd.conf.5.xml:3223
 msgid "ad_site,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3166
+#: sssd.conf.5.xml:3224
 msgid "use_fully_qualified_names"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3168
+#: sssd.conf.5.xml:3226
 msgid ""
 "For more details about these options see their individual description in the "
 "manual page."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:3174 idmap_sss.8.xml:43
+#: sssd.conf.5.xml:3232 idmap_sss.8.xml:43
 msgid "EXAMPLES"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:3180
+#: sssd.conf.5.xml:3238
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -3782,7 +3831,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3176
+#: sssd.conf.5.xml:3234
 msgid ""
 "1. The following example shows a typical SSSD config. It does not describe "
 "configuration of the domains themselves - refer to documentation on "
@@ -3791,7 +3840,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:3213
+#: sssd.conf.5.xml:3271
 #, no-wrap
 msgid ""
 "[domain/ipa.com/child.ad.com]\n"
@@ -3799,7 +3848,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:3207
+#: sssd.conf.5.xml:3265
 msgid ""
 "2. The following example shows configuration of IPA AD trust where the AD "
 "forest consists of two domains in a parent-child structure.  Suppose IPA "
@@ -3847,7 +3896,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:81 sssd-ad.5.xml:112
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:81 sssd-ad.5.xml:115
 #: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44 sssd-files.5.xml:57
 #: sssd-secrets.5.xml:120 sssd-session-recording.5.xml:58 sssd-kcm.8.xml:139
 msgid "CONFIGURATION OPTIONS"
@@ -3948,7 +3997,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:662 sssd-ad.5.xml:283
+#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:662 sssd-ad.5.xml:286
 #: sss_override.8.xml:137 sss_override.8.xml:234
 msgid "Examples:"
 msgstr ""
@@ -4774,10 +4823,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:855
-#, fuzzy
-#| msgid "Default: 3"
 msgid "Default: rhost"
-msgstr "默认： 3"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:861
@@ -5163,10 +5210,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:1248
-#, fuzzy
-#| msgid "Default: 3"
 msgid "Default: fqdn"
-msgstr "默认： 3"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:1254
@@ -5766,7 +5811,7 @@ msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1853 sssd-ad.5.xml:934
+#: sssd-ldap.5.xml:1853 sssd-ad.5.xml:937
 msgid "Default: 86400 (24 hours)"
 msgstr ""
 
@@ -6838,8 +6883,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd-ldap.5.xml:2816 sssd-simple.5.xml:131 sssd-ipa.5.xml:736
-#: sssd-ad.5.xml:1038 sssd-krb5.5.xml:570 sss_rpcidmapd.5.xml:98
-#: sssd-files.5.xml:71 sssd-session-recording.5.xml:144
+#: sssd-ad.5.xml:1041 sssd-krb5.5.xml:570 sss_rpcidmapd.5.xml:98
+#: sssd-files.5.xml:103 sssd-session-recording.5.xml:144
 msgid "EXAMPLE"
 msgstr ""
 
@@ -6866,8 +6911,8 @@ msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para>
 #: sssd-ldap.5.xml:2823 sssd-ldap.5.xml:2841 sssd-simple.5.xml:139
-#: sssd-ipa.5.xml:744 sssd-ad.5.xml:1046 sssd-sudo.5.xml:56 sssd-krb5.5.xml:579
-#: sssd-files.5.xml:78 sssd-session-recording.5.xml:150
+#: sssd-ipa.5.xml:744 sssd-ad.5.xml:1049 sssd-sudo.5.xml:56 sssd-krb5.5.xml:579
+#: sssd-files.5.xml:110 sssd-session-recording.5.xml:150
 #: include/ldap_id_mapping.xml:105
 msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
@@ -6902,7 +6947,7 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd-ldap.5.xml:2857 sssd_krb5_locator_plugin.8.xml:61 sssd-simple.5.xml:148
-#: sssd-ad.5.xml:1061 sssd.8.xml:230 sss_seed.8.xml:163
+#: sssd-ad.5.xml:1064 sssd.8.xml:230 sss_seed.8.xml:163
 msgid "NOTES"
 msgstr ""
 
@@ -7313,7 +7358,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:82 sssd-ad.5.xml:113
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:82 sssd-ad.5.xml:116
 msgid ""
 "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
 "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -7410,23 +7455,24 @@ msgstr ""
 msgid ""
 "The rules are processed by priority while the number '0' (zero)  indicates "
 "the highest priority. The higher the number the lower is the priority. A "
-"missing value indicates the lowest priority."
+"missing value indicates the lowest priority. The rules processing is stopped "
+"when a matched rule is found and no further rules are checked."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:50
+#: sss-certmap.5.xml:52
 msgid ""
 "Internally the priority is treated as unsigned 32bit integer, using a "
 "priority value larger than 4294967295 will cause an error."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sss-certmap.5.xml:55
+#: sss-certmap.5.xml:57
 msgid "MATCHING RULE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:57
+#: sss-certmap.5.xml:59
 msgid ""
 "The matching rule is used to select a certificate to which the mapping rule "
 "should be applied. It uses a system similar to the one used by "
@@ -7438,12 +7484,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:69
+#: sss-certmap.5.xml:71
 msgid "&lt;SUBJECT&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:72
+#: sss-certmap.5.xml:74
 msgid ""
 "With this a part or the whole subject name of the certificate can be "
 "matched. For the matching POSIX Extended Regular Expression syntax is used, "
@@ -7451,7 +7497,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:78
+#: sss-certmap.5.xml:80
 msgid ""
 "For the matching the subject name stored in the certificate in DER encoded "
 "ASN.1 is converted into a string according to RFC 4514. This means the most "
@@ -7464,172 +7510,172 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:91
+#: sss-certmap.5.xml:93
 msgid "Example: &lt;SUBJECT&gt;.*,DC=MY,DC=DOMAIN"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:96
+#: sss-certmap.5.xml:98
 msgid "&lt;ISSUER&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:99
+#: sss-certmap.5.xml:101
 msgid ""
 "With this a part or the whole issuer name of the certificate can be matched. "
 "All comments for &lt;SUBJECT&gt; apply her as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:104
+#: sss-certmap.5.xml:106
 msgid "Example: &lt;ISSUER&gt;^CN=My-CA,DC=MY,DC=DOMAIN$"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:109
+#: sss-certmap.5.xml:111
 msgid "&lt;KU&gt;key-usage"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:112
+#: sss-certmap.5.xml:114
 msgid ""
 "This option can be used to specify which key usage values the certificate "
 "should have. The following values can be used in a comma separated list:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:116
+#: sss-certmap.5.xml:118
 msgid "digitalSignature"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:117
+#: sss-certmap.5.xml:119
 msgid "nonRepudiation"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:118
+#: sss-certmap.5.xml:120
 msgid "keyEncipherment"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:119
+#: sss-certmap.5.xml:121
 msgid "dataEncipherment"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:120
+#: sss-certmap.5.xml:122
 msgid "keyAgreement"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:121
+#: sss-certmap.5.xml:123
 msgid "keyCertSign"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:122
+#: sss-certmap.5.xml:124
 msgid "cRLSign"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:123
+#: sss-certmap.5.xml:125
 msgid "encipherOnly"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:124
+#: sss-certmap.5.xml:126
 msgid "decipherOnly"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:128
+#: sss-certmap.5.xml:130
 msgid ""
 "A numerical value in the range of a 32bit unsigned integer can be used as "
 "well to cover special use cases."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:132
+#: sss-certmap.5.xml:134
 msgid "Example: &lt;KU&gt;digitalSignature,keyEncipherment"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:137
+#: sss-certmap.5.xml:139
 msgid "&lt;EKU&gt;extended-key-usage"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:140
+#: sss-certmap.5.xml:142
 msgid ""
 "This option can be used to specify which extended key usage the certificate "
 "should have. The following value can be used in a comma separated list:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:144
+#: sss-certmap.5.xml:146
 msgid "serverAuth"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:145
+#: sss-certmap.5.xml:147
 msgid "clientAuth"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:146
+#: sss-certmap.5.xml:148
 msgid "codeSigning"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:147
+#: sss-certmap.5.xml:149
 msgid "emailProtection"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:148
+#: sss-certmap.5.xml:150
 msgid "timeStamping"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:149
+#: sss-certmap.5.xml:151
 msgid "OCSPSigning"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:150
+#: sss-certmap.5.xml:152
 msgid "KPClientAuth"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:151
+#: sss-certmap.5.xml:153
 msgid "pkinit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sss-certmap.5.xml:152
+#: sss-certmap.5.xml:154
 msgid "msScLogin"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:156
+#: sss-certmap.5.xml:158
 msgid ""
 "Extended key usages which are not listed above can be specified with their "
 "OID in dotted-decimal notation."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:160
+#: sss-certmap.5.xml:162
 msgid "Example: &lt;EKU&gt;clientAuth,1.3.6.1.5.2.3.4"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:165
+#: sss-certmap.5.xml:167
 msgid "&lt;SAN&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:168
+#: sss-certmap.5.xml:170
 msgid ""
 "To be compatible with the usage of MIT Kerberos this option will match the "
 "Kerberos principals in the PKINIT or AD NT Principal SAN as &lt;SAN:"
@@ -7637,62 +7683,62 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:173
+#: sss-certmap.5.xml:175
 msgid "Example: &lt;SAN&gt;.*@MY\\.REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:178
+#: sss-certmap.5.xml:180
 msgid "&lt;SAN:Principal&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:181
+#: sss-certmap.5.xml:183
 msgid "Match the Kerberos principals in the PKINIT or AD NT Principal SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:185
+#: sss-certmap.5.xml:187
 msgid "Example: &lt;SAN:Principal&gt;.*@MY\\.REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:190
+#: sss-certmap.5.xml:192
 msgid "&lt;SAN:ntPrincipalName&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:193
+#: sss-certmap.5.xml:195
 msgid "Match the Kerberos principals from the AD NT Principal SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:197
+#: sss-certmap.5.xml:199
 msgid "Example: &lt;SAN:ntPrincipalName&gt;.*@MY.AD.REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:202
+#: sss-certmap.5.xml:204
 msgid "&lt;SAN:pkinit&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:205
+#: sss-certmap.5.xml:207
 msgid "Match the Kerberos principals from the PKINIT SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:208
+#: sss-certmap.5.xml:210
 msgid "Example: &lt;SAN:ntPrincipalName&gt;.*@MY\\.PKINIT\\.REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:213
+#: sss-certmap.5.xml:215
 msgid "&lt;SAN:dotted-decimal-oid&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:216
+#: sss-certmap.5.xml:218
 msgid ""
 "Take the value of the otherName SAN component given by the OID in dotted-"
 "decimal notation, interpret it as string and try to match it against the "
@@ -7700,17 +7746,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:222
+#: sss-certmap.5.xml:224
 msgid "Example: &lt;SAN:1.2.3.4&gt;test"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:227
+#: sss-certmap.5.xml:229
 msgid "&lt;SAN:otherName&gt;base64-string"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:230
+#: sss-certmap.5.xml:232
 msgid ""
 "Do a binary match with the base64 encoded blob against all otherName SAN "
 "components. With this option it is possible to match against custom "
@@ -7719,145 +7765,145 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:237
+#: sss-certmap.5.xml:239
 msgid "Example: &lt;SAN:otherName&gt;MTIz"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:242
+#: sss-certmap.5.xml:244
 msgid "&lt;SAN:rfc822Name&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:245
+#: sss-certmap.5.xml:247
 msgid "Match the value of the rfc822Name SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:248
+#: sss-certmap.5.xml:250
 msgid "Example: &lt;SAN:rfc822Name&gt;.*@email\\.domain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:253
+#: sss-certmap.5.xml:255
 msgid "&lt;SAN:dNSName&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:256
+#: sss-certmap.5.xml:258
 msgid "Match the value of the dNSName SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:259
+#: sss-certmap.5.xml:261
 msgid "Example: &lt;SAN:dNSName&gt;.*\\.my\\.dns\\.domain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:264
+#: sss-certmap.5.xml:266
 msgid "&lt;SAN:x400Address&gt;base64-string"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:267
+#: sss-certmap.5.xml:269
 msgid "Binary match the value of the x400Address SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:270
+#: sss-certmap.5.xml:272
 msgid "Example: &lt;SAN:x400Address&gt;MTIz"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:275
+#: sss-certmap.5.xml:277
 msgid "&lt;SAN:directoryName&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:278
+#: sss-certmap.5.xml:280
 msgid ""
 "Match the value of the directoryName SAN. The same comments as given for &lt;"
 "ISSUER&gt; and &lt;SUBJECT&gt; apply here as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:283
+#: sss-certmap.5.xml:285
 msgid "Example: &lt;SAN:directoryName&gt;.*,DC=com"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:288
+#: sss-certmap.5.xml:290
 msgid "&lt;SAN:ediPartyName&gt;base64-string"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:291
+#: sss-certmap.5.xml:293
 msgid "Binary match the value of the ediPartyName SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:294
+#: sss-certmap.5.xml:296
 msgid "Example: &lt;SAN:ediPartyName&gt;MTIz"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:299
+#: sss-certmap.5.xml:301
 msgid "&lt;SAN:uniformResourceIdentifier&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:302
+#: sss-certmap.5.xml:304
 msgid "Match the value of the uniformResourceIdentifier SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:305
+#: sss-certmap.5.xml:307
 msgid "Example: &lt;SAN:uniformResourceIdentifier&gt;URN:.*"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:310
+#: sss-certmap.5.xml:312
 msgid "&lt;SAN:iPAddress&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:313
+#: sss-certmap.5.xml:315
 msgid "Match the value of the iPAddress SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:316
+#: sss-certmap.5.xml:318
 msgid "Example: &lt;SAN:iPAddress&gt;192\\.168\\..*"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:321
+#: sss-certmap.5.xml:323
 msgid "&lt;SAN:registeredID&gt;regular-expression"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:324
+#: sss-certmap.5.xml:326
 msgid "Match the value of the registeredID SAN as dotted-decimal string."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:328
+#: sss-certmap.5.xml:330
 msgid "Example: &lt;SAN:registeredID&gt;1\\.2\\.3\\..*"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:66
+#: sss-certmap.5.xml:68
 msgid ""
 "The available options are: <placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sss-certmap.5.xml:336
+#: sss-certmap.5.xml:338
 msgid "MAPPING RULE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:338
+#: sss-certmap.5.xml:340
 msgid ""
 "The mapping rule is used to associate a certificate with one or more "
 "accounts. A Smartcard with the certificate and the matching private key can "
@@ -7865,7 +7911,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:343
+#: sss-certmap.5.xml:345
 msgid ""
 "Currently SSSD basically only supports LDAP to lookup user information (the "
 "exception is the proxy provider which is not of relevance here). Because of "
@@ -7877,7 +7923,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:353
+#: sss-certmap.5.xml:355
 msgid ""
 "In general it is recommended to use attributes from the certificate and add "
 "them to special attributes to the LDAP user object. E.g. the "
@@ -7886,7 +7932,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:359
+#: sss-certmap.5.xml:361
 msgid ""
 "This should be preferred to read user specific data from the certificate "
 "like e.g. an email address and search for it in the LDAP server. The reason "
@@ -7896,12 +7942,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:374
+#: sss-certmap.5.xml:376
 msgid "{issuer_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:377
+#: sss-certmap.5.xml:379
 msgid ""
 "This template will add the full issuer DN converted to a string according to "
 "RFC 4514. If X.500 ordering (most specific RDN comes last) an option with "
@@ -7909,40 +7955,40 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:383 sss-certmap.5.xml:409
+#: sss-certmap.5.xml:385 sss-certmap.5.xml:411
 msgid ""
 "The conversion options starting with 'ad_' will use attribute names as used "
 "by AD, e.g. 'S' instead of 'ST'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:387 sss-certmap.5.xml:413
+#: sss-certmap.5.xml:389 sss-certmap.5.xml:415
 msgid ""
 "The conversion options starting with 'nss_' will use attribute names as used "
 "by NSS."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:391 sss-certmap.5.xml:417
+#: sss-certmap.5.xml:393 sss-certmap.5.xml:419
 msgid ""
 "The default conversion option is 'nss', i.e. attribute names according to "
 "NSS and LDAP/RFC 4514 ordering."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:395
+#: sss-certmap.5.xml:397
 msgid ""
 "Example: (ipacertmapdata=X509:&lt;I&gt;{issuer_dn!ad}&lt;S&gt;{subject_dn!"
 "ad})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:400
+#: sss-certmap.5.xml:402
 msgid "{subject_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:403
+#: sss-certmap.5.xml:405
 msgid ""
 "This template will add the full subject DN converted to string according to "
 "RFC 4514. If X.500 ordering (most specific RDN comes last) an option with "
@@ -7950,19 +7996,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:421
+#: sss-certmap.5.xml:423
 msgid ""
 "Example: (ipacertmapdata=X509:&lt;I&gt;{issuer_dn!nss_x500}&lt;S&gt;"
 "{subject_dn!nss_x500})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:426
+#: sss-certmap.5.xml:428
 msgid "{cert[!(bin|base64)]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:429
+#: sss-certmap.5.xml:431
 msgid ""
 "This template will add the whole DER encoded certificate as a string to the "
 "search filter. Depending on the conversion option the binary certificate is "
@@ -7972,17 +8018,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:437
+#: sss-certmap.5.xml:439
 msgid "Example: (userCertificate;binary={cert!bin})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:442
+#: sss-certmap.5.xml:444
 msgid "{subject_principal[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:445
+#: sss-certmap.5.xml:447
 msgid ""
 "This template will add the Kerberos principal which is taken either from the "
 "SAN used by pkinit or the one used by AD. The 'short_name' component "
@@ -7990,19 +8036,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:451 sss-certmap.5.xml:479
+#: sss-certmap.5.xml:453 sss-certmap.5.xml:481
 msgid ""
 "Example: (|(userPrincipal={subject_principal})"
 "(samAccountName={subject_principal.short_name}))"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:456
+#: sss-certmap.5.xml:458
 msgid "{subject_pkinit_principal[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:459
+#: sss-certmap.5.xml:461
 msgid ""
 "This template will add the Kerberos principal which is given by the SAN used "
 "by pkinit. The 'short_name' component represents the first part of the "
@@ -8010,19 +8056,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:465
+#: sss-certmap.5.xml:467
 msgid ""
 "Example: (|(userPrincipal={subject_pkinit_principal})"
 "(uid={subject_pkinit_principal.short_name}))"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:470
+#: sss-certmap.5.xml:472
 msgid "{subject_nt_principal[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:473
+#: sss-certmap.5.xml:475
 msgid ""
 "This template will add the Kerberos principal which is given by the SAN used "
 "by AD. The 'short_name' component represent the first part of the principal "
@@ -8030,12 +8076,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:484
+#: sss-certmap.5.xml:486
 msgid "{subject_rfc822_name[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:487
+#: sss-certmap.5.xml:489
 msgid ""
 "This template will add the string which is stored in the rfc822Name "
 "component of the SAN, typically an email address. The 'short_name' component "
@@ -8043,19 +8089,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:493
+#: sss-certmap.5.xml:495
 msgid ""
 "Example: (|(mail={subject_rfc822_name})(uid={subject_rfc822_name."
 "short_name}))"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:498
+#: sss-certmap.5.xml:500
 msgid "{subject_dns_name[.short_name]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:501
+#: sss-certmap.5.xml:503
 msgid ""
 "This template will add the string which is stored in the dNSName component "
 "of the SAN, typically a fully-qualified host name.  The 'short_name' "
@@ -8063,116 +8109,116 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:507
+#: sss-certmap.5.xml:509
 msgid ""
 "Example: (|(fqdn={subject_dns_name})(host={subject_dns_name.short_name}))"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:512
+#: sss-certmap.5.xml:514
 msgid "{subject_uri}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:515
+#: sss-certmap.5.xml:517
 msgid ""
 "This template will add the string which is stored in the "
 "uniformResourceIdentifier component of the SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:519
+#: sss-certmap.5.xml:521
 msgid "Example: (uri={subject_uri})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:524
+#: sss-certmap.5.xml:526
 msgid "{subject_ip_address}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:527
+#: sss-certmap.5.xml:529
 msgid ""
 "This template will add the string which is stored in the iPAddress component "
 "of the SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:531
+#: sss-certmap.5.xml:533
 msgid "Example: (ip={subject_ip_address})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:536
+#: sss-certmap.5.xml:538
 msgid "{subject_x400_address}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:539
+#: sss-certmap.5.xml:541
 msgid ""
 "This template will add the value which is stored in the x400Address "
 "component of the SAN as escaped hex sequence."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:544
+#: sss-certmap.5.xml:546
 msgid "Example: (attr:binary={subject_x400_address})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:549
+#: sss-certmap.5.xml:551
 msgid ""
 "{subject_directory_name[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:552
+#: sss-certmap.5.xml:554
 msgid ""
 "This template will add the DN string of the value which is stored in the "
 "directoryName component of the SAN."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:556
+#: sss-certmap.5.xml:558
 msgid "Example: (orig_dn={subject_directory_name})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:561
+#: sss-certmap.5.xml:563
 msgid "{subject_ediparty_name}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:564
+#: sss-certmap.5.xml:566
 msgid ""
 "This template will add the value which is stored in the ediPartyName "
 "component of the SAN as escaped hex sequence."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:569
+#: sss-certmap.5.xml:571
 msgid "Example: (attr:binary={subject_ediparty_name})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sss-certmap.5.xml:574
+#: sss-certmap.5.xml:576
 msgid "{subject_registered_id}"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:577
+#: sss-certmap.5.xml:579
 msgid ""
 "This template will add the OID which is stored in the registeredID component "
 "of the SAN as a dotted-decimal string."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sss-certmap.5.xml:582
+#: sss-certmap.5.xml:584
 msgid "Example: (oid={subject_registered_id})"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:367
+#: sss-certmap.5.xml:369
 msgid ""
 "The templates to add certificate data to the search filter are based on "
 "Python-style formatting strings. They consist of a keyword in curly braces "
@@ -8182,12 +8228,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sss-certmap.5.xml:590
+#: sss-certmap.5.xml:592
 msgid "DOMAIN LIST"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sss-certmap.5.xml:592
+#: sss-certmap.5.xml:594
 msgid ""
 "If the domain list is not empty users mapped to a given certificate are not "
 "only searched in the local domain but in the listed domains as well as long "
@@ -8308,7 +8354,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:863
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:866
 msgid "dyndns_update (boolean)"
 msgstr ""
 
@@ -8323,7 +8369,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:140 sssd-ad.5.xml:877
+#: sssd-ipa.5.xml:140 sssd-ad.5.xml:880
 msgid ""
 "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
 "the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -8338,12 +8384,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:157 sssd-ad.5.xml:888
+#: sssd-ipa.5.xml:157 sssd-ad.5.xml:891
 msgid "dyndns_ttl (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:160 sssd-ad.5.xml:891
+#: sssd-ipa.5.xml:160 sssd-ad.5.xml:894
 msgid ""
 "The TTL to apply to the client DNS record when updating it.  If "
 "dyndns_update is false this has no effect. This will override the TTL "
@@ -8364,12 +8410,12 @@ msgid "Default: 1200 (seconds)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:177 sssd-ad.5.xml:902
+#: sssd-ipa.5.xml:177 sssd-ad.5.xml:905
 msgid "dyndns_iface (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:180 sssd-ad.5.xml:905
+#: sssd-ipa.5.xml:180 sssd-ad.5.xml:908
 msgid ""
 "Optional. Applicable only when dyndns_update is true. Choose the interface "
 "or a list of interfaces whose IP addresses should be used for dynamic DNS "
@@ -8393,17 +8439,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:197 sssd-ad.5.xml:916
+#: sssd-ipa.5.xml:197 sssd-ad.5.xml:919
 msgid "Example: dyndns_iface = em1, vnet1, vnet2"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:203 sssd-ad.5.xml:967
+#: sssd-ipa.5.xml:203 sssd-ad.5.xml:970
 msgid "dyndns_auth (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:206 sssd-ad.5.xml:970
+#: sssd-ipa.5.xml:206 sssd-ad.5.xml:973
 msgid ""
 "Whether the nsupdate utility should use GSS-TSIG authentication for secure "
 "updates with the DNS server, insecure updates can be sent by setting this "
@@ -8411,7 +8457,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:212 sssd-ad.5.xml:976
+#: sssd-ipa.5.xml:212 sssd-ad.5.xml:979
 msgid "Default: GSS-TSIG"
 msgstr ""
 
@@ -8421,7 +8467,7 @@ msgid "ipa_enable_dns_sites (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:221 sssd-ad.5.xml:210
+#: sssd-ipa.5.xml:221 sssd-ad.5.xml:213
 msgid "Enables DNS sites - location based service discovery."
 msgstr ""
 
@@ -8438,7 +8484,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:244 sssd-ad.5.xml:922
+#: sssd-ipa.5.xml:244 sssd-ad.5.xml:925
 msgid "dyndns_refresh_interval (integer)"
 msgstr ""
 
@@ -8451,12 +8497,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:940
+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:943
 msgid "dyndns_update_ptr (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:263 sssd-ad.5.xml:943
+#: sssd-ipa.5.xml:263 sssd-ad.5.xml:946
 msgid ""
 "Whether the PTR record should also be explicitly updated when updating the "
 "client's DNS records.  Applicable only when dyndns_update is true."
@@ -8475,50 +8521,50 @@ msgid "Default: False (disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:280 sssd-ad.5.xml:954
+#: sssd-ipa.5.xml:280 sssd-ad.5.xml:957
 msgid "dyndns_force_tcp (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:283 sssd-ad.5.xml:957
+#: sssd-ipa.5.xml:283 sssd-ad.5.xml:960
 msgid ""
 "Whether the nsupdate utility should default to using TCP for communicating "
 "with the DNS server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:287 sssd-ad.5.xml:961
+#: sssd-ipa.5.xml:287 sssd-ad.5.xml:964
 msgid "Default: False (let nsupdate choose the protocol)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:293 sssd-ad.5.xml:982
+#: sssd-ipa.5.xml:293 sssd-ad.5.xml:985
 msgid "dyndns_server (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:296 sssd-ad.5.xml:985
+#: sssd-ipa.5.xml:296 sssd-ad.5.xml:988
 msgid ""
 "The DNS server to use when performing a DNS update. In most setups, it's "
 "recommended to leave this option unset."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:301 sssd-ad.5.xml:990
+#: sssd-ipa.5.xml:301 sssd-ad.5.xml:993
 msgid ""
 "Setting this option makes sense for environments where the DNS server is "
 "different from the identity server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:306 sssd-ad.5.xml:995
+#: sssd-ipa.5.xml:306 sssd-ad.5.xml:998
 msgid ""
 "Please note that this option will be only used in fallback attempt when "
 "previous attempt using autodetected settings failed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1000
+#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1003
 msgid "Default: None (let nsupdate choose the server)"
 msgstr ""
 
@@ -8629,26 +8675,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:443 sssd-ad.5.xml:1009
+#: sssd-ipa.5.xml:443 sssd-ad.5.xml:1012
 msgid "krb5_confd_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:446 sssd-ad.5.xml:1012
+#: sssd-ipa.5.xml:446 sssd-ad.5.xml:1015
 msgid ""
 "Absolute path of a directory where SSSD should place Kerberos configuration "
 "snippets."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:450 sssd-ad.5.xml:1016
+#: sssd-ipa.5.xml:450 sssd-ad.5.xml:1019
 msgid ""
 "To disable the creation of the configuration snippets set the parameter to "
 "'none'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454 sssd-ad.5.xml:1020
+#: sssd-ipa.5.xml:454 sssd-ad.5.xml:1023
 msgid ""
 "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
 msgstr ""
@@ -8667,7 +8713,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471 sssd-ipa.5.xml:501 sssd-ipa.5.xml:517 sssd-ad.5.xml:428
+#: sssd-ipa.5.xml:471 sssd-ipa.5.xml:501 sssd-ipa.5.xml:517 sssd-ad.5.xml:431
 msgid "Default: 5 (seconds)"
 msgstr ""
 
@@ -9087,11 +9133,13 @@ msgid ""
 "POSIX attributes are not replicated to the Global Catalog, SSSD must search "
 "all the domains in the forest sequentially. Please note that the "
 "<quote>cache_first</quote> option might be also helpful in speeding up "
-"domainless searches."
+"domainless searches.  Note that if only a subset of POSIX attributes is "
+"present in the Global Catalog, the non-replicated attributes are currently "
+"not read from the LDAP port."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:105
+#: sssd-ad.5.xml:108
 msgid ""
 "Users, groups and other entities served by SSSD are always treated as case-"
 "insensitive in the AD provider for compatibility with Active Directory's "
@@ -9099,38 +9147,38 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:120
+#: sssd-ad.5.xml:123
 msgid "ad_domain (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:123
+#: sssd-ad.5.xml:126
 msgid ""
 "Specifies the name of the Active Directory domain.  This is optional. If not "
 "provided, the configuration domain name is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:128
+#: sssd-ad.5.xml:131
 msgid ""
 "For proper operation, this option should be specified as the lower-case "
 "version of the long version of the Active Directory domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:133
+#: sssd-ad.5.xml:136
 msgid ""
 "The short domain name (also known as the NetBIOS or the flat name) is "
 "autodetected by the SSSD."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:140
+#: sssd-ad.5.xml:143
 msgid "ad_enabled_domains (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:143
+#: sssd-ad.5.xml:146
 msgid ""
 "A comma-separated list of enabled Active Directory domains.  If provided, "
 "SSSD will ignore any domains not listed in this option. If left unset, all "
@@ -9138,7 +9186,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:153
+#: sssd-ad.5.xml:156
 #, no-wrap
 msgid ""
 "ad_enabled_domains = sales.example.com, eng.example.com\n"
@@ -9146,7 +9194,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:149
+#: sssd-ad.5.xml:152
 msgid ""
 "For proper operation, this option must be specified in all lower-case and as "
 "the fully qualified domain name of the Active Directory domain. For example: "
@@ -9154,19 +9202,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:157
+#: sssd-ad.5.xml:160
 msgid ""
 "The short domain name (also known as the NetBIOS or the flat name) will be "
 "autodetected by SSSD."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:167
+#: sssd-ad.5.xml:170
 msgid "ad_server, ad_backup_server (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:170
+#: sssd-ad.5.xml:173
 msgid ""
 "The comma-separated list of hostnames of the AD servers to which SSSD should "
 "connect in order of preference. For more information on failover and server "
@@ -9174,26 +9222,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:177
+#: sssd-ad.5.xml:180
 msgid ""
 "This is optional if autodiscovery is enabled.  For more information on "
 "service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:182
+#: sssd-ad.5.xml:185
 msgid ""
 "Note: Trusted domains will always auto-discover servers even if the primary "
 "server is explicitly defined in the ad_server option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:190
+#: sssd-ad.5.xml:193
 msgid "ad_hostname (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:193
+#: sssd-ad.5.xml:196
 msgid ""
 "Optional. May be set on machines where the hostname(5) does not reflect the "
 "fully qualified name used in the Active Directory domain to identify this "
@@ -9201,19 +9249,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:199
+#: sssd-ad.5.xml:202
 msgid ""
 "This field is used to determine the host principal in use in the keytab. It "
 "must match the hostname for which the keytab was issued."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:207
+#: sssd-ad.5.xml:210
 msgid "ad_enable_dns_sites (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:214
+#: sssd-ad.5.xml:217
 msgid ""
 "If true and service discovery (see Service Discovery paragraph at the bottom "
 "of the man page)  is enabled, the SSSD will first attempt to discover the "
@@ -9224,12 +9272,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:230
+#: sssd-ad.5.xml:233
 msgid "ad_access_filter (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:233
+#: sssd-ad.5.xml:236
 msgid ""
 "This option specifies LDAP access control filter that the user must match in "
 "order to be allowed access. Please note that the <quote>access_provider</"
@@ -9238,7 +9286,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:241
+#: sssd-ad.5.xml:244
 msgid ""
 "The option also supports specifying different filters per domain or forest. "
 "This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>.  "
@@ -9247,7 +9295,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:249
+#: sssd-ad.5.xml:252
 msgid ""
 "If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</"
 "quote> specifies the domain or subdomain the filter applies to.  If the "
@@ -9256,14 +9304,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:257
+#: sssd-ad.5.xml:260
 msgid ""
 "Multiple filters can be separated with the <quote>?</quote> character, "
 "similarly to how search bases work."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:262
+#: sssd-ad.5.xml:265
 msgid ""
 "Nested group membership must be searched for using a special OID "
 "<quote>:1.2.840.113556.1.4.1941:</quote> in addition to the full DOM:domain."
@@ -9276,7 +9324,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:275
+#: sssd-ad.5.xml:278
 msgid ""
 "The most specific match is always used. For example, if the option specified "
 "filter for a domain the user is a member of and a global filter, the per-"
@@ -9285,7 +9333,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ad.5.xml:286
+#: sssd-ad.5.xml:289
 #, no-wrap
 msgid ""
 "# apply filter on domain called dom1 only:\n"
@@ -9303,24 +9351,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:305
+#: sssd-ad.5.xml:308
 msgid "ad_site (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:308
+#: sssd-ad.5.xml:311
 msgid ""
 "Specify AD site to which client should try to connect.  If this option is "
 "not provided, the AD site will be auto-discovered."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:319
+#: sssd-ad.5.xml:322
 msgid "ad_enable_gc (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:322
+#: sssd-ad.5.xml:325
 msgid ""
 "By default, the SSSD connects to the Global Catalog first to retrieve users "
 "from trusted domains and uses the LDAP port to retrieve group memberships or "
@@ -9329,7 +9377,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:330
+#: sssd-ad.5.xml:333
 msgid ""
 "Please note that disabling Global Catalog support does not disable "
 "retrieving users from trusted domains. The SSSD would connect to the LDAP "
@@ -9338,12 +9386,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:344
+#: sssd-ad.5.xml:347
 msgid "ad_gpo_access_control (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:347
+#: sssd-ad.5.xml:350
 msgid ""
 "This option specifies the operation mode for GPO-based access control "
 "functionality: whether it operates in disabled mode, enforcing mode, or "
@@ -9353,14 +9401,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:356
+#: sssd-ad.5.xml:359
 msgid ""
 "GPO-based access control functionality uses GPO policy settings to determine "
 "whether or not a particular user is allowed to logon to a particular host."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:362
+#: sssd-ad.5.xml:365
 msgid ""
 "NOTE: The current version of SSSD does not support host (computer) entries "
 "in the GPO 'Security Filtering' list. Only user and group entries are "
@@ -9368,7 +9416,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:369
+#: sssd-ad.5.xml:372
 msgid ""
 "NOTE: If the operation mode is set to enforcing, it is possible that users "
 "that were previously allowed logon access will now be denied logon access "
@@ -9381,23 +9429,23 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:382
+#: sssd-ad.5.xml:385
 msgid "There are three supported values for this option:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:386
+#: sssd-ad.5.xml:389
 msgid ""
 "disabled: GPO-based access control rules are neither evaluated nor enforced."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:392
+#: sssd-ad.5.xml:395
 msgid "enforcing: GPO-based access control rules are evaluated and enforced."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:398
+#: sssd-ad.5.xml:401
 msgid ""
 "permissive: GPO-based access control rules are evaluated, but not enforced.  "
 "Instead, a syslog message will be emitted indicating that the user would "
@@ -9405,22 +9453,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:409
+#: sssd-ad.5.xml:412
 msgid "Default: permissive"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:412
+#: sssd-ad.5.xml:415
 msgid "Default: enforcing"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:418
+#: sssd-ad.5.xml:421
 msgid "ad_gpo_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:421
+#: sssd-ad.5.xml:424
 msgid ""
 "The amount of time between lookups of GPO policy files against the AD "
 "server. This will reduce the latency and load on the AD server if there are "
@@ -9428,12 +9476,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:434
+#: sssd-ad.5.xml:437
 msgid "ad_gpo_map_interactive (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:437
+#: sssd-ad.5.xml:440
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the InteractiveLogonRight and "
@@ -9441,14 +9489,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:443
+#: sssd-ad.5.xml:446
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Allow "
 "log on locally\" and \"Deny log on locally\"."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:457
+#: sssd-ad.5.xml:460
 #, no-wrap
 msgid ""
 "ad_gpo_map_interactive = +my_pam_service, -login\n"
@@ -9456,7 +9504,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:448
+#: sssd-ad.5.xml:451
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -9468,78 +9516,78 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:461 sssd-ad.5.xml:557 sssd-ad.5.xml:603 sssd-ad.5.xml:648
-#: sssd-ad.5.xml:714
+#: sssd-ad.5.xml:464 sssd-ad.5.xml:560 sssd-ad.5.xml:606 sssd-ad.5.xml:651
+#: sssd-ad.5.xml:717
 msgid "Default: the default set of PAM service names includes:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:465
+#: sssd-ad.5.xml:468
 msgid "login"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:470
+#: sssd-ad.5.xml:473
 msgid "su"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:475
+#: sssd-ad.5.xml:478
 msgid "su-l"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:480
+#: sssd-ad.5.xml:483
 msgid "gdm-fingerprint"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:485
+#: sssd-ad.5.xml:488
 msgid "gdm-password"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:490
+#: sssd-ad.5.xml:493
 msgid "gdm-smartcard"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:495
+#: sssd-ad.5.xml:498
 msgid "kdm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:500
+#: sssd-ad.5.xml:503
 msgid "lightdm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:505
+#: sssd-ad.5.xml:508
 msgid "lxdm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:510
+#: sssd-ad.5.xml:513
 msgid "sddm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:515
+#: sssd-ad.5.xml:518
 msgid "unity"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:520
+#: sssd-ad.5.xml:523
 msgid "xdm"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:529
+#: sssd-ad.5.xml:532
 msgid "ad_gpo_map_remote_interactive (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:532
+#: sssd-ad.5.xml:535
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the RemoteInteractiveLogonRight and "
@@ -9547,7 +9595,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:538
+#: sssd-ad.5.xml:541
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Allow "
 "log on through Remote Desktop Services\" and \"Deny log on through Remote "
@@ -9555,7 +9603,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:553
+#: sssd-ad.5.xml:556
 #, no-wrap
 msgid ""
 "ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n"
@@ -9563,7 +9611,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:544
+#: sssd-ad.5.xml:547
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -9575,22 +9623,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:561
+#: sssd-ad.5.xml:564
 msgid "sshd"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:566
+#: sssd-ad.5.xml:569
 msgid "cockpit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:575
+#: sssd-ad.5.xml:578
 msgid "ad_gpo_map_network (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:578
+#: sssd-ad.5.xml:581
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the NetworkLogonRight and "
@@ -9598,7 +9646,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:584
+#: sssd-ad.5.xml:587
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Access "
 "this computer from the network\" and \"Deny access to this computer from the "
@@ -9606,7 +9654,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:599
+#: sssd-ad.5.xml:602
 #, no-wrap
 msgid ""
 "ad_gpo_map_network = +my_pam_service, -ftp\n"
@@ -9614,7 +9662,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:590
+#: sssd-ad.5.xml:593
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -9626,22 +9674,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:607
+#: sssd-ad.5.xml:610
 msgid "ftp"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:612
+#: sssd-ad.5.xml:615
 msgid "samba"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:621
+#: sssd-ad.5.xml:624
 msgid "ad_gpo_map_batch (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:624
+#: sssd-ad.5.xml:627
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the BatchLogonRight and DenyBatchLogonRight "
@@ -9649,14 +9697,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:630
+#: sssd-ad.5.xml:633
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Allow "
 "log on as a batch job\" and \"Deny log on as a batch job\"."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:644
+#: sssd-ad.5.xml:647
 #, no-wrap
 msgid ""
 "ad_gpo_map_batch = +my_pam_service, -crond\n"
@@ -9664,7 +9712,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:635
+#: sssd-ad.5.xml:638
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -9676,17 +9724,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:652
+#: sssd-ad.5.xml:655
 msgid "crond"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:661
+#: sssd-ad.5.xml:664
 msgid "ad_gpo_map_service (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:664
+#: sssd-ad.5.xml:667
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access "
 "control is evaluated based on the ServiceLogonRight and "
@@ -9694,14 +9742,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:670
+#: sssd-ad.5.xml:673
 msgid ""
 "Note: Using the Group Policy Management Editor this value is called \"Allow "
 "log on as a service\" and \"Deny log on as a service\"."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:683
+#: sssd-ad.5.xml:686
 #, no-wrap
 msgid ""
 "ad_gpo_map_service = +my_pam_service\n"
@@ -9709,7 +9757,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:675 sssd-ad.5.xml:750
+#: sssd-ad.5.xml:678 sssd-ad.5.xml:753
 msgid ""
 "It is possible to add a PAM service name to the default set by using <quote>"
 "+service_name</quote>.  Since the default set is empty, it is not possible "
@@ -9720,19 +9768,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:693
+#: sssd-ad.5.xml:696
 msgid "ad_gpo_map_permit (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:696
+#: sssd-ad.5.xml:699
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access is "
 "always granted, regardless of any GPO Logon Rights."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:710
+#: sssd-ad.5.xml:713
 #, no-wrap
 msgid ""
 "ad_gpo_map_permit = +my_pam_service, -sudo\n"
@@ -9740,7 +9788,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:701
+#: sssd-ad.5.xml:704
 msgid ""
 "It is possible to add another PAM service name to the default set by using "
 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -9752,39 +9800,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:718
+#: sssd-ad.5.xml:721
 msgid "polkit-1"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:723
+#: sssd-ad.5.xml:726
 msgid "sudo"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:728
+#: sssd-ad.5.xml:731
 msgid "sudo-i"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:733
+#: sssd-ad.5.xml:736
 msgid "systemd-user"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:742
+#: sssd-ad.5.xml:745
 msgid "ad_gpo_map_deny (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:745
+#: sssd-ad.5.xml:748
 msgid ""
 "A comma-separated list of PAM service names for which GPO-based access is "
 "always denied, regardless of any GPO Logon Rights."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:758
+#: sssd-ad.5.xml:761
 #, no-wrap
 msgid ""
 "ad_gpo_map_deny = +my_pam_service\n"
@@ -9792,12 +9840,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:768
+#: sssd-ad.5.xml:771
 msgid "ad_gpo_default_right (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:771
+#: sssd-ad.5.xml:774
 msgid ""
 "This option defines how access control is evaluated for PAM service names "
 "that are not explicitly listed in one of the ad_gpo_map_* options. This "
@@ -9810,57 +9858,57 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:784
+#: sssd-ad.5.xml:787
 msgid "Supported values for this option include:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:788
+#: sssd-ad.5.xml:791
 msgid "interactive"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:793
+#: sssd-ad.5.xml:796
 msgid "remote_interactive"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:798
+#: sssd-ad.5.xml:801
 msgid "network"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:803
+#: sssd-ad.5.xml:806
 msgid "batch"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:808
+#: sssd-ad.5.xml:811
 msgid "service"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:813
+#: sssd-ad.5.xml:816
 msgid "permit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:818
+#: sssd-ad.5.xml:821
 msgid "deny"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:824
+#: sssd-ad.5.xml:827
 msgid "Default: deny"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:830
+#: sssd-ad.5.xml:833
 msgid "ad_maximum_machine_account_password_age (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:833
+#: sssd-ad.5.xml:836
 msgid ""
 "SSSD will check once a day if the machine account password is older than the "
 "given age in days and try to renew it. A value of 0 will disable the renewal "
@@ -9868,17 +9916,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:839
+#: sssd-ad.5.xml:842
 msgid "Default: 30 days"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:845
+#: sssd-ad.5.xml:848
 msgid "ad_machine_account_password_renewal_opts (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:848
+#: sssd-ad.5.xml:851
 msgid ""
 "This option should only be used to test the machine account renewal task. "
 "The option expects 2 integers separated by a colon (':'). The first integer "
@@ -9888,12 +9936,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:857
+#: sssd-ad.5.xml:860
 msgid "Default: 86400:750 (24h and 15m)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:866
+#: sssd-ad.5.xml:869
 msgid ""
 "Optional. This option tells SSSD to automatically update the Active "
 "Directory DNS server with the IP address of this client. The update is "
@@ -9904,19 +9952,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:896
+#: sssd-ad.5.xml:899
 msgid "Default: 3600 (seconds)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:912
+#: sssd-ad.5.xml:915
 msgid ""
 "Default: Use the IP addresses of the interface which is used for AD LDAP "
 "connection"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:925
+#: sssd-ad.5.xml:928
 msgid ""
 "How often should the back end perform periodic DNS update in addition to the "
 "automatic update performed when the back end goes online.  This option is "
@@ -9926,12 +9974,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:948 sss_rpcidmapd.5.xml:76
+#: sssd-ad.5.xml:951 sss_rpcidmapd.5.xml:76
 msgid "Default: True"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:1040
+#: sssd-ad.5.xml:1043
 msgid ""
 "The following example assumes that SSSD is correctly configured and example."
 "com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -9939,7 +9987,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:1047
+#: sssd-ad.5.xml:1050
 #, no-wrap
 msgid ""
 "[domain/EXAMPLE]\n"
@@ -9954,7 +10002,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:1067
+#: sssd-ad.5.xml:1070
 #, no-wrap
 msgid ""
 "access_provider = ldap\n"
@@ -9963,7 +10011,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:1063
+#: sssd-ad.5.xml:1066
 msgid ""
 "The AD access control provider checks if the account is expired.  It has the "
 "same effect as the following configuration of the LDAP provider: "
@@ -9971,7 +10019,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:1073
+#: sssd-ad.5.xml:1076
 msgid ""
 "However, unless the <quote>ad</quote> access control provider is explicitly "
 "configured, the default access provider is <quote>permit</quote>. Please "
@@ -9981,15 +10029,15 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:1081
+#: sssd-ad.5.xml:1084
 msgid ""
 "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
 "attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
 "are included in the default Active Directory schema."
 msgstr ""
 
-#. type: Content of: <reference><refentry><refmeta><refentrytitle>
-#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 sssd-session-recording.5.xml:10
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16
 msgid "sssd-sudo"
 msgstr ""
 
@@ -10299,14 +10347,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sssd.8.xml:101
-#, fuzzy
-#| msgid ""
-#| "<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</"
-#| "replaceable>"
 msgid "<option>--logger=</option><replaceable>value</replaceable>"
 msgstr ""
-"<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</"
-"replaceable>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd.8.xml:105
@@ -10504,7 +10546,7 @@ msgid "The password to obfuscate will be read from standard input."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:70
+#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:127
 #: sss_ssh_knownhostsproxy.1.xml:78
 msgid ""
 "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
@@ -12521,19 +12563,99 @@ msgid ""
 "\" id=\"0\"/>"
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sss_ssh_authorizedkeys.1.xml:65
+msgid "KEYS FROM CERTIFICATES"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:67
+msgid ""
+"In addition to the public SSH keys for user <replaceable>USER</replaceable> "
+"<command>sss_ssh_authorizedkeys</command> can return public SSH keys derived "
+"from the public key of a X.509 certificate as well."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:73
+msgid ""
+"To enable this the <quote>ssh_use_certificate_keys</quote> option must be "
+"set to true (default) in the [ssh] section of <filename>sssd.conf</"
+"filename>. If the user entry contains certificates (see "
+"<quote>ldap_user_certificate</quote> in <citerefentry><refentrytitle>sssd-"
+"ldap</refentrytitle> <manvolnum>5</manvolnum></citerefentry> for details) or "
+"there is a certificate in an override entry for the user (see "
+"<citerefentry><refentrytitle>sss_override</refentrytitle> <manvolnum>8</"
+"manvolnum></citerefentry> or <citerefentry><refentrytitle>sssd-ipa</"
+"refentrytitle> <manvolnum>5</manvolnum></citerefentry> for details) and the "
+"certificate is valid SSSD will extract the public key from the certificate "
+"and convert it into the format expected by sshd."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:90
+msgid "Besides <quote>ssh_use_certificate_keys</quote> the options"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+#: sss_ssh_authorizedkeys.1.xml:92
+msgid "ca_db"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+#: sss_ssh_authorizedkeys.1.xml:93
+msgid "p11_child_timeout"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+#: sss_ssh_authorizedkeys.1.xml:94
+msgid "certificate_verification"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:96
+msgid ""
+"can be used to control how the certificates are validated (see "
+"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry> for details)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:101
+msgid ""
+"The validation is the benefit of using X.509 certificates instead of SSH "
+"keys directly because e.g. it gives a better control of the lifetime of the "
+"keys. When the ssh client is configured to use the private keys from a "
+"Smartcard with the help of a PKCS#11 shared library (see "
+"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></"
+"citerefentry> for details) it might be irritating that authentication is "
+"still working even if the related X.509 certificate on the Smartcard is "
+"already expired because neither <command>ssh</command> nor <command>sshd</"
+"command> will look at the certificate at all."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:114
+msgid ""
+"It has to be noted that the derived public SSH key can still be added to the "
+"<filename>authorized_keys</filename> file of the user to bypass the "
+"certificate validation if the <command>sshd</command> configuration permits "
+"this."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_authorizedkeys.1.xml:75
+#: sss_ssh_authorizedkeys.1.xml:132
 msgid ""
 "Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_authorizedkeys.1.xml:84 sss_ssh_knownhostsproxy.1.xml:92
+#: sss_ssh_authorizedkeys.1.xml:141 sss_ssh_knownhostsproxy.1.xml:92
 msgid "EXIT STATUS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:86 sss_ssh_knownhostsproxy.1.xml:94
+#: sss_ssh_authorizedkeys.1.xml:143 sss_ssh_knownhostsproxy.1.xml:94
 msgid ""
 "In case of success, an exit value of 0 is returned. Otherwise, 1 is returned."
 msgstr ""
@@ -12734,25 +12856,65 @@ msgid ""
 "manvolnum> </citerefentry>."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-files.5.xml:69
+msgid "passwd_files (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:72
+msgid ""
+"Comma-separated list of one or multiple password filenames to be read and "
+"enumerated by the files provider, inotify monitor watches will be set on "
+"each file to detect changes dynamically."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:78
+#, fuzzy
+#| msgid "Default: 3"
+msgid "Default: /etc/passwd"
+msgstr "默认： 3"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-files.5.xml:84
+msgid "group_files (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:87
+msgid ""
+"Comma-separated list of one or multiple group filenames to be read and "
+"enumerated by the files provider, inotify monitor watches will be set on "
+"each file to detect changes dynamically."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:93
+#, fuzzy
+#| msgid "Default: 3"
+msgid "Default: /etc/group"
+msgstr "默认： 3"
+
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-files.5.xml:59
 msgid ""
-"The files provider has no specific options of its own, however, generic SSSD "
-"domain options can be set where applicable.  Refer to the section "
-"<quote>DOMAIN SECTIONS</quote> of the <citerefentry> <refentrytitle>sssd."
-"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page "
-"for details on the configuration of an SSSD domain."
+"In addition to the options listed below, generic SSSD domain options can be "
+"set where applicable.  Refer to the section <quote>DOMAIN SECTIONS</quote> "
+"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> manual page for details on the configuration of "
+"an SSSD domain.  <placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-files.5.xml:73
+#: sssd-files.5.xml:105
 msgid ""
 "The following example assumes that SSSD is correctly configured and files is "
 "one of the domains in the <replaceable>[sssd]</replaceable> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-files.5.xml:79
+#: sssd-files.5.xml:111
 #, no-wrap
 msgid ""
 "[domain/files]\n"
@@ -13521,7 +13683,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-session-recording.5.xml:16
+#: sssd-session-recording.5.xml:10 sssd-session-recording.5.xml:16
 msgid "sssd-session-recording"
 msgstr ""
 
@@ -13565,10 +13727,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-session-recording.5.xml:60
-#, fuzzy
-#| msgid "These options can be used to configure any service."
 msgid "These options can be used to configure the session recording."
-msgstr "这些选项可被用于配置任何服务。"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-session-recording.5.xml:146
@@ -14374,7 +14534,7 @@ msgstr ""
 #: include/failover.xml:100
 msgid ""
 "For LDAP-based providers, the resolve operation is performed as part of an "
-"LDAP connection operation. Thefore, also the <quote>ldap_opt_timeout></"
+"LDAP connection operation. Therefore, also the <quote>ldap_opt_timeout></"
 "quote> timeout should be set to a larger value than "
 "<quote>dns_resolver_timeout</quote> which in turn should be set to a larger "
 "value than <quote>dns_resolver_op_timeout</quote>."
@@ -15212,6 +15372,23 @@ msgstr ""
 msgid "ldap_use_tokengroups = true"
 msgstr ""
 
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ad_modified_defaults.xml:63
+msgid "ldap_sasl_authid = sAMAccountName@REALM (typically SHORTNAME$@REALM)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ad_modified_defaults.xml:66
+msgid ""
+"The AD provider looks for a different principal than the LDAP provider by "
+"default, because in an Active Directory environment the principals are "
+"divided into two groups - User Principals and Service Principals. Only User "
+"Principal can be used to obtain a TGT and by default, computer object's "
+"principal is constructed from its sAMAccountName and the AD realm. The well-"
+"known host/hostname@REALM principal is a Service Principal and thus cannot "
+"be used to get a TGT with."
+msgstr ""
+
 #. type: Content of: <refsect1><para>
 #: include/ipa_modified_defaults.xml:4
 msgid ""